Federated Governance

Is it possible to have a Federated Governance model for electronic health records within a single health economy?

#EHR4NI

There are many excellent examples of information sharing when it comes to digital health records, invariably these are based on well described information sharing agreements or data access agreements that are formalised between distinct legally authorised organisations within a defined healthcare economy. This permits each of the respective organisations to comply fully with their information governance (IG) obligations, to protect the confidentiality of people whose information is held, for the purposes of delivering healthcare services.

Unpacking IG for data and information sharing

The governing authority of each organisation will have set clear direction in respect of compliance with external legislative and regulatory rules that protect the information of subjects to whom the information refers. The organisation will have 1 developed a comprehensive package of policy, and guidance that translates into 2 actions for process, behaviour and infrastructure, that together with 3 training and 4 active monitoring, assure the governing authority that their organisation is compliant and is not exposed to risk in this area.

Sharing in these instances will often require that part or parts of the original record being shared are clearly identified and the responsibility for their creation, integrity, and maintenance resides with the organisation of origin. The receiving organisation will have a true copy of the information that resides within the other, however they do not have the same record management or governance responsibilities as the originator. The receiving organisation will have its own information governance arrangements in place that satisfy the requirements of its governing authority but these are distinct from that of the originating organisation, they are as would be expected responsible for protecting the copied information within their domain.

In the UK balancing benefits and risks for the sharing health information in digital environments has been the subject of considerable debate, the Caldicott report of 2013 put forward that there is likely more benefit in sharing health information for the patient good, as against holding it back for IG reasons, although it was clarified that there is no case for overruling the original 1997 principles  . In essence IG should not be used as a barrier to the sharing of information, and where it is in the patients interest especially in supporting direct care, organisations should seek to and encourage appropriate information sharing in line with the principles set out in the first 1997 review. The issue of dealing comprehensively with consent in this sphere is complete, however a UK government decision has held its publication until after the UK’s EU referendum June 2016.

The information commissioner in the UK is the independent external regulator for the data protection act, the freedom of information act and privacy and electronic communications regulations.

There are very good and compelling reasons to share records, and in providing high quality information for sharing, better decisions for care can be made more quickly and effectively, so what or how much of a healthcare record should be available? If everything within a record is shared within an appropriately secure digital environment does this constitute a federated governance agreement?

The Nuffield trusts recent offering on delivering the benefits digital describes a potential landscape that has multiple layers connected via the electronic health record. The record, how it is created, and used is in this environment a significant lever to driving through many patient safety, quality and efficiency gains in the delivery of care within those organisations whose governing authority embrace wholeheartedly the profound changes required to transform its services and care using models that are systematically integrated, high quality, safe, and patient focused. 

Plans for the Federation of eHealth governance arrangements among multiple organisations have been described by both New South Wales in Australia and by Ontario in Canada, in each the enhanced sharing of records is mediated within what each describe as federated governance arrangements. The sharing takes place via an exchange hub in that the original record remains within the originating provider organisation. The hub shares securely information between multiple authorised provider organisations aiming to provide as complete as possible access to relevant information for the delivery of care. These arrangements rely significantly on the interoperability at a data messaging and technical level of the applications or platform that is used to manage the record. The intention is to deliver to the exchange meaningful content that can be sent and consumed by different electronic record applications or platforms. It is this question of semantic interoperability that often creates a very significant barrier to the sharing of records, it should be clear that this issue is distinct and different from information governance.

There is currently a proposal within the healthcare economy of Northern Ireland to put in place a single electronic record system from one supplier that will be used by multiple care providing organisations, while this will clearly skip completely the technical question of interoperability it is potentially a proposition without precedent. Such an arrangement of holding a record in common centrally to be shared with multiple care providing organisations is very different from anything previously attempted or described within a healthcare economy, the closest description that potentially matches is that of the IT arrangements proposed for Washington state in the US. This is a proposal for a shared services model, it is not about record sharing per say but does start to describe the complexity of distributing the rights and responsibilities that begin to come into play with multiplying the stakeholders required to protect data quality, IT governance, and significant changes in policy, guidance, infrastructure, and resource distribution for the support of training in line with accountability.

 

The normal arrangements for information sharing will need to be visited and carefully explored. The governing authorities for the provider organisations will not carry the same responsibilities for a central record that they currently hold for healthcare records within their corporate domain. Many of the organisational benefits cited by the Nuffield trust, such as business process support, e-rostering and patient flow management are directly dependent on quality information within the electronic record system, for the most part these data sets are generated as secondary outputs of care transactions, processes, and consumption between the clinical teams and patients.

If the governance of data, information technology, and information itself lie largely outside of the corporate domain of the discrete organisations, this likely would require a significant shift in the accountability for policy and guidance provision. It would probably be necessary to move these from the domain of the provider organisations to the centre, resulting in potentially much more complexity regarding accountability and resource distribution arrangements. Further the independence of the Trust boards would be extremely difficult to assure as they would be fully reliant on primary information sources outside of their corporate domain. The risk profile for the whole system would change considerably.

Ultimately the considerable benefit gains of introducing a single instance of an electronic health record that is complete, linear, well designed and well understood should balance in the patient’s favour. It may well be a difficult task but it can and should be done.

Also see:
http://answersingenes.blogspot.co.uk/2016/03/a-single-health-record-for-northern.html
https://www.igt.hscic.gov.uk/Resources/Data%20Controllers%20for%20shared%20records%20.
https://www.bma.org.uk/advice/employment/ethics/confidentiality-and-health-records-tool-kit/principles-for-sharing-local-electronic-patient-records-for-direct-patient-care

The Information Model

An information model is used in software engineering as a high level representation of concepts, relationships, constraints, rules and operations to specify data semantics for a chosen domain of discourse. It isn’t actually a something but it provides a framework for organising data content, actions and processes that can be used to proof or test the theory of what is being asked for in real-world scenarios. The Information model will sit over data models.

In healthcare it is crucial that the model is informed by those who are delivering the care processes, the clinical context for this is of upmost importance, and without informed clinical input the outputs will likely not be useful understandable or productive.

Many of the advantages that begin to become possible from working in a digital environment require a fresh approach to thinking about how our models and processes for delivering care relate to how our clinical information is managed, processed, retrieved, stored and analysed. The information model is a key link between the real-world of clinical encounters and the ability of technology to provide significant additional benefit is the ability to conceptually link these domains. Having a well understood and tested information model brings the world of the computer chip to that of care delivery so that the productivity expected in theory is delivered in a way that avoids unintended consequences that arise from the misconceptions and misunderstandings between the two distinct operational realities.

 

The information model allows for multiple concepts, relationships, constraints, and rules to be communicated and expressed in a way that is amenable to computer processing, it is through this lens that the ability for using a sophisticated clinical terminology and coding system links to daily care activity. Here also the necessity to have logical and standardised document structures and data definitions reduces ambiguity and prevents the computer from making “mistakes”. The requirement for clarity, high quality data, standardisation of process, and logic all start to make sense in the world of technology, here also the expectations of what can be achieved and what is delivered can be challenged and an intuitive design of meaningful workflow can be generated.

The information model as a concept is a crucial linchpin in being able to specify, operationally deploy and maintain technology based systems that will deliver clinical expectations. It is also a foundational element in obtaining high quality data from normal standardised workflow that is minimally invasive to care processes, but is fundamental to knowledge supports and information analysis in reporting outcomes, ultimately improving safety and performance to agreed care outcomes.

Good Governance for technology supported healthcare

Governance is tricky no doubt about it.

This is my attempt to begin to think it through

Governance concerns are one of those things that you often start to hear be voiced when folk are unsure of whether or not a new way of doing things should be adopted. This is especially true when dealing with highly complex systems such as healthcare and in many ways I appreciate the cautious approach, as complexity is a very close friend of the law of unintended consequences.

A large part of the answer needed to address the governance concerns should include consideration of the type of governance that needs to be addressed, and time to think it though in a constructive collaborative environment. A framework to consider definitions, scope, and hierarchies may also be extremely helpful as a means of providing re-assurance that guard against unintended consequences.  The result should make available a transparent explicit summary of the mandates, responsibilities and accountability that will provide clarity whilst underpinning good governance.

In healthcare systems there are 3 main domains to consider: Corporate, Clinical and Information Governances they distinct but markedly interdependent. Additionally when technology based tools and applications are to be applied in service delivery Corporate Governance will direct IT governance and Data governance as separate discreet sub-domains. Each different domain has specific subject matter experts whose professional disciplinary background maps directly to the relevant domain.

Definitions

Corporate Governance: Procedures and processes according to which an organisation is directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organisation – such as the board, managers, shareholders and other stakeholders – and lays down the rules and procedures for decision-making. (OECD 2005)

Information Technology Governance specifies the decision rights and accountability framework to encourage desirable behaviour using IT (Weill&Ross 2004)

Data Governance is the processes and controls within an organisation that ensure that data is of high quality. (OECD2015)

Clinical Governance is a framework through which NHS organisations are accountable for continually improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish. (NHS ClinGov Supp Team)

Information Governance is the activities and technologies that organisations employ to maximise the value of their information while minimising associated risk and costs (IGI2014)

Clearly good governance permits permission and rule setting that is critical in providing for order and clarity that describe the lines of accountability within an organisation. Rules come in many guises, such as policies, guidance, and standards all orientated to meet the business aims and objectives of the organisation. Within healthcare the rules will apply to a multiplicity of processes, and procedures and may be generated internally in response to the business operating environment and resource constraints. There are however many rules that are external to an organisation but must be adopted to meet legal and regulatory requirements.  These rules must be adopted, and implemented within the most appropriate part of an organisations structure, in a way that is capable of providing appropriate evidence of compliance with that external requirement.

When it comes to new ways of doing things conflicting or potentially conflicting with external regulation these are often the most difficult areas to work through, ownership of the policies and guidance that satisfy the legal or regulatory requirements will often sit outside of the remit, expertise or awareness of those wishing to make the process or procedure change. It is not within the gift of the organisation no matter how big or powerful to deviate from the legal or regulatory requirements for compliance.

Sharing technology solutions or services between distinct legal organisational entities brings with it additional complexity in addressing individual positional accountabilities and evidence of compliance in considering the 3 domains of governance. The potential for a federated model of governance probably presents the best attempt to develop solutions that address this. (More on this later)

I believe that it is completely possible to get the right balance with sensible workable solutions in relation to these difficulties. However it must be recognised that the appropriate subject matters experts within the respective governance domains need time together, they need conceptual models that can be stretched and strained to develop and maintain transparent frameworks that provide assurance that compliance is deliverable.

An overview of the possible

A Personal summary vision for what an 

Electronic Health Record might do for us!

Reducing the complexity of health and wellbeing to something that you can understand, in a new way that provides everybody with a better appreciation of what is going on, how things get done and where they happen.

·       Patient Centred Model of Care

·       Patient held digital record

·       Care Delivery that is Mobile, Agile, as close to home as possible

·       Prioritisation of Patient Outcomes and Experience

·       Patients facilitated to manage their own self-care in an integrated supported network

 

 

We intend to design and introduce a multifunctional tool that will and collect provide health and social care information so that better and faster decisions about how, where and why care is delivered can be made by both patients clients and their carers as well as care professionals.

·       Better information, better decisions, better outcomes, excellent experience

·       Single platform for all, with appropriate user based access

·       Access to fit for purpose devices, linked to fast networks, with suite of clinical and care application solutions, robust data management, secure storage.

This tool will use information and computers to do more than one thing at a time, in newly designed ways that are safer and more complete than in the past, saving you time, and giving the people on clinical and care teams more time to talk with you and to better explain what is happening. New smarter ways of working will be constantly compared to the best results worldwide and will be kept up to date no matter which part of Northern Ireland you life in.

·       Support standardised, care professional designed intuitive pathways with computerised supported workflow that is automated, measured and reported.

·       Allow information to be entered at the point of care once and only once, reducing duplication.

·       Ensure clinical analytics supports frontline service delivery

·       Actively drive care decision support and evidence based practice as this will be built into and actively manage integrated pathways of care

·       Real-time clinical and care analytics and dashboards

·       Productive well informed and well supported workforce

   

We want people to come first, every time, smarter ways of doing things will let us do more, and at the same time allow us to show more clearly what we do, how well we do it and importantly to ask you how you think we are doing.

 

Electronic Health Records have significant dependencies these include:

Governance: Corporate, Information, Clinical, Information Technology, & Data

Information Modelling, Data Modelling

IT Infrastrucutre

Standardisation: Business Processes, Clinical Processes, Technical, 

Clinical Informatics

Knowledge management

Posts to follow (hopefully)