Model-based design and implementation of secure, interoperable EHR systems.

Model-Based Design and Implementation of Secure, Interoperable EHR Systems Bernd Blobel1, George Stassinopoulos2, Peter Pharow1 1 University of Magdeburg, Institute of Biometry and Medical Informatics, Magdeburg, Germany, 2 National Technical University of Athens, Zografou, Athens, Greece, ABSTRACT For designing and implementing secure, interoperable, portable, and future-proof EHR systems, a comprehensive and standardized methodology supported by appropriate tools has to be established and applied. Based on the component paradigm, the ISO Reference Model – Open Distributed Processing has been used to describe the different views on information systems deploying the appropriate vocabulary for each single model view. The concepts considered rank from legal, organizational, and functional up to technical aspects of systems. The harmonization of vocabularies can be performed by meta-languages. The approach has been demonstrated for the modelbased design, implementation and maintenance of a clinical study distributed over the Internet. INTRODUCTION For establishing efficient and high quality care for patients, health networks with an electronic health record (EHR) as core application must be designed for enabling trustworthy interoperability between different healthcare establishments (HCE) directly and indirectly involved in patient’s care. This interoperability has to be provided at knowledge level meeting legal, ethical, and organizational requirements in a flexible and portable way including multimedia and mobile devices. In that context, methods and tools have to be established to enable formalization and structuring of components needed as well as to realize their management. ISO REFERENCE MODEL – OPEN DISTRIBUTED PROCESSING Information systems have been designed, developed and implemented for the purpose of supporting special business objectives and goals. Therefore, that information must be defined which is needed in the business model’s context. This information has to be aggregated and processed in a proper way and must be implemented at a specific platform. To compare the architectural, functional, methodological, and technological framework of information systems, the ISO Reference Model – Open Distributed Processing (RM-ODP) can be used1. This reference model defines possible views on systems such as Enterprise View, Information View, Computational View, Engineering View, and Technology View. THE GENERIC COMPONENT PARADIGM FOR FUTURE-PROOF HEALTH INFORMATION SYSTEMS ARCHITECTURE Regarding future-proof health information systems and health networks in general, we have to look for concepts in structure and function expressing domain knowledge, but also for concepts of security, safety, and quality. Additionally, systems and their components have to be considered within their contextual frameworks regarding legal, organizational, functional, and other aspects. Considering security issues, the concepts of communication security can be distinguished from application security. Quality and safety are related to the latter one. Within a concept, different levels of granularity and abstraction can be defined forming a layered model of services, mechanisms, algorithms, and data2. According to the generic component model3, all views, information content, functionality, implementation environment, and underlying technology but also the proper level of granularity might be modeled in a consistent way. In this way the services and the complexity of the running application component can be defined according to the application environment and the user needs. Services concern entry, processing, and presentation of data but also the enforcement of underlying policy for communication and cooperation. The generic component model enables claims change management (viewpoint of the system) and the resolution of the component’s complexity by the transition to less complex sub-components as shown in figure 1. Each specific model in the abstraction-granularity space reflects one specific archetype. A theoretical consideration on consistency of state transitions within the generic model has been provided3. AMIA 2003 Symposium Proceedings − Page 96 Technology View Engineering View Computational View Information View Enterprise View Abstraction (Component View) Concepts +Employee Person name : String 0..* Relations Network Details +Patient +HCProvider 1..* 1..* +Employer HCE hceName : S tring legalForm : Enum (P, S, T) Careplan careplanNo : Integer Granularity (Component Decomposition) Aggregations 1..* 0..* Student matrikelNo : String Figure 1. State Transitions within the AbstractionGranularity Matrix of Component Systems The description of the components is established in UML models constraint on the different views of the RM – ODP1. According to the business needs expressed in business and workflow models and submodels, the information required including the computational aspects of its package structure is modeled using class diagrams, sequence diagrams, activity diagrams, package diagrams etc. Describing the engineering aspects of platform-specific models, the protocols finally represent the technology aspects. For running systems, all views in their relation have to be considered which requires the harmonization of the different vocabularies used for modeling. This has been performed using meta-languages defined by the XML (Extensible Markup Language) standard set4. Related to granularity and technology viewpoint, mobile computing has to meet special requirements which are easily enabled by this dynamic selective approach of the proper state of a complex system. In that context, negotiation and enforcement between concepts have to be performed, consistency and process relationship (the latter supported by the ISO General Relationship Model5) have to be ensured. Algorithm and tools to enable such services have been developed and will be further improved. To transform graphical vocabularies into XML specifications, XML Metadata Interchange (XMI) has been applied6. Figure 2 shows an example for transferring an UML class diagram into an XML Data Type Definition (DTD)4. Meanwhile, XML Schemata increasingly replace DTD7. The approach corresponds to OMG’s Model Driven Architecture (MDA)8. Beside UML and XML tools for specifying the platform-independent models, special tools have been developed within the HARP project to specify platform-specific models and to implement them in a Java-based Web application. <!ELEMENT Exp ((Person | Student | HCE | CarePlan)*) > <!ELEMENT Person.name (#PCDATA)> <!ELEMENT Person.HCProvider (HCE)* > <!ELEMENT Person.Employer (HCE)* > <!ELEMENT Person (Person.name?, Person.HCProvider*, Person.Employer*)? > <!ELEMENT HCE.hcename (#PCDATA) > <!ELEMENT HCE.legalForm EMPTY> <!ATTLIST HCE.legalForm xmi.value (P | S | T) #REQUIRED> <!ELEMENT HCE.Patient (Person | Student)* > <!ELEMENT HCE.Employee (Person | Student)* > <!ELEMENT HCE (H (...truncated)