Is it possible to
have a Federated Governance model for electronic health records within a single
health economy?
#EHR4NI
There are many excellent examples of information sharing when
it comes to digital health records, invariably these are based on well
described information sharing agreements or data access agreements that are
formalised between distinct legally authorised organisations within a defined healthcare
economy. This permits each of the respective organisations to comply fully with
their information governance (IG) obligations, to protect the confidentiality of
people whose information is held, for the purposes of delivering healthcare
services.
Unpacking IG for data and information sharing
The governing authority of each organisation will have set
clear direction in respect of compliance with external legislative and
regulatory rules that protect the information of subjects to whom the
information refers. The organisation will have 1 developed a comprehensive
package of policy, and guidance that translates into 2 actions for process,
behaviour and infrastructure, that together with 3 training and 4 active
monitoring, assure the governing authority that their organisation is compliant
and is not exposed to risk in this area.
Sharing in these instances will often require that part or
parts of the original record being shared are clearly identified and the
responsibility for their creation, integrity, and maintenance resides with the
organisation of origin. The receiving organisation will have a true copy of the
information that resides within the other, however they do not have the same
record management or governance responsibilities as the originator. The
receiving organisation will have its own information governance arrangements in
place that satisfy the requirements of its governing authority but these are
distinct from that of the originating organisation, they are as would be
expected responsible for protecting the copied information within their domain.
In the UK balancing benefits and risks for the sharing
health information in digital environments has been the subject of considerable
debate, the Caldicott
report of 2013 put forward that there is likely more benefit in sharing health
information for the patient good, as against holding it back for IG reasons,
although it was clarified that there is no case for overruling the original
1997 principles . In essence
IG should not be used as a barrier to the sharing of information, and where it
is in the patients interest especially in supporting direct care, organisations
should seek to and encourage appropriate information sharing in line with the
principles set out in the first 1997 review. The issue of dealing
comprehensively with consent in this sphere is complete, however a UK government
decision has held its publication until after the UK’s EU referendum June 2016.
The information
commissioner in the UK is the independent external regulator for the data
protection act, the freedom of information act and privacy and electronic
communications regulations.
There are very good and compelling reasons to share records,
and in providing high quality information for sharing, better decisions for
care can be made more quickly and effectively, so what or how much of a
healthcare record should be available? If everything within a record is shared
within an appropriately secure digital environment does this constitute a
federated governance agreement?
The Nuffield trusts recent offering on delivering the
benefits digital describes a potential landscape that has multiple layers
connected via the electronic health record. The record, how it is created, and
used is in this environment a significant lever to driving through many patient
safety, quality and efficiency gains in the delivery of care within those
organisations whose governing authority embrace wholeheartedly the profound changes
required to transform its services and care using models that are
systematically integrated, high quality, safe, and patient focused.
Plans for the Federation of eHealth governance arrangements
among multiple organisations have been described by both New
South Wales in Australia and by Ontario
in Canada, in each the enhanced sharing of records is mediated within what each
describe as federated
governance arrangements. The sharing takes place via an exchange hub in
that the original record remains within the originating provider organisation. The
hub shares securely information between multiple authorised provider
organisations aiming to provide as complete as possible access to relevant
information for the delivery of care. These arrangements rely significantly on
the interoperability at a data messaging and technical level of the
applications or platform that is used to manage the record. The intention is to
deliver to the exchange meaningful content that can be sent and consumed by different
electronic record applications or platforms. It is this question of semantic interoperability
that often creates a very significant barrier to the sharing of records, it
should be clear that this issue is distinct and different from information
governance.
There is currently a proposal within the healthcare economy
of Northern Ireland to put in place a single electronic record system from one
supplier that will be used by multiple care providing organisations, while this
will clearly skip completely the technical question of interoperability it is
potentially a proposition without precedent. Such an arrangement of holding a
record in common centrally to be shared with multiple care providing
organisations is very different from anything previously attempted or described
within a healthcare economy, the closest description that potentially matches
is that of the IT arrangements proposed for Washington state
in the US. This is a proposal for a shared services model, it is not about
record sharing per say but does start to describe the complexity of
distributing the rights and responsibilities that begin to come into play with
multiplying the stakeholders required to protect data quality, IT governance,
and significant changes in policy, guidance, infrastructure, and resource
distribution for the support of training in line with accountability.
The normal arrangements for information sharing will need to
be visited and carefully explored. The governing authorities for the provider
organisations will not carry the same responsibilities for a central record
that they currently hold for healthcare records within their corporate domain. Many
of the organisational benefits cited by the Nuffield trust, such as business
process support, e-rostering and patient flow management are directly dependent
on quality information within the electronic record system, for the most part
these data sets are generated as secondary outputs of care transactions,
processes, and consumption between the clinical teams and patients.
If the governance of data, information technology, and
information itself lie largely outside of the corporate domain of the discrete
organisations, this likely would require a significant shift in the
accountability for policy and guidance provision. It would probably be
necessary to move these from the domain of the provider organisations to the
centre, resulting in potentially much more complexity regarding accountability
and resource distribution arrangements. Further the independence of the Trust
boards would be extremely difficult to assure as they would be fully reliant on
primary information sources outside of their corporate domain. The risk profile
for the whole system would change considerably.
Ultimately the considerable benefit gains of introducing a
single instance of an electronic health record that is complete, linear, well
designed and well understood should balance in the patient’s favour. It may
well be a difficult task but it can and should be done.
Also see:
http://answersingenes.blogspot.co.uk/2016/03/a-single-health-record-for-northern.html
https://www.igt.hscic.gov.uk/Resources/Data%20Controllers%20for%20shared%20records%20.
https://www.bma.org.uk/advice/employment/ethics/confidentiality-and-health-records-tool-kit/principles-for-sharing-local-electronic-patient-records-for-direct-patient-care