IntroOH-1 CSE 5810 Classifying, Sharing and Exchanging Healthcare Data Kingsley Udeh Computer Science & Engineering Department The University of Connecticut 371 Fairfield Road, Box U-255 Storrs, CT

IntroOH-2 CSE 5810Outline o o Introduction  Background o o Healthcare Data Classification  Information Classification  Information Flow Policies  Access Control Models o o Healthcare Data Sharing and Exchanging  Standards  Interoperability frameworks/Infrastrustures  Fast Healthcare Interoperability Resources(FHIR)  Health Record Banks(HRBs) o o Case Study on Healthcare Systems Interoperability o o Conclusion

IntroOH-3 CSE 5810Introduction  There is an ongoing gradual transfer from paper-based to electronic-based organization of information  Therefore data concerning people’s private lives are vulnerable to unauthorized access

IntroOH-4 CSE 5810Introduction  Problems/Challenges  The consequence is the problem of privacy management due to the gab between the ease of access to one’s personal details and the human desire to control this access  Consistently obtaining timely electronic medical records from all providers in a cost effective manner  People tend to keep their personal details confidential especially their health conditions

IntroOH-5 CSE 5810Introduction   Background  Biomedical Informatics(BMI) Information and its usage associated with the research and practice of medicine. Interdisciplinary fields interacting between people, information and technology. © T. Shortliffe 2006 Columbia University

IntroOH-6 CSE 5810 Introduction - Background  Informatics Management and processing of data from multiple sources through classification, collection, storage, analysis, and dissemination Focus: Clinical Informatics : tracking all information for patient and his care – Medical Records + Personal Health Records(PHRs) from hospitals/clinics, medical offices, insurance/reimbursements etc. via Health Information Technology(HIT) system, such as Electronic Health Records(EHR)

IntroOH-7 CSE 5810 Introduction - Background  An architecture for integrating data from multiple systems - EHR Multi-Source Data Integration Architecture (Source: Courtesy of Columbia University Medical Center)

IntroOH-8 CSE 5810 Healthcare Data Classification  Information Classification The process of separating information into distinct categories or levels by which different controls, policies and requirements apply   Information Creation = Classification Label Designation.   Goal: Information is protected, stored and managed appropriately. Motivation: Military Security Structure

IntroOH-9 CSE 5810 Healthcare Data Classification Any piece of information can be in five different classifications:  Unclassified  Restricted  Confidential  Secret  Top Secret unclassified documents can be made available to the public and top secret information are shared with few individuals.

IntroOH-10 CSE 5810 Healthcare Data Classification - Security  Information Flow Policies Denning and his colleagues performed the basic research in Lattice Based Access Control models in the 1970s concerned with confidentiality Denning concept of “Information Flow Policy”: A triple consisting of o SC is set of security classes o → ⊆ SC x SC is a binary can-flow relation on SC o ⊕ : SC x SC → SC is a binary class-combining or join operator on SC (A,B) ∈ → means information can flow from the security class of A to the security class of B

IntroOH-11 CSE 5810 Healthcare Data Classification - Security Example of an information flow policy Information may flow from one security class label to another security class label based on a given information flow policy.   A ⊕ B = C is equivalent to ⊕ (A, B) = C Thus,   A ⊕ B = C tells us that objects that contain information from security classes A and B should be labeled with the security class C.

IntroOH-12 CSE 5810 Healthcare Data Classification - Security Illustration of information flow policies No information flow is allowed from one security class to a different security class. Trivial form of information flow policy   SC = [Ai…An]; for i = 1 … n, we have Ai → Ai and Ai ⊕ Ai = Ai  ≠ j  SC = [Ai…An]; for i, j = 1 … n, i ≠ j we have Ai cannot – flow to Aj and Ai ⊕ Aj is undefined

IntroOH-13 CSE 5810 Healthcare Data Classification - Security Illustration of information flow policies Information may flow from all security classes except from High to Low Nontrivial form of information flow policy High-low policy – Binary can-flow relation:   SC = [H, L], and → = [(H, H), (L, L), (L, H)] H →H, L → L, L → H, and H cannot-flow L The can-flow relation is directed upward High-low policy -The join operator   H ⊕ H = H, L ⊕ H = H, H ⊕ L = H, L ⊕ L = L.

IntroOH-14 CSE 5810 Healthcare Data Classification - Security Information flow policies formed a Lattice based on Denning’s Assumptions   The set of SC is finite: set of SC must be finite   → is a partial order on SC: reflexive(A → A); transitive(if A → B, B → A, then A → C) – indirect flow of information implies direct flow of information, but not in all cases; antisymmetric(if A → B and B →A, then A = B)   SC has a lower bound with respect to →: L → A if L is a publicly available information  ≠ j  Join operator is totally defined for every pair of SC: information can be combined from any two or more SC and get a label. Ai ⊕ Aj = H for i ≠ j for i = 1…n, it’s also possible to have L → Ai

IntroOH-15 CSE 5810 Healthcare Data Classification - Security Information may flow from all security classes but from High to Low Hasse diagrams for certain information flow policies

IntroOH-16 CSE 5810 Healthcare Data Classification - Security  Lattice – Based Access Control Models Abstraction of concepts: users/subjects and objects Subjects – programs in execution Objects – files/directories, etc. Access Rights of a subject s, to an object : D = [s, o], authorization of s to perform operation on o  Discretionary Access Control Model The owner of the object has complete discretion regarding access to the owned object by other subjects Limitation: no constraint in copying information from one object to another.

IntroOH-17 CSE 5810 Healthcare Data Classification - Security  Bell LaPadula Access Control(BLP) Model Key idea: enforce Discretionary Access Control with Mandatory Access Controls to enforce information flow policies  BLP is expressed in terms of security labels attached to objects/subjects: security classification/clearance Properties of BLP Access Control Model: Simple & Star  s can read o only if λ(s) ≥ λ(o) or λ(o) λ(s)  s can read o only if λ(s) ≥ λ(o) or λ(o) → λ(s)  s can write o only if λ(s) ≤ λ(o) or λ(s) λ(o)  s can write o only if λ(s) ≤ λ(o) or λ(s) → λ(o) A user labeled secret who wishes to write an unclassified object must log in as an unclassified subject. Thus, λ(s) = λ(o) : subjects ‘cannot write up’, but their levels

IntroOH-18 CSE 5810 Healthcare Data Sharing and Exchanging  Ability to share data within and across organizations requires some standards + infrastructures  XML A user driven open standard for exchanging data We focus on:  Health Level Seven(HL-7) V3 Standard Coding technology that is used to interpret data from one system to the other referring to the top level seven of Open System Interconnect(OSI) communication  Standardization enables interoperability of healthcare system

IntroOH-19 CSE 5810 Healthcare Data Sharing and Exchanging Three aspects of interoperability: Three aspects of interoperability:   Technical: Moving data from one system to another   Semantic: Both systems understand the data   Process: Enabling business processes in both systems to work together Adapted from Introduction to HL7 Flash Tour

IntroOH-20 CSE 5810 Healthcare Data Sharing and Exchanging Limitations of standards in systems integration:  Conflicting systems interpretation  Complex nature of ever changing information domain of a healthcare enterprise  Expensive, site specific interface development

IntroOH-21 CSE 5810 Healthcare Data Sharing and Exchanging  Integrating the Healthcare Enterprise(IHE)  A Framework for Information Sharing used for the implementation of standards  It fills the gap between standards and systems integration  It leverages DICOM(Digital Imaging and Communication in Medicine) and HL-7 standards to address specific clinical needs in support of optimal patient care Benefits:  Better communication among systems  Easier implementation  Effective use of information by care providers

IntroOH-22 CSE 5810 Healthcare Data Sharing and Exchanging IHE Process Workflow Adapted from Engaging HIT Stakeholders in a Proven Process

IntroOH-23 CSE 5810 Healthcare Data Sharing and Exchanging  Fast Healthcare Interoperability Resources(FHIR) o o A set of modular components called resources o Exchanging resources between systems through RESTful APIs/messages/documents – HL7 approach o Formats: XML, JSON. Exchange is done using HTTP(Security: SSL/Oauth  FHIR Interoperability Model o o Regardless of paradigms, the contents are same FHIR resources:  Admin(patient, practitioner, organization)  Clinical concept(allergy, family history)  Infrastructure(document, message, profile) Architectural Option :FHIR as an interface engine

IntroOH-24 CSE 5810 Healthcare Data Sharing and Exchanging  Health Record Banks(HRBs)  A mechanism for assuring the availability of comprehensive electronic patient information in communities   Creating a single unified record for each patient in the Public Health Organization(PHO) repository via Health Information Exchange(HIE) efforts Benefits of HRBs in the context of interoperability: o Availability of comprehensive medical information for every individual

IntroOH-25 CSE 5810 Case Study on Healthcare System Interoperability Proposed Solution to Interoperability Problem in the Healthcare Domain: Generic Information Exchange(GIE) System  Provides means for interconnection and interoperation of wide variety of applications.  It necessitates the sharing and exchange of data related to clinical, administrative, research, etc  Implemented on complex healthcare information system to provide foundational services  Based on HL7 for exchange, management and integration of health data to generate EHR  Adopted XML to serve as a messaging syntax © 2014, W. Yasnoff, Uconn Health Center

IntroOH-26 CSE 5810 Case Study on Healthcare System Interoperability  Generate EHR

IntroOH-27 CSE 5810 Case Study on Healthcare System Interoperability  Parsed Stored Data in EHR Exchanging EHR data as an XML document – message generation, transport and receiving processes

IntroOH-28 CSE 5810 Case Study on Healthcare System Interoperability GIE system is implemented to provide access to interoperable EHR Result: The GIE system generates EHR related to a patient that contains his medical, routine examinations and findings. The EHR can be shared among healthcare providers

IntroOH-29 CSE 5810Conclusion  Interoperability can be successful when there is some level of coordination and communication in the exchange of the healthcare information among the healthcare providers with authentication and authorization  HIE effort is to fundamentally make data to be universally accessed, integrated, and understood while also being protected