![Page 1: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/1.jpg)
Cyber Security Day – Ancona, ITALY
Sharing data between General Practitioners EHRs and
Social Care Information Systems:
the Nu.Sa. project
Emanuele FrontoniDipartimento di Ingegneria dell’Informazione – DIIUniversità Politecnica delle Marche
![Page 2: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/2.jpg)
• Data Sharing(medicine associate, AFT …)
• Public/Private Networks
• Patient Summary – EHR
State of the art (GPs)
![Page 3: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/3.jpg)
![Page 4: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/4.jpg)
![Page 5: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/5.jpg)
Cloud Netmedica
DATA SECURITY
SSO
“CERTIFY”
“IMPORT”
STANDARDXML
SOAP/WSDL
“TRAIN”
NETMEDICA “APP STORE”
FRONT END
![Page 6: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/6.jpg)
Web Services
Transport (HTTP,HTTPS,SMTP,FTP)
Messaging (XML,XSD,SOAP,SOAPAttachment)
Description (WSDL,WS-Policy)
Security (WS-Security)Orchestration (WS-BPEL)
Enterprise Service Bus
WS-Choreography (WS-CDL,ebBP)
Discovery (UDDI,ebXML)
Service-Components (SCA,SDO)
Semantic Web Services
(WSMO,OWL-S)
Management (W
SMF,WSDM)
Transaction (WS-Transaction)
Current State-of-the-art in Web Service Technologies
Service-Composition
Quality of Service
Internet Protocols
Foundations
![Page 7: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/7.jpg)
SOAP - WSDL
XML
XML
XML
XML
XML
XML
XML
XML
XML
XML
XML
XML
“TRAIN”
SOAP - WSDL
SO
AP
-W
SD
L
“CERTIFY”
VERIFIY
DATA
QUALITY
“IMPORT”
STRONG AUTENTICATION
SSO – UN, PW, Secret
SOAP - WSDL
… PERSONAL HEALTH RECORD - PHR …
APPLICATIONS & SERVICES
NETMEDICA store
SO
AP
-W
SD
L
XML
standard
DATA MINERS
XML
standard
XML
standard
XML
standard
XML
standard
Patient Box
“WEB 2.0”
CR
YP
TO
Self- auditi
TELEMEDICINE …
![Page 8: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/8.jpg)
![Page 9: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/9.jpg)
IL CLOUD
• SaaS (SOA) Architecture
• Scalability
• Security
• Nuvola Italiana – Telecom
IT
• Data Sharing multi-device
![Page 10: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/10.jpg)
I WEB SERVICES
• Public Data description WSDL / SOAP
netmedicaitalia.it/it/palestra
• Inside HL7 standards
• Data validation
• A test area for SW developer
• Data Analitycs WS
• A FIMMG Service Index (UDDI)
• 42 services & 93 methods
![Page 11: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/11.jpg)
AUTENTICATION
ONLY GPS + PATIENT CAN AUTORIZE DATA SHARING ONLY GPS + PATIENT CAN AUTORIZE DATA SHARING
• Strong authentication
• SAML 2.0 Federations
• User-based date criptograpy
• No massive data sharing (single point access)
![Page 12: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/12.jpg)
Medico Paziente Patologie
1:n
Periodo assistenza
Allergie/Intolleranze
Presc. Farmaci
Vaccinazioni
Stili di vita
Monitoraggio
Certificati
Visite / Contatti
Esenzioni
Prescrizioni
Esiti
1:n
Ricoveri
Diario Clinico
1:n
n:n
1:n
DATA STRUCTURE
![Page 13: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/13.jpg)
Paziente
Contiene in forma criptata in
dati anagrafici del paziente.
Leggibili solo dal medico
proprietario o dai colleghi con i
quali decide di condividere le
informazioni.
Patologie
Contiene i problemi dei pazienti
con i relativi stati, e le date di
apertura e chiusa. Viene
mantenuta l’informazione di
origine anche in assenza del
codice ICD-IX. La tabella è
relazionata con altre tabelle per
favorire le ricerche per
problema.
![Page 14: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/14.jpg)
Diario
Clinico
Diario
Clinico
Contiene le valutazioni storiche
legate all’evoluzione delle
patologie, con la classificazione
SOVP.
Contiene i periodi di inizio e
fine assistenza del paziente,
con la relativa motivazione.
Vengono gestiti periodi di
assistenza multipli.
Periodo di
assistenza
Periodo di
assistenza
![Page 15: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/15.jpg)
Allergie ed
intolleranze
Allergie ed
intolleranze
Contiene allergie ed
intolleranze definite per
farmaco / principio attivo / ATC
oppure definite in testo libero.
Contiene la terapie prescritte ai
pazienti con tutte le
informazioni contenute nella
ricetta. Vengono acquisite
anche le ricette non stampate
se salvate nel software di
cartella.
Prescrizione
farmaci
Prescrizione
farmaci
![Page 16: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/16.jpg)
VaccinazioniContiene le informazioni
relative alle vaccinazioni
effettuate al paziente.
Contiene l’abitudine al fumo,
l’attività fisica e il consumo di
alcolici del paziente.
Stili di vita
![Page 17: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/17.jpg)
Monitoraggio
Contiene i dati di pressione:
minima, massima, frequenza
cardiaca, ritmo e
somatometrici: peso, altezza,
circonferenza.
Contiene i certificati inail e di
malattia del paziente. I campi di
testo sono criptati in quanto
possono contenere
informazioni sensibili.
Certificati
![Page 18: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/18.jpg)
Visite/Contatti
Contiene i contatti avvenuti tra
medico e paziente nelle diverse
forme previste: ambulatoriale,
domiciliare o telefonico.
Contiene le esenzioni del
paziente con le codifiche
nazionali e regionali.
Esenzioni
![Page 19: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/19.jpg)
Ricoveri
Contiene i ricoveri del paziente
e le lettere di dimissioni
ospedaliere. I campi di testo
sono criptati in quanto possono
contenere informazioni
sensibili.
Contiene le prescrizioni del
tipo: esami di laboratorio, visite
strumentali, visite
specialistiche, presidi, PIP
effettuate al paziente, anche se
non stampate.
Prescrizioni
![Page 20: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/20.jpg)
Esiti
Contiene gli esiti degli esami di
laboratorio, delle visite
specialistiche e degli esami
strumentali.
Sono gestiti esiti multipli legati
ad una singola prescrizione (ad
esempio emocromo formula).
Gli esiti degli esami di laboratorio
vengono acquisiti anche se non
in forma numerica.
Vengono acquisiti anche esiti non
legati ad una precedente
prescrizione.
![Page 21: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/21.jpg)
I NUMERI
• 3300 GPs
• 5.5 MLN of Patients EHR
140.000.000e-prescriptions
Dati al 27.03
![Page 22: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/22.jpg)
Nu.Sa. April 2015
3300 GPs
5.5 Mil. Patients
145 Mil.
Presciptions
296 GP groups:-80 EHR sharing
-26 audit
![Page 23: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/23.jpg)
0
10.000
20.000
30.000
40.000
50.000
60.000
70.000
80.000
90.000
100.000
13
/09
/20
14
14
/09
/20
14
15
/09
/20
14
16
/09
/20
14
17
/09
/20
14
18
/09
/20
14
19
/09
/20
14
20
/09
/20
14
21
/09
/20
14
22
/09
/20
14
23
/09
/20
14
24
/09
/20
14
25
/09
/20
14
26
/09
/20
14
27
/09
/20
14
28
/09
/20
14
29
/09
/20
14
30
/09
/20
14
01
/10
/20
14
02
/10
/20
14
03
/10
/20
14
04
/10
/20
14
05
/10
/20
14
06
/10
/20
14
07
/10
/20
14
08
/10
/20
14
09
/10
/20
14
10
/10
/20
14
11
/10
/20
14
12
/10
/20
14
13
/10
/20
14
0
50
100
150
200
250
300P
HR
sb
y D
AY
Tra
sm
issio
ns
by D
ay
Pazienti
Medici
![Page 24: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/24.jpg)
I CASI NAZIONALI
Toscana – ASL Arezzo
Interop & telemedicine
Campania – ARSAN
Cronic care (diabet)Over 1.4 MLN € benefits to GPs
SELF AUDIT
![Page 25: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/25.jpg)
![Page 26: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/26.jpg)
Sicurezza e Privacy
Requisiti:
• Sicurezza/Confidenzialità
– Evitare qualsiasi accesso non autorizzato ai dati
sanitari dei pazienti
• Privacy
– Consentire solo al medico curante di associare i
dati sanitari di un paziente alla sua identità
![Page 27: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/27.jpg)
System Architecture• EHRs collect patients’ diseases,
clinical exam reports, treatments,previous surgeries,…
• In the EHRs, each patient isidentified through a unique,randomly generated PatientIdentifier (PID)
• The PR contains a personal datarecord for each patient
• The PR includes the identifiers ofthe Medical Doctors (MDs) whoare in charge of each patient and,for each MD, an EncipheredPatient Identifier (EPID)
Name Surn. … MDs EPIDs
… … … … …
… … … … …
… … … … …
Patient Registry
PID Diseases Treatm. Surgery …
… … … … …
… … … … …
… … … … …
Electronic Healthcare Records
Aggregation/Login
ServerMD master
MD slave 2
MD slave 1
SSL
SSL
SSL
PID Diseases Treatm. Surgery …
… … … … …
… … … … …
… … … … …
PID Diseases Treatm. Surgery …
… … … … …
… … … … …
… … … … …
Patient terminal
![Page 28: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/28.jpg)
Rationale of the System
MD master
123456789 a0df1xgh5
PID EK
EPID
PID Diseases Treatments Surgeries
123456789Diabetes,
Coeliac diseaseInsulin
Appendectomy
on 1/1/1970
… … … …
Electronic Healthcare Records
Name Surname Birth Date MDs EPID
Mario Rossi 1/1/1950 MD010203 a0df1xgh5
… … … … …
Patient Registry
(PIDs and EPIDs will be
much longer in practice)
![Page 29: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/29.jpg)
NEXT STEPS
CartellaCartella
Cloud / WebCloud / Web
App e mobileApp e mobile
Dati distribuiti e sicurezza
Dati distribuiti e sicurezza
Metadati
Casa & Utenti
Metadati
Casa & Utenti
Audit e DSSAudit e DSS
Servizi semantici
Servizi semantici
![Page 30: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/30.jpg)
Area destinata a visualizzare il
Patient Summarydefinitivo per come
autorizzato dal paziente
Record clinico-assistenziale del paziente Box assistito
Area destinata a interazione attiva e
input dati
Area destinata a proposta di Patient
Summary da validare per
immissione su FSE
Empowerment del paziente
![Page 31: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/31.jpg)
19 partners
2 RC
1. Domoticsensornetwork2. AAL
Technologies
HBA
Vision
Audio
Data integration
Home XML design
People XML design
Gesture, vocal
HMI
![Page 32: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/32.jpg)
Social Care & AAL need EHR data ?
User vs Patient
ePrescription
Cronicità Cure
Cronic care
Protocolli Empowerment
A “patient summary” for AAL & CARE
![Page 33: Sharingdata betweenGeneral PractitionersEHRsand Social ...ahmevent2015.ifc.cnr.it/slides/frontoni.pdfCyberSecurity Day –Ancona, ITALY Sharingdata betweenGeneral PractitionersEHRsand](https://reader033.vdocuments.site/reader033/viewer/2022060810/608efa1e883cba02ab7c22e9/html5/thumbnails/33.jpg)
Conclusions
• A national level EHRs – MDs project: Nu.Sa.
• A proposal to rise the level of security on GPsdata sharing
• A useful test bed for data sharing for social care & AAL
• Future outlook:
– DEFINE AN IT/EU GUIDELINE FOR E-HEALTH DATA SHARING GIVING ALSO A MINIMAL SECURITY STANDARD