Periodic Reporting for period 3 - InteropEHRate (Interoperable EHRs at user edge)
Periodo di rendicontazione: 2021-07-01 al 2022-09-30
InteropEHRate improves continuity of care and Health Records (HR) exchange across Europe by actively involving citizens, exploiting Smart Electronic Health Records. S-EHR are mobile apps that securely store user’s health data on a device, including data produced by healthcare providers (e.g. hospitals). Since HRs are stored on their devices, citizens are able to control, use, exchange them without using cloud storage if the Internet is not available.
The project’s aim is to produce an open specification and a software framework simplifying the adoption of the specification. The InteropEHRate open specification defines:
- S-EHR conformance levels: constraints that a S-EHR (and related optional services called S-EHR Cloud) must fulfil to be secure and compliant with InteropEHRate.
- D2D (Device to Device) protocol: secure protocol to exchange, without using the Internet, health data between a S-EHR and a nearby app controlled by a Health Care Professional (HCP).
- R2D (Remote to Device) protocols: three secure protocols using the Internet for: download citizen’s health data from (cross-border) EHRs (R2D Access); backup of encrypted health data on the cloud (R2D Backup); cross-border access to health data in emergency by HCPs (R2D Emergency).
- RDS (Research Data Sharing) protocol: secure protocol for citizens to participate in research studies and share only with the involved researchers anonymised health data using a S-EHR.
- FHIR profiles: common data models based on HL7 FHIR standard shared by all InteropEHRate protocols.
Every protocol can be used independently from the others. The usage of cloud storage (S-EHR Cloud services) is not mandatory. The InteropEHRate Framework offers a set of application prototypes and reusable components that comply with the open specification, but the vendors are allowed to develop and use alternative solutions. Therefore, citizens will be able to choose among different interoperable S-EHRs developed by different vendors. The InteropEHRate framework aims also to offer tools to support the conversion and translation of HRs in different formats and languages.
Project’s results were validated by three Pilots executed by Hospitals and Health Research Centres in Greece, Italy, Belgium, and Romania. Real patients were involved in different situations: access to healthcare abroad; healthcare in emergency; participation in research studies.
The project’s aim is to produce an open specification and a software framework simplifying the adoption of the specification. The InteropEHRate open specification defines:
- S-EHR conformance levels: constraints that a S-EHR (and related optional services called S-EHR Cloud) must fulfil to be secure and compliant with InteropEHRate.
- D2D (Device to Device) protocol: secure protocol to exchange, without using the Internet, health data between a S-EHR and a nearby app controlled by a Health Care Professional (HCP).
- R2D (Remote to Device) protocols: three secure protocols using the Internet for: download citizen’s health data from (cross-border) EHRs (R2D Access); backup of encrypted health data on the cloud (R2D Backup); cross-border access to health data in emergency by HCPs (R2D Emergency).
- RDS (Research Data Sharing) protocol: secure protocol for citizens to participate in research studies and share only with the involved researchers anonymised health data using a S-EHR.
- FHIR profiles: common data models based on HL7 FHIR standard shared by all InteropEHRate protocols.
Every protocol can be used independently from the others. The usage of cloud storage (S-EHR Cloud services) is not mandatory. The InteropEHRate Framework offers a set of application prototypes and reusable components that comply with the open specification, but the vendors are allowed to develop and use alternative solutions. Therefore, citizens will be able to choose among different interoperable S-EHRs developed by different vendors. The InteropEHRate framework aims also to offer tools to support the conversion and translation of HRs in different formats and languages.
Project’s results were validated by three Pilots executed by Hospitals and Health Research Centres in Greece, Italy, Belgium, and Romania. Real patients were involved in different situations: access to healthcare abroad; healthcare in emergency; participation in research studies.
InteropEHRate started in 2019 and has now released the final version of the open specification (including usage scenarios, user requirements, overall architecture and protocol specifications, FHIR profiles, S-EHR conformance levels) and a reference governance model to manage it.
D2D protocol supports HRs exchange by means of Bluetooth on Android and iOS. It allows the use of ID-Cards or qualified digital certificates to identify citizens. R2D Access protocol offers different modalities of data import, including asynchronous one, and exploits eIDAS infrastructure to identify citizens. R2D Backup protocol supports the backup of encrypted health and may be used to restore the saved health data on another mobile device, while the cloud service provider has access only to the encrypted version of the health data, to preserve the privacy. If activated by the citizen, the R2D Emergency protocol allows trusted HCPs to access and enrich health data they stored on the cloud, during an emergency. RDS protocol allows EU citizens to participate in a research network and contribute to multicentric research studies, by sharing specific anonymised health data directly with the research centres involved in the studies they contribute to, without involving third parties. Different kinds of anonymization are supported. Final versions of the R2D specification leverage the WADO-RS standard to support the download of DICOM images, similar support is added to the RDS protocol too.
The security conformance levels specification includes new evaluation criteria and a specific assessment process defined for determining the level of conformance of a S-EHR app or a S-EHR Cloud service. This methodology was applied and tested to classify the level of conformance of the prototypes developed by InteropEHRate. The specification includes a step-by-step guide to evaluate activities object of privacy policies.
The InteropEHRate FHIR profiles were published as two InteropEHRate FHIR Implementation Guides, for Cross-Border Data Exchange (CBDE) and for Research Data Sharing, covering both the representation of health data required by the InteropEHRate scenarios and the representation of metadata for representing the provenance of data and for supporting identification, consents, translation and encryption. The released final version of InteropEHRate framework includes: a reference implementation of the five protocols; prototypes of S-EHR app and HCP App (example of application for the HCPs), prototype of R2D Access service, of EHR Index (optional components supporting one of the variants of the R2D Emergency protocol), of S-EHR Cloud service; prototypes of service nodes to operate a research network based on the RDS protocol.
The final implementation of the D2D, R2D, and RDS protocols, and related security mechanisms, were released as reusable software libraries for Android and Windows, and were exploited to implement the final prototype of S-EHR and HCP App, co-designed by focus groups of patients and HCPs. The reusable libraries were used to implement supporting services like S-EHR Cloud, R2D Access Service, RDS nodes. The InteropEHRate framework also includes a new version of tools and services for data conversion, translation and information extraction.
These results can be used singularly or in combination with the others. All reference implementation libraries, and most of the prototype applications and services, were released as open source software and actually deployed and validated by final users (patients, HCPs, researchers) during the pilots. The evaluation data was released as a public report, available with other InteropEHRate documentation, for future exploitation and evolutions of the project results.
D2D protocol supports HRs exchange by means of Bluetooth on Android and iOS. It allows the use of ID-Cards or qualified digital certificates to identify citizens. R2D Access protocol offers different modalities of data import, including asynchronous one, and exploits eIDAS infrastructure to identify citizens. R2D Backup protocol supports the backup of encrypted health and may be used to restore the saved health data on another mobile device, while the cloud service provider has access only to the encrypted version of the health data, to preserve the privacy. If activated by the citizen, the R2D Emergency protocol allows trusted HCPs to access and enrich health data they stored on the cloud, during an emergency. RDS protocol allows EU citizens to participate in a research network and contribute to multicentric research studies, by sharing specific anonymised health data directly with the research centres involved in the studies they contribute to, without involving third parties. Different kinds of anonymization are supported. Final versions of the R2D specification leverage the WADO-RS standard to support the download of DICOM images, similar support is added to the RDS protocol too.
The security conformance levels specification includes new evaluation criteria and a specific assessment process defined for determining the level of conformance of a S-EHR app or a S-EHR Cloud service. This methodology was applied and tested to classify the level of conformance of the prototypes developed by InteropEHRate. The specification includes a step-by-step guide to evaluate activities object of privacy policies.
The InteropEHRate FHIR profiles were published as two InteropEHRate FHIR Implementation Guides, for Cross-Border Data Exchange (CBDE) and for Research Data Sharing, covering both the representation of health data required by the InteropEHRate scenarios and the representation of metadata for representing the provenance of data and for supporting identification, consents, translation and encryption. The released final version of InteropEHRate framework includes: a reference implementation of the five protocols; prototypes of S-EHR app and HCP App (example of application for the HCPs), prototype of R2D Access service, of EHR Index (optional components supporting one of the variants of the R2D Emergency protocol), of S-EHR Cloud service; prototypes of service nodes to operate a research network based on the RDS protocol.
The final implementation of the D2D, R2D, and RDS protocols, and related security mechanisms, were released as reusable software libraries for Android and Windows, and were exploited to implement the final prototype of S-EHR and HCP App, co-designed by focus groups of patients and HCPs. The reusable libraries were used to implement supporting services like S-EHR Cloud, R2D Access Service, RDS nodes. The InteropEHRate framework also includes a new version of tools and services for data conversion, translation and information extraction.
These results can be used singularly or in combination with the others. All reference implementation libraries, and most of the prototype applications and services, were released as open source software and actually deployed and validated by final users (patients, HCPs, researchers) during the pilots. The evaluation data was released as a public report, available with other InteropEHRate documentation, for future exploitation and evolutions of the project results.
Current approaches to HRs exchange are mainly based on national services that allow access to citizens’ HRs but usually limited to the management of health data produced in the citizen’s country. InteropEHRate solution complements current solutions allowing citizens to acquire their health data from healthcare providers, also in foreign countries.
Current mobile apps for health data management follow different criteria for privacy and security, usually store personal data on a cloud repository controlled by the vendor and adopt different remote APIs. InteropEHRate, on the converse, proposes an open specification that guarantees interoperability among different apps, common levels of security and freedom from cloud storage thanks to health data storage on mobile devices. While PHRs are mainly intended to manage data produced directly by the citizens and usually in a single language, the S-EHRs store personal health data with a trustable provenance. S-EHRs allow exchanging health data with HCPs also without the Internet, using the same protocols in any EU country, and managing the translation of data in different languages. This will improve the awareness and autonomy of patients, and the availability of health data to HCPs, enhancing the continuity of care across different countries and providers.
Current mobile apps for health data management follow different criteria for privacy and security, usually store personal data on a cloud repository controlled by the vendor and adopt different remote APIs. InteropEHRate, on the converse, proposes an open specification that guarantees interoperability among different apps, common levels of security and freedom from cloud storage thanks to health data storage on mobile devices. While PHRs are mainly intended to manage data produced directly by the citizens and usually in a single language, the S-EHRs store personal health data with a trustable provenance. S-EHRs allow exchanging health data with HCPs also without the Internet, using the same protocols in any EU country, and managing the translation of data in different languages. This will improve the awareness and autonomy of patients, and the availability of health data to HCPs, enhancing the continuity of care across different countries and providers.