an application programming interface for the electronic transmission of prescriptions

ISSRG Information Systems Security Research Group

Contact: [email protected]

http://sec.isi.salford.ac.uk

An Application Programming Interface for the Electronic Transmission of

PrescriptionsPresented By: D. P. Mundy

Other Authors: Prof. D. W. Chadwick, Dr E. Ball




• Synopsis

• Prescribing in the UK

• The Pilots and Salford Models

• Potential Benefits / Problems

• Present Status

Thanks to:




Synopsis

• The United Kingdom (UK) National Health Service (NHS)

• NHS Plan– Implement ETP by 2004

• 3 pilot systems – Transcript consortium (Large pharmacies and Pharmed)

– Pharmacy2U consortium (An Internet pharmacy)

– Flexiscript consortium (Microsoft, SchlumbergerSema)




Salford ETP Project

• Funded by the UK’s Engineering and Physical Sciences Research Council (EPSRC)

• 3 Year Project commenced September 2000

• Carried out in collaboration with Huddersfield University and Hope Hospital, Salford

• £261k funding




Prescribing in the UK

4. Prescriptions Batched and sent to the PPA

1. Creates & signs Prescription

2. Patient Hands Prescription to Pharmacist (Maybe signed to claim exemption)

5. Prescriptions Processed and payment sent back to Dispenser

3. Drugs Dispensed to Patient, money to dispenser if the patient is not exempt




Problems with Present Practice• Fraud

– Stolen Prescription Pads, Altered Dispensation Amounts

• Data Integrity– Phone Call Clarification, Illegible Scripts

• Administrative Workload– 578 million prescribed items in 2001

• Efficiency– 60% of Pharmacists believed that the introduction of electronic prescribing

would lead to time savings (Kember Associates, 1999)

• Patient Exemptions / Identification– Pharmacy Check




ETP Worldwide

• Denmark– 35 per cent of prescriptions now sent electronically

(Middleton,2000)

• Germany– Electronic health card

• USA– State ETP systems

• UK– Hospital ETP systems and Pharmed trial




The Pilots and the Salford Model




Transcript Consortium Model Transcript Consortium Model




Transcript Model Perceived Transcript Model Perceived Benefits Benefits

• Patient retains freedom of choice and has control over their own privacy

• No reliance on a central database repository - therefore performance of system similar to present paper based system

• Mirrors present system just reduces fraud and administrative workload for the PPA




Transcript Model Perceived Transcript Model Perceived Problems Problems

• Barcode Readers Complex and Expensive

• Limit on size of prescription

• Exemptions not automatic

• Lost prescription requires GP callback

• Barcode error rates




Pharmacy2U Consortium Model Pharmacy2U Consortium Model




Pharmacy2U Model Perceived Pharmacy2U Model Perceived BenefitsBenefits

• Patient may or may not have freedom of choice

• Very low chance of lost prescriptions

• No paper version of the prescription

• May lead to advanced patient care




Pharmacy2U Model Perceived Pharmacy2U Model Perceived ProblemsProblems

• DIRECTED Prescriptions may lead to severe consequences for high street pharmacy

• May be a problem with patient acceptance




Flexiscript Consortium ModelFlexiscript Consortium Model




FlexiScript Model Perceived FlexiScript Model Perceived Benefits Benefits

• GP And Pharmacy Applications Interface With Model Without The Need For Additional Hardware

• Patient Retains Freedom of Choice




FlexiScript Model Perceived FlexiScript Model Perceived ProblemsProblems

• May be performance issues at the relay

• Patient doesn‘t have complete control over their own privacy and lost script token requires GP callback

• Prescriptions may be stored in the clear

• Exemptions not automatic




University of Salford Model University of Salford Model




University of Salford Model University of Salford Model Perceived Benefits Perceived Benefits

• Patient retains freedom of choice and has protection of their own privacy

• Automatic Exemption and Authorisation Checking

• In many ways mirrors present system (just electronically)

• Only normal barcode scanners required at the pharmacy




University of Salford Model University of Salford Model Perceived ProblemsPerceived Problems

• Lost prescription - requires GP call

• Performance better than Flexiscript model since only encrypting once.(Research currently being undertaken to measure precise advantage)




Design Issues

• Stakeholder Acceptance– Little change to procedures

• Barcodes - Patient, GP, Pharmacist

• Recovery procedures

– Maintained freedom of choice for patient




Security Considerations• An Electronic Prescription Processing System must provide:-

– Confidentiality > Encryption/Link Security

– Secure Authentication > Digital Signatures

– Secure Authorisation > Privilege Management Infrastructure

– Integrity > Digital Signatures

– Non-Repudiation of Origin > Digital Signatures




Security Issue Pharmacy2U Transcript Schlumberger-

Sema

Salford

PatientConfidentiality

Prescriptionsasymmetricallyencrypted forPharmacy (1Encrypt, 1Decryptoperation)

Patient protectshis or her ownprivacy. Noencryptionrequired.Prescriptioncontained in 2-DPDF417Barcode.

Prescriptionsencrypted forprescriptionstore, decryptedthen re-encryptedfor pharmacyrequest.

Patient protectshis or her ownprivacy.Symmetric KeyEncryption (1Encrypt, 1Decryptoperation).Symmetric key inBarcode on paperprescription.

Disadvantages/Benefits

Management ofencryption keypairs, decryptionkeys shared bypharmacists,Patient cannotchoose afterconsultation whothey wish to visit

PDF417 barcodereaders notpresent inpharmacies, moreexpensive thannormal readers,prone to errorsand no recoverymechanism froma unreadablebarcode

Performance ofsystem,prescriptionsmay be held un-encrypted instore,Management ofencryption keypairs, decryptionkeys shared bypharmacists

Improves onothermechanisms.The informationcontained withinthe 1-D barcodecan be recoveredby hand [2].

Security Model Comparison (1)




Authorisation Controlled byapplication. Noautomaticexemptionchecking.

Controlled byapplication anduse of differenttypes ofprescriptionforms. Noautomaticexemptionchecking.

Controlled byapplication. Noautomaticexemptionchecking.

Provided byPrivilegeManagementInfrastructuredetailed in [13].Authority toprescribe anddispense checkedalong with theauthority of apatient to receiveexemption frompayment.

Issues/Benefits May be weak security mechanisms allowing users whoare not prescribers/dispensers to access the applicationand prescriptions. No automatic exemption checking.

Automaticallycontrolled andmore secure thanthe other systemdesigns

IdentityAuthentication

Digital Signature Digital Signature Digital Signature Digital Signature

Security Issue Pharmacy2U Transcript Schlumberger-

Sema

Salford

Security Model Comparison (2)




Present Status• An API designed to facilitate the introduction of our

proposed electronic prescription processing system design has been built. Disparate applications can call our API to transfer prescriptions electronically– Described within the paper

• Evaluation Phase– Qualitative Evaluation -Stakeholder Focus Groups

– Quantitative Evaluation - Performance Research




The API

• Three subsystems (Prescribing, Dispensing and PPA Operations)

• Works in conjunction with two digitially signed supporting third party class structures

– Security class structure

– Directory configuration class structure




Security Class Structure

EPP SecurityAbstract Base Class




API Operation - Example Prescribing Subsection

initialiseEPP

PrescribingOperations class

(Security,Directory Config)

setupPrescription(Patient details)

addPrescriptionItem(Item details)

signAndStorePrescription()

Prescriber application prints prescription

PrescriptionStore

Access Established

Checks Authorisation

Logged in Security class

Directory Configuration class

getPrescriptionEncryptionKey()

getBarcodeKeyValue()

Joe BloggsAge 24

Paracetamol Differin

Signature




Further Information

• For further research related to this project please visit

• http:\\sec.isi.salford.ac.uk\




Questions

an application programming interface for the electronic transmission of prescriptions

Documents