Accenture HealthPS Information Governance the Foundation for Effective E-Health

8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health

1/28


2/28


3/28

1

Introduction:

e-Health and information governance

e-health

Around the world, health careproviders and public healthorganizations are makingunprecedented investments ine-health. The aim: to improve patientand public health outcomes byimproving the accessibility and qualityof health care services, while drivingdown costs.

To achieve these strategic imperatives,organizations are implementing a

range of e-health solutions, including:

Health care management systems,which use reporting, analytics andprocess optimization solutions toimprove the performance of back-office, business and clinical processes

Patient-centric e-health solutions,which empower patients to managetheir health more effectively

Telemedicine systems, which support

the remote delivery of health careservices

Electronic prescribing systems,

which enable clinicians to create andtransmit electronic prescriptions todispensing organizations

Health information systems, whichstore and provide clinicians withaccess to information related topatients health, diagnosis and careprovisions

Integrated e-health solutions

Standalone e-health systems deliver

clinical and administrative benefitsbut do not enable organizations torealize the full potential of e-health.To deliver the greatest possiblevalue in terms of cost reduction andimproved health outcomes, disparatehealth care management systems,telemedicine solutions and healthinformation platforms must be ableto securely and effectively share data.Doing so requires health networksthat connect public health agencies,provider organizations, hospitals,clinics, diagnostic laboratories, healthservice commissioners and individualclinicians.

To achieve this level of integration,

some organizations have investedheavily in integrated healthinformation solutions. Thesesolutions are becoming increasinglycommon and are known by variousmonikers: Patient Care Records (PCR),Computer-based Medical Records(CMR), Electronic Patient Records(EPR), Summary Care Records (SCR),Electronic Medical Records (EMR) orElectronic Health Records (EHR).

Accenture has identified three core

types of integrated health informationsystem:

Intra-enterprise EMR

These solutions enable clinical andadministrative systems within a publicor private health care provider toshare patient-identifiable informationin support of clinical processes. Adefining characteristic of this solutiontype is that data is not electronicallyshared outside organizational

boundaries.


4/28

2

Inter-enterprise EMR

These solutions enable multiple healthcare enterprises to share patient-identifiable clinical and administrativeinformation in support of clinicalprocesses. Examples include HealthInformation Exchanges (HIE) andRegional Health Information Networks

(RHIN). A defining characteristic of aninter-enterprise EMR is that limiteddata is electronically shared outsideorganizational boundaries.

Full EHR

These solutions contain all relevanthealth information for an individualincluding clinical, administrative,claims, wellness, demographic andtreatment data, from diverse providers,public health organizations and

payers (where relevant). A definingcharacteristic of a full EHR is thatall data is routinely shared outsideorganizational boundariesincluding,in some cases, with organizations notparticipating in the EHR.

For the purposes of this paper, we useEHR as an umbrella term referringto all types of integrated healthinformation systems.

The benefits of EHR

As health systems around the worldgrapple with burgeoning costs,increasing demand and growingpatient expectations for high-quality,personalized care, organizationsare turning to EHR to improve thequality and accessibility of health careservices, while also reducing the cost.EHR deliver these benefits by:

Providing clinicians with electronicaccess to comprehensive medical

records that include clinical data frommultiple providers and episodes ofcare. This access enables personalizedtreatment plans, supports evidence-based clinical decision making, reducesthe risk of medical and prescriptionerrors, supports seamless care acrosscare settings and reduces the costof sharing medical records amongproviders.

Connecting health care providersthrough health networks. Suchintegration improves the accessibilityof specialist care by enablingclinical data and images to be sentelectronically to specialists anddiagnostic laboratories for assessment.This enhances care quality by

encouraging provider-to-providerconsultations to support diagnosisand clinical decision making. Healthnetworks also reduce the cost ofcare because fewer providers requirededicated diagnostic laboratories andspecialists.

Enabling decision makers andresearchers to access large amountsof patient non-identifiable clinicaldata. Information discovery or data

mining solutions and clinical andbusiness analytics platforms canuse this information to generateinsight to drive improvements inprocess efficiency, care quality andcare management. Anonymizedor pseudonymized EHR data canalso improve the efficiency andeffectiveness of clinical research(for example, if used in clinicaltrials). Moreover, EHR data can beused for epidemiological analysisand biosurveillance, thereby helping

improve the effectiveness of diseasemanagement, public health campaignsand preventative health strategies.

The case for information

governance

While the importance and benefitsof sharing health information arewidely recognized, organizations havestruggled to implement effectiveEHR solutions. Complex technical,

organizational, regulatory andcultural challenges have increasedimplementation risks and led torelatively high solution failure rates.

Ultimately, many of these challengesare related to information governance.

Information governancetheprocesses, functions, standardsand technologies that enable highquality information to be created,stored, communicated, valued andused effectively and securely insupport of an organizations strategicgoalsis the key to ensuring effective

and secure e-Health. e-Healthpractitioners must be aware ofcritical information governancechallenges when planning, designingand implementing systems. Suchawareness is crucial to maximizingthe clinical and administrativevalue of EHR and reducingimplementation and delivery risk.

By embracing the breadth ofinformation governance, e-health

practitioners can develop effectivepolicies, processes and toolsthat support the enterprise-wideadoption of common informationprinciples. This consolidatedapproach to information governanceenables health care organizationsto effectively manage, maintainand control patient information insupport of robust patient care.


5/28

3

Interoperability

Achieving interoperability without openor common national or internationalstandards is proving to be a majorchallenge. Increasingly, organizationsare focusing on standards development,standards-driven architectures, translationor terminology services, and certificationservices to achieve partial interoperability.Full semantic interoperability remainsuncommon.

Data integrity

Maintaining the meaning, structure and

other characteristics of clinical data whenit is stored, modified, processed andcommunicated between systems is a majorchallenge, particularly in highly distributedenvironments.

Access control

Controlling access to clinical data andenabling patients and providers todetermine who can access data areimportant technical challenges. Legaland regulatory restrictions on access toclinical data mean that EHR require robustaccess control solutions and permissioningregimes.

Security

Preventing unauthorized access to clinicaldata, ensuring the availability of servicesand maintaining network integrityare particularly difficult in distributedmultisystem environments.

Data handling

Health regulators, watchdogs and self-implemented best practices requireproviders to implement stringentdata handling policies. In many cases,compliance requires organizations toinvest in mandatory data handling training,

establish enterprise-wide data risk andmonitoring functions, and develop andenforce certified data handling policies.

Data quality

Ensuring that data in an EHR is accurate,meaningful and internally consistent isextremely important. Poor quality dataaffects patient safety, limits the clinical andadministrative value of EHR and underminesprocess and care quality improvementsbased on clinical analytics. Ensuring dataquality is a major challenge in complexmultisystem environmentsparticularlywhen subsystems use noninteroperablestandards and clinical terminologies.

Consent

Developing and implementing effectiveconsent models to meet patients andclinicians expectations have proveddifficult. Patients and regulators reasonablyexpect consent models to focus onprotecting data privacy and confidentialityby restricting the use and disseminationof information. Such restrictions can limitthe clinical value of EHR; clinicians maybe unable to access medical informationrelevant to diagnosis or treatment. Findingand articulating the consent basis fordata sharing is critically important to EHRsuccess.

Compliance

Although legal and regulatory requirementsvary across countries, compliance withprivacy, confidentiality, data security, dataloss, data protection, data handling andaudit regulations remains an importantissue for all health care organizations.Organizations must manage informationrisks effectively in accordance withtheir legal and regulatory obligations.Addressing compliance requires acoordinated approach across organizations.

Enabling IT organizations to collaborateeffectively with legal departments,clinicians and administrators to design andimplement systems and processes thatensure compliance is a common issue forhealthcare organizations.

Critical Information Governance Challenges

Information governance defined

Information governance encompasses

the processes, functions, standards and

technologies that enable high quality

information to be created, stored,

communicated, valued and used effectively

and securely in support of an organizations

strategic goals.


6/28

4

The Accenture Information Governance

Framework for Health

To address these critical

challenges, high-performance health care

organizations are developing

information governance

functions as part of their

overall IT governance

framework.

The key to successful information

governance is building aneffective information governancearchitecturea layer of processes,functions, policies and solutionsthat ensure the effective and securecreation, storage, communication,valuation and use of information.Effective information governancearchitectures integrate disparateinformation, security, accesscontrol and content managementarchitectures and include legal,clinical, administrative and IT workstreams.

The Accenture Information GovernanceFramework for Health providesa holistic model of informationgovernancehelping practitionersassess and overcome key challenges bydesigning more effective informationgovernance architectures. Developedby Accenture professionals anddrawing on what we have learnedthrough e-health implementations

around the world, the frameworkdisaggregates information governanceinto five highly interrelated disciplines:

Data privacy

Data confidentiality

Data security

Data quality

Data integrity

Each discipline has multiple solutioncomponentsthat is, the mostimportant processes, functions andtechnologies within an information

governance architecture that enableorganizations to overcome the criticalchallenges they face.

Using the Accenture InformationGovernance Framework we areworking with organizations to developspecific tools tailored to their needs.These toolkits consist of directcontrols, risk assessment frameworksand other components to makeinformation governance a tangible partof their organization. These toolkits

enable organizations to focus onproviding patient care while enablingcompliance with patient, regulatoryand legislative requirements.


7/28

5

Information GovernanceDisciplines

Information Governance SolutionComponents

Data PrivacyPatient consent models and mechanisms

Patient-provider relationship-based access controls

Patient access controls

Effective data security and data handling policies

Data Confidentiality Role-based access control models

Patient and provider record sealing

Identification and authentication

Anonymization and pseudonymization

Data Security Message integrity and communications security

Event audit and alerting

IT security audit

Network integrity

Data Quality Error correction

Data validation

System and interface certification

Standards driven architecture

Data Integrity Code integrity

System hardening

Interoperability governance

Standards-driven architecture and standards management

Figure 1: Information Governance


8/28

6

Data privacyFor regulators, watchdogs, legislativebodies, patients, patient advocatesand the public, data privacythat is,ensuring patients medical data can beaccessed only with their consentisthe most important issue associatedwith e-health and EHR. Failure toconvince these stakeholders thatdata in e-health systems is privateincreases implementation, complianceand reputational risk. To ensuredata privacy, effective informationgovernance architectures must includefour components:

Patient consent models and

mechanisms

High-level frameworks that outline

how and in what circumstancesorganizations will seek patientconsent for their medical data to bestored, disseminated, accessed andused. Patient consent mechanismsare authorization or permissioningregimes that are part of EHR accesscontrol models. These mechanismsallow patients to specify which partsof their medical records they do notwish particular user groups to have fullaccess to.

Patient-provider relationship-based

access controls

Solutions that restrict access to aspecified patients medical data basedon an existing relationship betweenthe patient and the clinician or careprovider requesting access to thatpatients data.


Solutions that provide patientswith secure access to their medical

data. Access control solutions havethree key elements: registration,authentication and authorization.

Effective data security and data

handling policies

Policies that minimize informationsecurity risk and prevent unauthorizedaccess to information by placingpatient interest at the center ofinformation governance policy andby encouraging desirable behaviorsamong users.

Data confidentialityEnsuring the confidentiality of datain e-health systems by preventingunauthorized access to and improperuse of information is an importantpart of information governance.The goal: to minimize informationsecurity risks (such as data loss andunauthorized or inappropriate use anddissemination of information), therebyreducing compliance and reputationalrisks and protecting data privacy.Ensuring that data in e-health systemsis confidential requires a range ofsecurity solutions that monitor, restrictand prevent unauthorized accessto information. Moreover, solutionsshould be able to obscure patientsidentity when data from their medical

record is used for purposes other thandelivery of care. To help ensure dataconfidentiality, effective informationgovernance architectures must includefour components:

Role-based access control models

Access levels, permissioning andauthorization regimes, and accesscontrols that are based on complexreal-world job functions (roles) andpatient-provider relationships.

Patient and provider record sealing

Solutions that enable patients andproviders to restrict or prevent accessto information compartments inmedical records.


These solutions enable the robustauthentication of health careprofessionals to health care systems,as well as the linking of real-worldidentity to system identity, to ensure

that only authorized users can accesspatient data.

Anonymization and pseudonymization

Solutions that obscure patients'identities by modifying patient-identifiable clinical data whilemaintaining data quality. Thus, thedata can be used for secondarypurposes without compromisingconfidentiality.

Data securityData privacy, confidentiality, qualityand integrity depend on the abilityof e-health systems to maintain datasecurity. Moreover, the security ofclinical data is a major compliancechallenge for organizations aslegislative and regulatory bodiescontinue to develop increasinglystringent guidelines and certificationprocesses. Ensuring the security ofdata in e-health systems requireshealth care enterprises to developsecurity architectures that proactivelymanage security risks, effectivelyidentify and prioritize threats, andrapidly address vulnerabilities. Tohelp ensure data security, effectiveinformation governance architectures

must have four components:

Message integrity and

communications security

Solutions that maintain the integrityof data transferred between systemsin messages and prevent unauthorizedaccess to and/or modification ofmessages.

Event audit and alerting

Functionality that enables systemsto monitor, log and report security-

relevant events.

IT security audit

Manual and automatic processes thattest and evaluate the effectivenessof solutions information securitymeasures.

Network integrity

Solutions that enable networks tomaintain expected functionality,performance and service availability

despite unexpected events, such assecurity threats and spikes in demand.


9/28

7

Data qualityHigh-quality data is meaningful,accurate and internally consistent;it can be used for its intendedpurpose. Poor-quality clinical datain e-health systems affects patientsafety, quality of care and useradoption. It also increases complianceand implementation risks. However,ensuring data quality is a majorchallengeparticularly in complex,multisystem environments in whichsubsystems do not share commontechnical, data, communicationor terminology standards. The keyto ensuring data quality in theseenvironments is to develop solutionswith intelligent data handlingfunctionality and to implement

standardized interfaces and datamodels that enable subsystems toshare information more effectively.With that in mind, effectiveinformation governance architecturesmust include four components:

Error correction

Manual and automatic processesthat detect and correct errors ininformation efficiently and effectively.

Data validation

Validation rules that verify that dataconforms to a set of specificationsregarding format, quality, integrity,accuracy and structure.

System and interface certification

Roles, processes and solutions thatverify that systems and interfacesconform to specifications defined byregulators and Standards DevelopmentOrganizations (SDOs).

Standards-driven architectureSystem architectures that leverageopen standards for the recording andcoding of data, thereby promotinga high level of data quality throughsimilar data processing across multiplecomponent systems.

Data integrityData integrity refers to the validity,accuracy and reliability of data after ithas been stored, transferred, retrievedor processed. Failure to ensure theintegrity of clinical data has an adverseaffect on data quality, system flexibilityand performance. To maintain dataintegrity, the infrastructure underlyinge-health systems must maintain dataquality and characteristics (format,meaning, rules, relationships andlatency, for example) during suchoperations as storage, retrieval,communication and transfer. Dataintegrity can be affected by a rangeof factors. Among them: unauthorizedmodification of data, poor-qualitysource code and noninteroperable

subsystems. To address these issues,effective information governancearchitectures must include fourcomponents:

Code integrity

Processes that test source code toeliminate bugs that may result in dataloss or data corruption during datastorage or transfer.

System hardening

Periodic or ongoing processes that

reduce security risks by evaluating theeffectiveness of security architectures,identifying security risks andundertaking security improvements.


A function that works acrossorganizational and information silosto develop and enforce commonstandards, protocols and processesto enable syntactic, semantic and/orprocess interoperability.

Standards-driven architecture and

standards management

A standards-driven systemarchitecture conforms to open orcommon messaging, infrastructure,communication, application, dataand clinical terminology standards.Standards management includes theroles, processes and solutions thatdevelop, manage and enforce commontechnical, communication, messagingand data standards that enable

subsystems to share information moreeffectively.

We describe the Accenture

Information Governance

Framework for Health in

more detail in separate

paperseach discussing

one of the disciplines

and associated solutioncomponents and outlining a

number of e-health planning

and implementation

recommendations for health

care organizations.


10/28

8

Developing Effective Information

Governance: Next StepsWhether a health care

organization is considering,implementing or operating

advanced e-health solutions,

designing and implementing

a successful information

governance architecture can

be a daunting task.

Information governance challengesaffect every part of the health careenterprise and developing effective

solutions requires collaborationacross organizational silos, functionsand information systems. Based onAccenture research and experiencefrom e-health implementationsaround the world, we believe thereare four initial steps toward effectiveinformation governance:

Conduct a comprehensive

risk assessment and gap

analysis of current information

governance provisionsMost healthcare organizations havea range of existing informationgovernance provisions acrossinformation and organizational silos.This potentially fragmented anddisjointed approach to informationgovernance can make it difficultfor organizations to develop a clearunderstanding of how effective andefficient their information governanceprovisions are and the information risks

they face. Health care organizationsshould conduct a comprehensiverisk assessment and gap analysis toenable a single enterprise-wide view ofinformation governance performanceand information risks. Using astructured approach to informationgovernance, such as the AccentureInformation Governance Framework forHealth, organizations should create aconsolidated inventory of informationgovernance provisions, build a model to

assess their performance and developstrategies to address weaknessesand improve information governanceperformance.

Identify, analyze, evaluate

and prioritize informationgovernance challenges

For a health care organization,the second step toward improvedinformation governance is developingdetailed insight into the informationgovernance challenges it faces. Thisrequires a comprehensive programinvolving IT, legal, clinical andadministrative functions to:

Identify a broad range of current

and future compliance, security,data quality and system integrationchallenges.

Analyze these challenges to developa detailed understanding of their rootcauses.

Evaluate the impact thesechallenges are having or are likely tohave on quality of care, efficiency,costs, strategic priorities, theworkforce, and administrative and

clinical processes.

Prioritize the challenges based ontheir likely impact and the ability ofthe organization to address them.

Design solutions and develop

strategies to address these

challenges

Once a health care organizationhas a detailed understanding of theinformation governance challenges

it faces, it should develop high-level strategies and design solutionsto address these challenges. Anorganization should conceive ofthese solutions and strategiesas components of an integratedinformation governance architecture.The ultimate goal: creating anefficient, effective and sustainableinformation governance function aspart of a comprehensive IT governanceframework. In most cases, informationgovernance challenges cut acrossinformation and organizational silos.Thus, solution design and strategydevelopment must be collaborativeprocesses that involve IT, legal,clinical, administrative and strategic

functionspossibly from different

organizations.

Develop a detailed

implementation plan

Developing the right implementationplan up front is the key to minimizingimplementation risk, ensuring long-term stakeholder engagement,reducing the cost of implementationand developing effective informationgovernance. In clinical environments,solution implementation can be

challenging, especially if programsdisrupt processes integral to thedelivery of care or impose new ways ofworking on clinicians. Implementationplans should include:

A high level of detail aroundtargets, benchmarks, critical successfactors, timetables, release schedules,reporting, coordinating activity andimplementation management roles forspecific programs and work streams.

A long-term clinical changemanagement plan that includescommunications strategies andprograms that support clinicaltransformation, process re-engineering,user acceptance and training to supportspecific work streams.

A comprehensive systemsintegration plan; from a technicalperspective, it should define howinformation governance solutionswill be integrated into organizations

systems architectures, how solutionswill be procured efficiently and howintegration programs will be managed.

Realize the benefits of

effective information

governance

A consolidated enterprise-wideinformation governance architecturewill improve data quality and datasecurity. This will enable health careorganizations to address patientsconcerns over data privacy, ensurecompliance with regulatory andlegislative requirements, maximize theclinical and administrative benefits ofEHR and increase physician adoption.


11/28

Appendix:11

Appendix

Data privacy


Data security

Data quality

Data integrity


12/28

Appendix:2

Data privacy

OverviewRegulators, watchdogs, legislative

bodies, patients, patient advocatesand the public expect patient-identifiable data in e-healthsystems to remain private. Inpractice, data privacy requiresorganizations to ensure thatpatient-identifiable data isdisseminated and used inaccordance with patients wishesand that access is based onpatient consent. To help protectdata privacy, organizations mustimplement policies and processesthat enable patients to authorizeand restrict access to identifiabledata in e-health systems.

Data privacy requires sophisticated,consent-based access controlmodels and permissioning regimes.

These solutions should enablepatients to define fine-grainedaccess controls based on flexibleaccess levels that can be grantedto a range of user groups. Thisenables patients to determinewho is able to access whatdata in their medical records.

To help ensure the privacyof data in e-health systems,effective information governance

architectures must include fourcomponents:

Patient consent models andmechanisms

Patient-provider relationship-based access controls


Effective data security and datahandling policies

Patient consent models and

mechanismsDue to the sensitive nature of clinicaldata and the prevalence of stringentdata privacy guidelines, patient consentshould be the prime access control ine-health systems. Electronic patient-identifiable data should be created,accessed and used only with patientconsent. However, developing effectiveconsent models that meet patient,clinician and public expectations hasproved to be a major challenge.

In broad terms, there are two types ofconsent models:

Opt-in modelsin which patient dissentis assumed and patients must proactivelyconsent for their medical data to be storedelectronically, accessed or used. In somecases patient consent will be assumeduntil withdrawn while in others it will betime limited or renewed at each clinicalencounter or episode of care.

Opt-out modelsin which patientconsent is assumed and patients mustproactively dissent for their medical data

not to be stored electronically, accessedor used. Patients are usually informed howtheir data will be used and are invitedto opt out if they do not wish for theirmedical data to be used in such a way.

Organizations should be aware of the

trade-offs involved in choosing oneconsent model over another. Opt-in modelsusually give patients more control over theuse of their medical data. Consequently,opt-in models tend to strengthendata privacy and reduce opposition toEHR from patients, regulators and thepublic. However, opt-out models oftenincrease the number of patients whosemedical data is stored electronically.Opt-out models may also reduce patient-mandated restrictions on the use ofdata in support of clinical processesintegral to care delivery and screening

and surveillance programs, as well asepidemiological and clinical research. Asa result, opt-out models may maximizethe clinical benefits of e-health.

In practice, many health care organizationsadopt a hybrid approach in which anopt-out model is adopted for certainfunctions, such as creating electronicmedical data, and an opt-in model isadopted for others, such as sharing andusing medical data. While hybrid modelsmay enable health care organizations tocapture some of the benefits and avoid

some of the pitfalls of using either modelexclusively, they can also be extremelycomplicated. This complexity can lead toscalability problems, high implementationrisk stemming from project management

and system complexity, increased

cost, and confusion among clinicians,administrators, patients and the public.

Patients may wish to restrict access toparts of their medical record to limitthe dissemination of very sensitiveinformation or if they are concerned thattheir medical data may be compromised.As a result, patient consent mechanismsshould be part of EHR access controlmodels. Patient consent mechanisms areauthorization or permissioning regimesthat allow patients to specify parts oftheir medical record that they do not

want particular user groups to have fullaccess to. Patients should be able todefine multiple access levels to particularcompartments of information that can beapplied to a range of user groups. Figure1 illustrates some example access levels,information compartments and usergroups that may be part of fine-grainedpatient consent mechanisms within aconsent-based access control model.


13/28

Appendix:3

Figure 1: Possible elements of a patient consent mechanism

Access levels/permissions Information compartments User groups

Information is not visible to usergroup

Information is visible to, but cannotbe accessed by, user group

Information can be accessed by usergroup but only with patient consent

When information is accessed by usergroup, an alert is generated

Information can be accessed byuser group, but authorization istime limited and must be renewedperiodically

Any freeform data in a medicalrecord

Data related to a particular medicalspecialty (such as psychiatry,oncology or neurology)

Demographic data

Data associated with a specificepisode of care

Information on chronic conditionsand underlying health problems

Prognostic information

Pharmaceutical and non-pharmaceutical treatmentinformation

Individual clinicians

Clinical workgroups or departments

Provider administrators

Public health organizations

Researchers

Central management functions

Patient proxies

Patient-provider relationship-

based access controlsTo protect patient privacy, access topatient-identifiable clinical information ine-health systems should be based on anexisting relationship between the patientand the clinician or provider requestingaccess. Clinicians or providers not involvedin the delivery of care services to thepatient should be unable to access thepatients clinical information withoutexplicit consent. Moreover, cliniciansand providers should only have access toinformation necessary for them to fulfill

their clinical responsibilities. For example,a psychiatrist may not require access toinformation on a patients surgical history;likewise, a pharmacist may not requireaccess to a patients critical care record.

Protecting patient privacy requires accesscontrol models and solutions that restrictaccess to information and functionalitybased on real-world patient-providerrelationships. These relationships areoften very complex and, as a result,e-health systems require fine-grainedpermissioning and authorization regimes.

These permissioning and authorizationregimes should be part of sophisticated,role-based access control models thatrestrict access to clinical informationbased on real-world job functionsand patient-provider relationships.


Solutions that provide patients withsecure access to their medical data arebecoming an increasingly importantpart of e-health systems. Effectivepatient access controls are particularlyimportant for Internet-based patientportals. Allowing patients to access theirmedical records improves the accuracy andcompleteness of information in EHR whileempowering patients to manage theirhealth more effectively and contributeto clinical decision-making processes .

Access control solutions have three keyelements: registration, authentication andauthorization:

Registration enables patients to createand manage user accounts that areassociated with access rights. By linkinguser accounts through a single sign-onsystem, patients can access medicalinformation in disparate systems withoutcreating multiple user accounts.

Authentication verifies patients identity

and confirms that user accounts arelegitimate. Authentication factors includeusername and password, digital certificate,security token and biometric identifiers,such as thumbprints. Two-factorauthentication, which requires patients toprove their identities using two differentfactors, is used to reduce security anddata privacy risks.

Authorization grants user accountsaccess rights and allows or rejects accessrequests based on these access rights. Inmost cases, these rights enable patients to

access all their medical information held ina system, excluding information sealed byclinicians or administrators.


14/28

Appendix:4

Effective data security and

data handling policies

Organizations data collection, datahandling, data security and datasharing policies should minimizeinformation security risks and preventunauthorized use of information

by encouraging desirable behaviorsamong clinicians and administrators.Desirable behaviors include:

Collecting, storing and sharingdata securely using appropriatesecurity technologies, such asencrypted storage devices andsecure communication channels.

Minimizing the risk of data loss ormisuse by maintaining the ef fectiveness ofaccess controlsfor example, not sharingpasswords and ensuring that passwordsmeet certain criteria. Proactivelyidentifying and minimizing securityand confidentiality risksfor example,printing information only when absolutelynecessary, disposing of hard copiessecurely, anonymizing or pseudonymizingdata where possible and removingsoftware that may compromise security,such as peer-to-peer programs.

Reporting security breaches andunauthorized or improper use ofinformation.

Restricting physical access to hardware

including laptops, desktops, mobile devicesand cell phonesthat store or enable usersto access sensitive data.

Educating other users to raise awarenessof data security and data confidentialityrisks and encouraging them to adoptbehaviors that minimize these risks.

RecommendationsImplementing effective data privacysolutions has proved to be a majorchallenge for health care organizationsaround the world. Designing solutionsthat meet the expectations of regulators,clinicians, administrators, managers,patients, the public, politicians andother stakeholders is the most commonchallenge. However, organizations tendto concentrate on the technical andclinical aspects of data privacy whileneglecting the strategic, organizationaland cultural dimensions. From Accenturesresearch and experience from e-healthimplementations around the world, webelieve that to address these issues,health care organizations implementing

an e-health systems should:

Consult clinicians, patients

and the public whendesigning consent models

Designing consent models should bea transparent, collaborative processinvolving a broad range of stakeholders.By adopting a collaborative approach,organizations design more effectiveconsent models that are fit for purpose.Further, by engaging stakeholders earlyin the process, organizations reduceresistance from patients, cliniciansand regulators. This reduces the riskof subsequentand expensivesystem

changes to access controls and dataprivacy solutions.

Communicate the purpose

of data privacy measures to

clinicians and patients

Organizations should develop ef fectivecommunication strategies to ensure thatclinicians and patients understand whyand how data privacy will be maintained.

Communication strategies shoulddemonstrate organizations commitmentto data privacy and the effectiveness ofdata privacy solutions while convincingclinicians and other stakeholders that dataprivacy controls will not reduce the clinicalvalue of e-health.

Educate patients so they

understand data privacy controls

For consent-based access controls to beeffective, patients must be able to makeinformed judgments regarding data use.

At a minimum, patients should understandhow their medical data will be used, howwidely it will be disseminated and whatthe benefits and potential drawbacksare. Patients should also understandthe processes through which they canrestrict and authorize access to data.


15/28

Appendix:5


16/28

Appendix:6


OverviewPreventing unauthorized access to

and use of information in e-healthsystems is a major challenge forhealth care organizations. Ensuringthe confidentiality and securityof electronic medical data isbecoming increasingly difficult asmobile networks, Internet-basedpatient and provider portals, health2.0 technologies and health databanks become more common.Moreover, as EHR become morewidespread, health care regulatorsand watchdogs are focusingunprecedented attention on dataconfidentiality.

Maintaining the confidentiality ofdata in e-health systems requiresa range of solutions that prevent

the unauthorized collection,storage, use and dissemination ofinformation. Data confidentialitysolutions are designed to preventunauthorized access to informationby enforcing access restrictionsand permissions defined by patientsthrough consent-based accesscontrol models.

To ensure the confidentiality ofinformation in e-health systems,effective information governance

architectures must include fourcomponents:

Role-based access control models

Patient and provider recordsealing


Anonymization andpseudonymization

Role-based access control

modelsTo ensure that users have access to theinformation and functionality they requirewithout compromising data confidentiality,access control models should reflectcomplex, real-world job functions andpatient-provider relationships. To thatend, access control models should enablepatients to restrict or authorize accessby granting permissions to user groupsbased on their actual job function orrole. In most cases, role-based accesscontrol models must be quite detailed

so that very specific permissions can begranted to individuals or small workgroupsbased on their roles. Permissions not onlydefine what information a user can seeand access, but they also determine howthis information can be used and whatfunctionality the user can access .

The figure below demonstrates asimplified role-based access control modelbased on a range of patient-providerrelationships and roles. Each user grouprequires a set of permissions enablingthem to access relevant information and

functionality directly related to theirrole and relationship with the patient.For example, clinicians delivering acute-care services require access to high-levelclinical information that may directly

affect treatment plans and clinical

decision making. On the other hand,clinicians involved in specialist carerequire access to more detailed clinicalinformation related to their area ofspecialty across a number of care episodes.

Patient and provider record

sealingTo ensure that patient consent is theprime access control in e-health systems,patients must be able to seal parts oftheir medical record so clinicians andadministrators outside a particular

workgroup cannot access them. The sealedinformation compartments may or may notbe visible to users outside the authorizedworkgroup. This enables patients tocontrol access to sensitive informationin their medical recordthereby helpingto reduce privacy concerns and patientopposition to EHR. However, patientrecord sealing can have a detrimentalimpact on the clinical value of e-healthand may even affect patient safety.

To maintain data confidentiality incertain circumstances, clinicians and

administrators may have to restrictor prevent access to informationcompartments in patients medical records.Such action is usually necessary whena medical record contains informationrelated to a third party that

cannot be disseminated. Systems and

users must be able to identify records thatcontain confidential information abouta third party and restrict access to thisinformation. The ability to seal recordsshould be granted only to a limited numberof users. Further, guidelines should makeclear under what circumstances recordsshould be sealed.

Identification and

authenticationAlso critical to data confidentiality:effective provider access controls that

enable clinicians and administratorsto securely access information ine-health systems and that monitor andprevent unauthorized access and use ofinformation. e-Health systems shouldhave effective access control solutionsthat enable the robust authenticationof health care professionals to healthcare systems, and the linking of real-world identity to system identity. Suchcontrols help ensure that only authorizedusers can access patient data. Thesesolutions should support fine-grainedrole-based access control models and

must also meet stringent regulatoryrequirements regarding data management,data protection and information audit.Compliance requires systems to monitorand log access request, logins andactivity so audit trails can be generated.


17/28

Appendix:7

Healthcare

Professional

Permissions:Users can access, modify and useinformation on current medications, pastmedications and abuse/response history,as well as pharmaceutical records

Clinical workgroup:

Pharmacy

Permissions:Users can only accessadministrative datarelevant to appointmentbooking and outpatientmanagement

Administrative

workgroup:

Primary careclinic

Permissions:Users can access, modifyand use information onpast psychiatricconditions, session notes,hospitalizations andpsychiatric treatments

Clinical

workgroup:

Psychiatriccare

Permissions:Users can access, modifyand use information onpatients critical history,major surgeries, chronicand/or current conditionsand abnormalities

Clinical

workgroup:

Emergencycare

Permissions:Users can grantpermissions to other usergroups and access entiremedical record exceptcompartments sealed byphysicians

Individual:

Patient proxy

Permissions:Users can only accessadministrative datarelated to a singlehospital admission

Administrative

workgroup:

Hospitalinpatientmanagement

Permissions:Users can access patientsentire medical record,modify data anddisseminate information toother health careproviders.

Individual:

Generalpractitioner

Figure 1: A simplified role-based access control model

Access control solutions have three key

elements: registration, authentication andauthorization:

Registration creates user accountsfor clinicians and administrators. Theseaccounts are linked to access rights.Registration can be a complex processin multisystem and multienterprisearchitectures with role-based accesscontrol models. Users may require morethan one user account to access differentsystems. Whats more, each user accountmay have different access rights andpermissions depending on the type of

information and system involved. Linkinguser accounts through a single-sign-onsystem can improve usability; users mustlog in only once to access a number ofdifferent systems. However, a single-sign-on capability alone does not addressthe underlying technical complexity ofregistration in multisystem environments.

Authentication verifies the identity

of clinicians and administrators andconfirms that user accounts are legitimate.Most health care organizations mustmeet stringent regulatory requirementsregarding authentication. Complianceusually requires systems to employmultifactor authentication in which usersprove their identities using at least twoauthentication factors, such as password,personal identification number (PIN),biometric identifier, security token, smartcard and ID card. Mobile and telemedicinee-health solutions require very strongauthentication to ensure the security of

information communicated across wirelessnetworks and the Internet.

Authorization grants access r ightsto user accounts. It also restricts orauthorizes access to systems based onthese access rights. In a fine-grained role-based access control model, access rightsare granted to user groups defined bytheir real-world job-functions or patientrelationships. To ensure system flexibility,authorization solutions should enableadministrators to efficiently add andremove users permissions and modify or

create new access levels.

Anonymization and

PseudonymizationWhen medical data is used for secondarypurposes other than delivery of healthcare services, patients identity must beobscured to maintain data confidentiality.The seven principal levels of dataobscuration (see Figure 2) range fromclear, patient-identifiable data toanonymized data. The required level isusually determined by regulators basedon local data privacy guidelines and isinfluenced by a range of factors, includingdata use and scope of dissemination.


18/28

Appendix:8

RecommendationsThere are a range of technical challengesassociated with implementing effectivedata confidentiality solutions acrosscomplex architectures in distributedenvironments. However, vendors, systemsintegrators and health care organizationsare developing effective solutions toaddress these issues. Increasingly, themost important challenges organizationsface when implementing dataconfidentiality solutions are related toorganizational and process issues. FromAccentures research and experience frome-health implementations around theworld, we believe health care organizationsimplementing e-health systems should:

Implement processes that

enable IT, legal, clinical and

administrative functions to work

together effectively in developing

data handling policies and role-

based access control models

Effective data handling policies and

access controls should conform and beadapted to meet regulatory and local legalrequirements and reduce informationsecurity risks while minimizing disruptionto clinical and administrative processes. Ifdata handling policies and access controlshave a significant impact on clinicaland administrative processes, users areunlikely to adopt desirable behaviors,care quality may suffer and processes arelikely to become less efficient. To avoidthese problems, organizations shouldenable stakeholders from across theorganization to collaborate in designing

access controls. If IT and legal teamsdesign and implement access controlsin an organizational vacuum, thosecontrols are likely to be less effectiveand cost more than those developedthrough a collaborative approach.

Develop processes and solutions

to manage and report data

breaches effectively

The financial, organizational, reputationaland regulatory consequences of dataloss and misuseincluding litigation,fines imposed by regulators, a collapsein patient confidence, and data

corruptioncan be very serious for healthcare organizations. To minimize theimpact of data confidentiality failures,organizations should implement effectiveprocesses to manage and report databreaches. In many countries, regulatorsspecify reporting requirements. However,organizations should go beyond simplyreporting data breaches; they shouldalso develop an integrated mechanismto proactively manage such breaches.These solutions detect and analyzebreaches as quickly as possible to mitigatetheir impact on patient confidentialitywhile identifying vulnerabilities thatcan be addressed immediately.


19/28

Figure 2: Seven levels of data obscuration

Levels of data obscuration Possible purposes/uses within health care systems

Level 1Patient identifiable data, also known as clear data.

Clinical processes involved in the delivery of healthcare services

Surveillance and screening

Caseload management

Level 2Codification of informationextracts codified oraggregate information from patient-identifiable data.

Provider-level clinical governance processes,including clinical audit and clinician performancemanagement

Distributing activity or patient-based funding

Claims processing

Level 3Two-way linkable pseudonymizationreplacesunique identifiers, such as patient name or identifier,

with a pseudonym, usually a code or number,from which a patients identity cannot be inferred.Two-way pseudonymization allows an authorisedhealthcare professional to translate pseudonymsto patient identifiers. Linking pseudonymsenables the whole-patient view to be maintainedwithin the pseudonymized information.

Enterprise and clinical performance management

Clinical audit

Administrative patient management processes

Clinical process optimization

Level 4Two-way pseudonymizationsimilar to two way linkablepseudonymization but does not enable the whole-

patient view to be maintained within the pseudonymizedinformation.

Level 5One-way linkable pseudonymizationone-waypseudonymization is irreversible because pseudonymsare generated in such a way that patients cannot bereidentified from them. Linking pseudonyms enablesthe whole-patient view to be maintained within thepseudonymized information.

Service delivery planning, evaluation andoptimization

Reporting and analytics

Epidemiological research

Clinical research

Compliance with freedom of information andother transparency and accountability legislation

Level 6

One-way pseudonymizationsimilar to one-waylinkable pseudonymization but does not enable thewhole-patient view to be maintained within thepseudonymizsed information.

Level 7Anonymizationremoves all unique identifiers and patientidentifiable information from data. Anonymization is notreversible and anonymized data cannot be linked to otherdata.

Appendix:9


20/28

Appendix:10


communications securityMaintaining the validity of datatransferred between systems in messagesis critical to ensuring data integrity.Effective communications securitysolutions prevent message corruption,reduce the risk of data loss and helporganizations meet data securityrequirements by ensuring message securityand integrity. These solutions prevent anddetect unauthorized access to messages;encrypt and authenticate messages; andenable automatic message validation.

Event audit and alertingTo ensure compliance with stringent auditrequirements and maintain data qualityand integrity by preventing unauthorizedaccess, an EHR should monitor, logand report security relevant events.Such events include access requests,database queries, logins, configurationchanges, file and network access, firewallreporting, attempted violation of accesscontrol rules, and the modification andcommunication of restricted information.

When security-relevant events occur, the

system should automatically generatealerts. As part of ongoing vulnerabilitymanagement and compliance programs,IT organizations should develop effectivesecurity alert management processesto ensure that legal, clinical andadministrative functions are aware ofpotential risks. Increasing awareness ofsecurity risks across the organization helpsto increase system security by drivingchanges in users behavior and datahandling processes and policies.

IT security auditHealth care organizations should conductperiodic IT security audits to ensurethat data is properly protected fromunauthorized access, that all relevantsecurity threats and vulnerabilities havebeen identified, and that data handlingprocesses are correctly configured tominimize security risks . IT security auditsmay be conducted by a third party andtypically include a number of components.Among them: compliance verification,security standards certification, securityassessments, penetration testing and

user awareness testing. In some cases,regulators also require organizations toinclude a number of certified assessmentsin their IT security audits.

Network integrity

Data security can be affected bynetwork integrity and resiliencethat is,a networks ability to deliver expectedfunctionality, performance and serviceavailability during unexpected events.Networks should be resilient enough tocontinue operating as designed regardlessof security threats, spikes in demand orother incidents. This level of networkresilience ensures the availability ofprocesses and services that maintaindata security across the network. Further,high network resilience reduces therisk of data corruption and data lossas a result of service unavailability andinterruption during data transmission;helping to maintain data quality andintegrity. Network integrity solutionsshould promote network resilience byautomatically detecting and addressingsecurity threats and unwanted networktraffic; preserving network bandwidthby managing and prioritizing legitimatetraffic; and generating reports onnetwork performance to help networkadministrators and decision makersmanage networks more effectively.

OverviewData security has a significant

impact on data privacy,confidentiality, quality andintegrity. Compliance withstringent data privacy andconfidentiality guidelines ispossible only if organizationscan prevent unauthorized accessto and dissemination of data ine-health systems. The qualityand integrity of information ine-health systems depends on theirability to prevent unauthorizeddata modification, as well asdata corruption. If information ine-health systems is poor qualityor lacks integrity, it diminishesthe clinical and administrativevalue of the solution. In thosecircumstances, paper-based records

and processes cannot be replaced;clinical process improvementsdriven by clinical analytics and

reporting cannot be achieved;and care quality gains based onthe implementation of decisionsupport tools cannot be realized.

Ensuring data security requireshealth care enterprises to developsecurity architectures thatproactively manage security risks,effectively identify and prioritizethreats and rapidly addressvulnerabilities. To help ensure the

privacy, confidentiality, quality andintegrity of information by enablingsecure data collection, datasharing and data management,effective information governancearchitectures must include fourcomponents:

Message integrity andcommunications security

Event audit and alerting IT security audit

Network integrity

Data security


21/28

Device

eg. PC, Tablet,Smart Phone

Device

eg. PC, Tablet,Smart PhoneUser User

Data Created Data Transmitted Data Consumed

Network

Patient information

accessed by healthcare

professional

Ensure that communication

messages are securely

created, and can not be

changed or compromised

Application events

which process patient

information have robust

audit points

Resilient and protected

network infrastructure

Network agnostic technologies

considered for the protection of

data in transit

Communications processing

points keep a log of inbound

and outbound communications

Application events which process

patient information have robust

audit points

Holistic approach to regular IT

Security Audit based uponagreed and accepted standards


communications security

Event Audit and Alerting

IT Security audit

Network integrity

Patient information

created by healthcare

professional

Appendix:11

Figure 1: Four Components of data security

RecommendationsA health care enterprises securityarchitecture plays a vital role inmaintaining data privacy, confidentiality,quality and integrity by identifying andaddressing security risks and vulnerabilitiesefficiently and ef fectively. However, datasecurity is not just a technical issue;users behavior, organizations corporatestrategy and changing market conditionsare often major factors in creating orexacerbating information security risks .From Accentures research and experiencefrom e-health implementations around

the world, we believe that organizationsshould as a minimum take the followingactions to help ensure data security:

Launch a proactive and

comprehensive data security

assessmentTo ensure that data in e-healthsystems is secure, organizations musthave an accurate and comprehensiveunderstanding of current and potentialsecurity risks and vulnerabilities. A datasecurity assessment should deliver adetailed inventory of all data assetsand should document current datamanagement practices, regulatory

requirements and key vulnerabilities,

along with the probability and possibleimpact of threats. The aim of a datasecurity assessment is to developa risk-based view of data assets, astrategic awareness of vulnerabilitiesand threats, a clear understanding ofthe severity of impacts and a foundationfor investment in data security.

Ensure adequate audit

capabilitiesTo reduce compliance and reputationalrisk, an EHR should automatically

monitor and record all permissionchanges, data errors, access requests,data transfers, alterations to medicalrecords and data breaches. With thismonitoring and recording, organizationscan efficiently and effectively developdetailed audit trails should the needarise. Failure to implement adequateautomated capabilities increases the costof complying with auditing requirementsin certification criteria. Inadequateauditing can also significantly impair anorganizations ability to maintain dataquality and integrity as access controls

and security measures are less effective.

Develop a comprehensive

change program to drive usercompliance with data handling

and IT security policies

To minimize security risks, all users mustfollow data security and data handlingpolicies. However, driving changes inclinicians behavior and making trainingstick can be major challenges. Clinicalchange management can be difficult.Compounding the challenge:Normalchange management strategieseventhose based on best practices for

organizations outside health careareoften ineffective. To address theseissues, health care organizations shoulddevelop long-term change programsthat target changes in organizationalculture and user attitudes toward securityand confidentiality. It is important fororganizations to engage senior cliniciansearly on to act as change championsencouraging the clinical workforce tofollow data security policies.

For more information on Accenture'sdata security solutions see

www.accenture.com/security


22/28

Appendix:12

OverviewHigh-quality data is meaningful,accurate, internally consistent

and can be used for its intendedpurpose. Failure to maintain thequality of data in e-health systemscan:

Reduce patient safety if, forexample, treatment plans arebased on erroneous test results orprescription data is inaccurate

Affect quality of care if clinicalsystems that support evidence-

based medicine and enablephysicians to develop morepersonalized treatment plans,such as Clinical Decision SupportSystems (CDSS) and ComputerPhysician Order Entry systems(CPOE), are less effective

Reduce user adoptionrates because clinicians andadministrators continue to usepaper-based records to avoid errorsresulting from poor data quality

Adversely affect the performanceand effectiveness of informationdiscovery, clinical and performanceanalytics, business intelligence,reporting and audit platforms

Ensuring data quality is a majorchallengeespecially in distributedenvironments in which subsystems

do not use common technical,data, communication, messaging orterminology standards. To overcomethis challenge, organizationscan implement solutions withintelligent data handling anddata management functionalitythat identify data errors and

poor quality data. Organizationscan also improve data qualityby enabling subsystems to shareinformation more effectivelythrough standardized dataarchitectures and interfaces. Tohelp ensure high-quality datain e-health systems informationgovernance architectures mustinclude four components:

Error correction

Data validation

System and interface

certification

Standards-driven architecture

Data quality

Error correction

Errors within an EHR occur for a varietyof reasons, including data-entry errors byusers, use of poor translation lexicons andineffective data migration. An EHR shouldhave effective processes for detectingand correcting errors. Such processes helpminimize the impact of errors on clinicaland operational risk, patient safety andcare quality. Stringent data quality regimesthat minimize user-generated errors at thepoint of entry and robust data migrationtesting procedures can reduce theprobability of errors occurringenablingorganizations to focus resources on

correcting errors.

Systems may be able to detect someerrors automatically through sophisticateddata validation rules, error checking andevent and exception handling routines;however, in many cases, critical errorsare related to the accuracy of data andare difficult to detect automatically.When automatic error detection fails,users must attempt to detect errorsmanually. CDSS and CPOE systemsmay help clinicians to identify errorsby highlighting logical inconsistencies

in medical data and generatingalerts to highlight possible errors.

To ensure that errors can be correctedefficiently, organizations should have

standardized correction policies andprocesses. These processes should enableusers to manage system alerts eff icientlyand to report and correct errors as quicklyas possible. They should also log all errorsand ensure that all alterations to patientsmedical data are recorded. Further, thesechanges should be either visible or flaggedso other users are aware data has beenchanged to correct an error. For auditpurposes, when alterations are madeto medical information, systems shouldrecord the identity of users who makechanges, as well as the time, date andreason for those alterations.

Data validation

Solutions should validate clinicaland administrative data in an EHR toensure it is meaningful, complete andsecure. Whether entered by users orcommunicated from other systems,information in an EHR should conform toa set of specifications or validation rules.

Validation rules should ensure data isformatted and structured correctly anduses a compatible language, ontologyand terminology. They should also checkthat the characteristics of datameaning,rules, relationships, latencyare intact.Clinical applications should also have

some capacity to validate the accuracy ofinformation through manual and electronicprocesses that reconcile data and highlightlogical inconsistencies in information.


23/28

Appendix:13

System and interface

certificationAs countries around the world movetoward regional and national EHR,regulators are becoming more prescriptiveregarding the adoption of open standards,system capability and flexibility, clinicalapplication functionality and data

quality. Moreover, under pressure fromregulators, organizations are increasinglyusing standards developed by health carestandards development organizations(SDOs)such as HL7 and openEHRtoenable interoperability, minimize costs andreduce implementation risks. To ensurecompliance with SDO specifications andregulatory requirements, organizationsshould develop strong system certificationand interface certification programs.Based on regulatory requirements andSDO specifications, these certif icationprograms design and execute tests toverify compliance and identify requiredsystem changes.

System certification programs mayverify the compliance of a range ofhardware and software components,standards, processes and policies toevaluate system characteristics, suchas security, performance, availability,data management, functionality andinteroperability. Interface certificationprograms use detailed specifications,usually based on SDO specifications,to verify the compliance of interfacesbetween systems and applications. Theseprograms verify that interfaces conformto a series of interoperability and datamanagement standards that enablethem to transfer information effectivelybetween systems.

Standards-driven architectureData quality in e-health systems isaffected by the ability of subsystems toshare information effectively. To achievesemantic and/or syntactic interoperability,e-Health systems require a system

architecture that leverages open standardsfor the recording and coding of data.Standardized data architectures promotea high level of data quality by enforcingcommon data processing, formattingand storage across multiple componentsystems. These standards enable thosesystems to share information effectivelywithout undermining data quality

RecommendationsData quality can be affected by a rangeof factors, including data entry standardsand practices and information security.However, in most cases, the mostimportant factor affecting EHR dataquality is the ability of subsystems to sharemeaningful and accurate information.Connecting islands of health data withinand across enterprises has proved to bea major challenge. Despite efforts bygovernments and SDOs around the world,universal standards for full and ubiquitoussemantic interoperability remain distant.Even so, organizations can realizesome of the benefits of sharing high-quality data ef ficiently and effectivelywithout universal EHR standards orsignificant expenditure on a unifiede-health architecture. From Accenturesresearch and experience from e-health

implementations around the world, webelieve that health care organizationsimplementing e-health systems should:

Consider a service-oriented

architecture as a means of

achieving interoperability in the

short term

Achieving interoperability by enforcingcommon standards and implementingcomplex interfaces can be prohibitivelydisruptive and expensive in the shortterm. A more efficient approach:

gradually implementing open standardsover time as legacy systems are retiredor integrated, infrastructure is updatedand new applications are developed.However, to meet the short-term needfor interoperability, organizationsshould consider replatforming towarda service-oriented architecture (SOA).This shift involves implementing an SOAand moving existing applications frommultiple, noninteroperable platforms toan integrated SOAwithout significantlychanging applications programminglanguage or functional environment. In the

long term, full semantic interoperabilitywill be achieved by implementing commonEHR standards. In the short term, a level ofinteroperability can be achieved throughan SOA.

Adopt open or common standards

and terminologies wherever

possible

Designing, selecting and implementingEHR standards and clinical terminologiesare complex processes. Even openstandards and terminologies often mustbe customized to reflect organizational,

technical and clinical idiosyncrasiesand so are subject to a number oforganization-specific interpretations. Asa result, adopting open standards cannotguarantee interoperability. However, it islikely that governments around the worldwill continue to push for greater e-healthintegration to achieve national EHR andwill exert pressure on organizationsto adopt open and interoperable EHRstandards. Therefore, to reduce futurecosts of EHR integration, organizationsshould immediately begin implementingand pressuring vendors to developsystems based on any available opennational or international standards.

Involve clinicians in designing

and configuring clinical

applications

Applications data validation and error-detection rules should reflect real-worldlogic in terms of understanding ofrelationships between concepts such astreatments and diagnoses; identifyingillogical and inaccurate information using

fine-grained parameters; and detectingincomplete data or information thatlacks meaning through rules based onclinical and business logic. To achieve thislevel of intelligent data handling, clinicalsubject matter experts must be involvedin the design and configuration of clinicalapplications. Even off-the shelf productsshould be carefully configured to reflectlocal clinical practices and processes.


24/28

Appendix:14

Data integrity

OverviewData integrity refers to the validity,

accuracy and reliability of datawhile it is being stored, transferred,retrieved or processed. Data withintegrity retains its meaning andclinical or administrative value afterit has been communicated or used.Failure to ensure the integrity ofdata in e-health systems adverselyaffects data quality and systemflexibility and performance. That,in turn, has a negative impact onpatient safety, quality of care,compliance risk and user adoption.

To maintain data integrity, theinfrastructure underlying e-healthsystems should prevent data

corruption and data loss. It shouldalso maintain the quality andcharacteristics of dataformat,meaning, rules, relationships andlatencyduring operations such asstorage, retrieval, communicationand transfer. Data integritycan be affected by a range offactors, including unauthorizedmodification of data, poor-qualitysource code and noninteroperable

subsystems. To address theseissues, effective informationgovernance architectures mustinclude four components:

Code integrity

System hardening


Standards-driven architectureand standards management

Code integrity

In many cases, data corruption and dataloss during storage and use are the resultof bugs in source code. Maintaining dataintegrity requires high-quality source codeverified through extensive static codeanalysis. Code with high levels of integrityhas fewer functional defects and securityvulnerabilities that may affect dataintegrity. Ensuring code integrity duringthe development and unit testing stagesreduces costs associated with fixing bugsdiscovered later in the implementationlifecycle.

System hardeningEnsuring the security of infrastructureunderlying e-health systems isimportant in maintaining the integrityof networks, messages and data. Systemhardening is a periodic or ongoingprocess of reducing security risks byevaluating the effectiveness of securityarchitectures, identifying security risksand undertaking security improvementsincluding removing vulnerable andunnecessary services and applicationsand updating security configurations

and access controls. System hardeningis particularly important if systemsare currently configured to maximizeease of use rather than security.


Enabling subsystems that use differentstandards and clinical terminologiesto share clinical data effectivelyand maintain data quality is a majorchallenge. Compounding the challengeare organizational and process issuesassociated with clinical data sharing. Inmany cases, providers and physiciansuse different processes and formatsfor recording and storing clinical data.Interoperability governance is a functionthat works across organizational andinformation silos to develop and enforcecommon standards, protocols andprocesses to enable syntactic, semantic orprocess interoperability (see Figure 1).

Developing effective interfaces andenforcing common standards andcommunication protocols throughstandards management processes mayenable organizations to achieve a levelof syntactic interoperability. Syntacticinteroperability enables subsystems tocommunicate data, but it does not enablereceiving systems to interpret, processor use it. Syntactic interoperability limitsthe benefits of data sharing; manual dataentry and modification is required, dataquality cannot be ensured, analytics andreporting platforms are less effective,and performance improvements resultingfrom process automation and optimizationcannot be realized.

To ensure data quality and maximize the

clinical and administrative value of EHR,systems require semantic interoperabilityin which subsystems can automaticallyinterpret, process and use data receivedfrom other systems. In many cases, a levelof semantic interoperability is achievedwithin enterprises by implementing anoff-the-shelf EHR that is part of aunified e-health architecture that includesa suite of clinical applications and medicaldevices. However, achieving semanticinteroperability across enterprises is moredifficultmostly because there are noopen national or international standards

for clinical data.

Current efforts to achieve semanticinteroperability across health careorganizations involve developing:

Common reference models forrepresenting clinical data that specifyat a high level how information shouldbe recorded, organized and managed ina medical record, such as the openEHRReference Model and HL7 ClinicalDocument Architecture

Standardized clinical data structuredefinitions that specify restrictions, rulesand requirements for data used for specificclinical and administrative purposes suchas openEHR Archetypes and HL7 Templates


25/28

Process Interoperability

Data created, used or modified

in clinical and administrative processes

can be used effectively by other processes

Semantic Interoperability

Subsystems can automatically interpret,

process and use data received from other systems

Syntactic Interoperability

Subsystems can communicate and exchange data but cannot

automatically interpret, process or use information received from other systems

Figure 1: Levels of interopability

Appendix:15

Common ontologiesthat is, models

that describe a health-related domain anddefine the attributes of and relationshipsbetween concepts in that domain

Standardized coding systems for clinicalconcepts, classifications and clinicalterminologies such as SNOMED-CT andLOINC

To maximize the benefits of syntacticand semantic interoperability, clinicians,administrators and researchers must usecombined data effectively to improve carequality, identify and realize efficiencies,and improve patient and public healthoutcomes. This approach requires a levelof process interoperability that enablesdiscrete clinical and administrativeprocesses to effectively leverage dataproduced, used or modified by otherprocesses. For example, clinical termsshould be used consistently acrossorganizations to represent exactly thesame diagnosis or treatment. Clinical andadministrative processes do not have tobe standardized, but users must adopt thesame data entry and data managementstandards across enterprises.

Standards-driven architecture

and standards managementThe most effective way for organizationsto achieve interoperabilitywithin andamong enterprisesis to develop a systemarchitecture that conforms to open orcommon messaging, infrastructure,communication, application, data andclinical terminology standards. Whilethere are a range of solutions that enableinteroperability in nonstandardizedarchitecturesfor example, vocabularyservers and terminology servicesthat enable systems using different

terminologies to share informationthe most effective means of achievinginteroperability is to develop standards-driven architectures.

Within an enterprise, a standards-drivenarchitecture enables organizations toachieve a level of semantic interoperabilitymore eff iciently. Standards also increasesystem flexibility as applications,devices and hardware and softwarecomponents can be integrated intosystem architectures more eff iciently andeffectively. Standards-driven architecturesalso address some of the criticalchallenges associated with implementinginter-enterprise EHR. Achievinginteroperability across enterprises that

have system architectures based on

common or open standards, even if thosestandards vary, is easier than integratingcomplex, nonstandardized architectureswith a number of noninteroperableinterfaces.

Developing and enforcing commontechnical, communication, messagingand data standards is an important steptoward a standards driven architecture. Astandards management lifecycle shouldbe developed to ensure standards areused and maintained correctly acrossthe organization. This requires standardsmanagement processes that monitorand enforce changes and updates tostandards, retire standards and ensurethat new hardware and softwarecomponents are standards compliant.Standards management within enterpriseswith strong IT governance processes isfar easier than across enterprises withdiscrete IT governance strategies. A criticalchallenge for organizations implementinginter-enterprise EHR is to coordinateand standardize each enterprisesstandards management strategy. Simplydeveloping standards will not necessarily

enable greater interoperability if thosestandards are not used or maintaineduniformly across subsystems.


26/28

Appendix:16

RecommendationsMaintaining and improving the integrityof data in e-health systems withoutadversely affecting system flexibility,reliability and performance are complexchallenges. However, given the potentialimpact of low data integrity on carequality, compliance and efficiency, theseare challenges organizations should striveto meet. There are a number of strategies,solutions and standards organizationscan use as part of a comprehensivedata management strategy to improvedata integrity. From Accenturesresearch and experience with e-healthimplementations around the world, werecommend the following actions:

Implement effective data

integrity checkpoints and edit

checks

To maintain data integrity and quality,organizations should develop a libraryof standard data elements and use dataintegrity checkpoints and edit checks toensure data conforms to data standards.Data integrity checkpoints verify thatdatas characteristics meet data integrityspecifications after it has been created,stored, processed or used. Edit checksenforce data rules and standards and arean important part of data cleansing. Theydetect and correct, delete or highlighterrors, inconsistencies and missing data.

Target process interoperability

through comprehensive clinical

transformation and process

optimization strategies

Organizations often fail to maximizethe clinical and administrative value ofsyntactic or semantic interoperabilitybecause clinical and administrativeprocesses and workflows arenoninteroperable. In other words, datacreated, used or modified by discreteprocesses cannot be used effectivelyby other processes. Achieving processinteroperability requires clinicians andadministrators to use applications in thesame way for the same purpose, to referto concepts using the same terms, to useterms consistently and to adopt commondata entry practices and rules regardingcontent, format and frequency of updates.Process interoperability also involves

process reengineering to create eff icienttouch points and synergies betweenprocesses that enable meaningful,accurate and up-to-date informationto flow between processes . To achieveprocess interoperability, organizationsshould develop clinical transformation andprocess optimization strategies, supportedby adequate clinical change managementprograms, to maximize user adoption,encourage desirable user behavior andreengineer clinical processes .

Aim to achieve a level of

interoperability that will

deliver tangible clinical and

administrative benefits by

developing specific use cases

Too often, health care organizationsinvest in interoperability without a set

of specific use cases that demonstratehow interoperability will add value byimproving clinical decision making, carequality and process efficiency.Withoutspecific use cases , organizations oftentarget an inadequate or unnecessarylevel of interoperability that either limitsthe clinical and administrative value ofinteroperability or needlessly increases thecost of achieving it. In many cases, themost eff icient solution is for organizationsto target different levels of interoperabilityacross systems, clinical departments andfunctions depending on specific use cases.

This approach enables organizations toconcentrate resources on achieving highlevels of interoperability in areas where itwill deliver the most significant clinical oradministrative benefits .


27/28

Appendix:17


28/28

Copyright 2010 AccentureAll rights reserved.

Accenture, its logo, andHigh Performance Deliveredare trademarks of Accenture.

The views and opinions in this articleshould not be viewed as professional

advice with respect to your business.

About Accenture

Accenture is a global managementconsulting, technology services andoutsourcing company, with more than190,000 people serving clients in morethan 120 countries. Combining unparalleledexperience, comprehensive capabilitiesacross all industries and business functions,and extensive research on the worldsmost successful companies, Accenturecollaborates with clients to help thembecome high-performance businesses andgovernments. The company generated netrevenues of US$21.58 billion for the fiscalyear ended Aug. 31, 2009. Its home page iswww.accenture.com.

About the Accenture

Institute for Health &Public Service ValueThe Accenture Institute for Health & PublicService Value is dedicated to promotinghigh performance in the health care sectorand in public service delivery, policy-making and governance. Through researchand development initiatives, the Instituteaims to help health care and publicservice organizations deliver better social,economic and health outcomes for thepeople they serve. Its home page iswww.accenture.com/

healthpublicservicevalue.

Contacts

Global LeadMark KnickrehmHealth Industry [email protected]

+1 310-426-5202

North AmericaMarylou BaileyHealth Industry [email protected]

+1 727-897-4124

Europe, Africa and Latin AmericaJavier MurHealth Industry Lead

[email protected]+34 93-227-1058

Asia-PacificBill HigbieHealth Industry [email protected]+61 3-98388188

Project TeamAndrew TruscottAccenture Health PracticeAsia-Pacific

Giles RandleResearcher, Institute for Health andPublic Service Value

Julie McQueenDirector of Research, Institute for Healthand Public Service Value

Greg ParstonDirector, Institute for Health and PublicService Value

Documents

Accenture HealthPS Information Governance the Foundation for Effective E-Health