Abstract
There exists a multitude of standards with regards to health information systems (HIS) and the electronic exchange of commercial transactions containing private data that must be used amongst various service providers to adequately perform their duties to patients. The evolution of health information systems has been guided by business interests as well as from government legislation creating a somewhat fragmented system with many marginally compatible components exchanging patient sensitive information electronically. The many standards in use today include: HIPAA, EDI, HL-7, DICOM, IEEE 11073, ICD-9, and CPT. In this chapter, we discuss various healthcare standards listed above and their history briefly.
Access provided by Autonomous University of Puebla. Download chapter PDF
Similar content being viewed by others
Keywords
- Cloud Computing
- Personal Health Record
- Health Information Exchange
- Protect Health Information
- Healthcare Industry
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Introduction
A key to gaining knowledge in a system such as the healthcare industry is the ability to correctly interpret information that is received through processing of precise and accurate data collected within a standardized guideline for conformity amongst multiple coordinating agencies to develop the most comprehensive information system with effective and efficient outcomes for the state of a patients’ well-being. The knowledge of standards allows the healthcare industry to deliver its services in an effective and efficient manner. The core of a Health Information System (HIS) is the flow/exchange of complete, timely, and accurate data within a healthcare delivery organization as well as among various healthcare delivery systems. This allows the creation of a fully integrated information infrastructure to service patients and maximizes the outcome of delivered healthcare [1].
The healthcare system is much dispersed in nature. There are public and private entities in existence for delivery of complete healthcare. These entities exchange information among themselves (between public to public, private to private, private to public or public to private) in order to render healthcare services to the individual and society at large. Such coexistence has led to fragmentation. The result of this fragmentation has caused severe challenges for evolving standards for healthcare industry. For instance, the private hospital may interact with a private lab for getting medical condition testing while they seek the reimbursement for their services from government organizations such as Medicaid or a Medicare or from a private health insurance companies such as Humana healthcare.
All of these interactions such as patient medical data, billing information among others, must be kept private and secured at all time in order to respect the patient privacy. All these requirements have posed challenges for adoption and integration of technology in healthcare domain. The exponential growth of information and information exchange capabilities creates an increasingly arduous task of providing interoperability and integration between heterogeneous healthcare information systems while maintaining data security.
There is a legislative push in the healthcare industry to move towards interoperability of health and medical information [2]. Better health outcomes and reduced healthcare cost are the driving factors for this push to adopt interoperability. Such interoperability is impossible to achieve until all health information systems adopt electronic standards (moving away from paper) for data generation. This effort has led to vast amount of health and medical data generation. As a result of this various organization and workgroups had been formed which are aimed to conduct research and provide solutions to help alleviate the information overload of the healthcare system. These organizations are seen as the leaders and advisory group for leading the path for healthcare industry. Institute of Medicine (IOM) and the Workgroup for Electronic Data Interchange are two examples for such organizations.
IOM was established in 1970 servers as a branch of the National Academy of Sciences. A report released by IOM in 1991 stated the need for a computer-based patient record defining it as an electronic patient record. As per the report the electronic patient record was to be used within a healthcare specific framework for allowing patients, physicians, insurance companies, healthcare facilities, and any other necessary institutions or agencies with timely access to complete unaltered data accurately through a secure network [3]. WEDI was established in November of 1991 comprising of volunteer representatives from the public and private healthcare industries [4]. The main objective of WEDI was to gain insight and perspective into the issue of Electronic Data Interchange (EDI), reduce administrative costs, and streamline healthcare administration. The 1993 WEDI report presented a vision for the future healthcare industry which is equipped with a system that is fully interoperable, providing a secure electronic health information technology infrastructure and operating under a universal standard used for all business transactions. In the report WEDI defined a strict federal role in EDI where, federal government is solely responsible for the definition of the mechanisms to be used in EDI. These reports helped to fuel the formation of legislation to guide implementation of electronic information in healthcare standards [5].
In 1994 the Health Security Act was debated on the senate floor for the first time and that law developed into the Health Insurance Portability and Accountability Act of 1996 (HIPAA) signed into law August 1996 [4]. This was a milestone for the healthcare industry as it was the first major legislation on healthcare information standards in the United States.
Standards
HIPAA created a baseline for conformity standards amongst the healthcare industry providers applying holistically to all agencies from the federal level on to the state level and further down to the individual Physician. HIPAA states its purpose is “to improve...the efficiency and effectiveness of the healthcare system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information” [6]. HIPAA legislation outlined general requirements, definitions, and security standards for the healthcare industry.
HIPAA created many laws governing the adoption of standards and regulations concerning the technical capabilities of EDI systems especially concerning the security and privacy of an individual patient’s record. HIPAA was the basic legislation defining Individual Identifiable Health Information (IHII). This definition gives rise to Protected Health Information (PHI). PHI is an important part of an Electronic Medical Record (EMR) or an Electronic Health Record (EHR) that is available to various healthcare organizations for facilitating the effective and efficient delivery of healthcare services to patients [6].
HIPAA helped to push the healthcare industry towards implementing holistic HIS standards. However the lack of further legislation to enforce these standards left the industry fragmented and incomplete. In 2009 the American Recovery and Reinvestment Act (ARRA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) were passed [7]. HIPAA and ARRA HITECH provide legislation to regulate the privacy and security of personal health information with great emphasis on protecting the rights of patients [6, 8]. These laws help to further define the regulations concerning Electronic Protected Health Information (e-PHI), and IIHI and their implications to the implementation of EHR systems conforming to specified security requirements [8]. These laws do not specify the exact implementations of HIS standard protocols. As a result many electronic communication protocols have been developed. The most widely accepted international electronic communication standard issuing protocols is Health Level Seven International (HL-7).
HL-7 has standards adopted by several organizations such as the U.S. Department of Health and Human Services. The American National Standards Institute (ANSI) has adopted standards under their clinical and administrative domain standards [9]. The International Organization for Standardization (ISO) has several standards such as data exchange standards, EHR standards, health informatics standards, and electronic business extensible markup language (ebXML) standards using HL-7 [10].
HL-7 provides a broad set of standards creating domain specific protocols to achieve interoperability among healthcare service providers. Two specific standards are the clinical document architecture (CDA), and the Continuity of Care Document (CCD). These systems target healthcare providers, healthcare information technology vendors, EHR and PHR systems. One other major HL-7 standard is the Clinical Context Object Workgroup (CCOW). CCOW is a system developed to allow hospital and healthcare facilities utilizing more than one information system to streamline data interchange providing a foundation for meeting HIPAA and ARRA HITECH requirements [9].
HL-7 Reference Information Model (RIM) is the basis for deriving working ebXML message documents to be used in standardized information exchange protocols such as Transmission Control Protocol/Internet protocol (TCP/IP). RIM is a pictorial object model representing data domains and the life-cycle of a message or a group of messages [9, 11, 12]. HL-7 provides some specific codified language protocols that are widely accepted and used globally by many health care organizations. Further a highly specified standard for medical imaging has been developed.
The National Electrical Manufacturers Association (NEMA) and the American College of Radiology teamed up to form a committee to develop standards for capturing, storing, and viewing radiological images. The result is the digital imaging and communication in medicine (DICOM) non-proprietary data exchange protocol [13, 14]. This standard has been accepted and put into use as an international interchange for digitized medical imaging.
Medical imaging involves tremendously complex computer based processing techniques to obtain high resolution 3-dimensional images. These digital images are large data files that need to be stored, retrieved and processed rapidly. This has led to the evolution of a standard Picture Archiving and Communication System (PACS). Almost all PACS utilize the DICOM standard [15]. DICOM and PACS are well designed to allow the interoperability of all medical imaging. Other medical equipment and devices have such defined information protocols as outlined in the Institute of Electrical and Electronic Engineers (IEEE) standards.
IEEE has provided the standards of Medical Device Communication ISO/IEEE 11073 [10]. One standard is IEEE 11073-20601 which defines precise secure information transfer protocols for a manager/agent communication system. In this context ISO/IEEE, 11073 defines the implementation of communication standards to be used between agents such as a blood pressure monitors and other medical data collection equipment and managers such as smart phones or personal computers responsible for collecting, displaying, and re-transmitting the collected data [16].
As discussed there are numerous standards regarding privacy, security, electronic use of data, and electronic communication in healthcare. There are also standards that healthcare providers must follow when billing and insurance providers. This is a major part of the medical information infrastructure as this is how a healthcare provider will ultimately be able to receive compensation for rendered services.
The American Medical Association (AMA) provides the official Current Procedural Terminology codes for medical billing [17]. CPT codes are set for specific procedures and diagnostics with a reimbursement value assigned to them declaring how much compensation will be received by the healthcare provider thereby creating a schedule of fees. CPT codes are contained in an EMR which must get transmitted to an insurance provider in a secured and efficient manner. Determining which CPT code to use is a critical decision that must be made by the healthcare provider requiring the provider to have timely, accurate, and complete data when making a diagnosis and codifying procedures. Errors in this process can result in future misdiagnosis by healthcare providers and cause a negative economic impact [18]. Correct diagnosis of a condition or disease is the first step in identifying the proper CPT code so disease classification becomes a key factor in making a diagnosis. A worldwide standard exists for the classification of diseases.
Standards encompassing worldwide disease classification are set by the World Health Organization (WHO) and known as the International Classification of Diseases, Ninth Revision (ICD-9) [19]. This classification is used to collect, process, classify, and house mortality statistics. A related classification the International Classification of Diseases, Clinical Modification (ICD-9-CM) exists. ICD-9-CM is the official classification system of codifying diagnosis and procedures associated with the utilization of hospitals in the US [20].
All of the standards and regulations reviewed in this paper are for the content of health information. Implementations of systems that operate using the content of healthcare information exist as tools and frameworks for data processing. The frameworks developed must conform to the healthcare standards and regulations, utilizing tools that provide interoperability and timely access to accurate and complete data.
Tools, Methodologies, and Frameworks
Developing a healthcare product that is robust and provides effective and efficient processing of information is a complex process. It requires implementing healthcare standards and regulations and knowledge of many heterogeneous subsystems. An EMR is a primary information source for patient records and data providing the initial contact information for patients in a healthcare environment. There are several EMR solutions present today. The new generation of EMR solutions provide interface with mobile device such as a tablet for easy access to a patient data. Further the EMR solutions of current generation have becomes more specialized in providing disease specific solutions. For instance an EMR can be designed to provide the data management for a specific speciality such as Cardiology or Dermatology. While the other EMR are also designed to provide a template based solutions. These templates are customizable in nature for providing a better layout of information exposure which is customized for a specific speciality. All the EMRs are required to be certified by National Institution of Standards and Technology (NIST) for Meaningful User One (MU-1) certification. The MU-1 certification dictates on the minimum interfaces and information capture for an EMR system.
On the other hand there are simple EMR solutions. One such open source EMR solution is OpenEMR [21]. OpenEMR is a small open source software tool for mainly research and development efforts. The software provides its usage in medical practice management. OpenEMR allows the integration of patient health records with electronic billing data, insurance data, and scheduling. The software also incorporates administrative functions for the EMR such as a backend billing function to insurance companies and clearinghouses. Report generation is also incorporated into OpenEMR as well placing orders for laboratory tests and procedures [22]. In the end the software is well developed to provide a good model for understanding the EMR system functionality and allowing new research method to be developed based on the existing solution. One concern for the development of frameworks and tools is conformity to legislation based regulations on healthcare information.
Implementing cloud computing architecture into healthcare information systems is one methodology being adopted at a fast pace. This requires special concern for data security as information is traveling to and from a data storage facility over a data network. The Implementation of cloud computing brings forth the possibility for patients to have access to and control over their Personal Health Record (PHR) as long as the information is kept secure through privacy protection mechanisms [23].
The PHR mainly contain the patient specific information such as learning resource specific to a disease or medicine, results of lab, medication lists, patient past medical history, and appointment schedule among others. Now PHR have advanced to provide a web-based interface where the data may reside on a cloud which is either accessible through a computer connected through internet or even a mobile device [24]. PHRs have been mandated by HIPAA and HITECH to ensure the data availability for patient usage and learning resources [6, 8]. One methodology in providing accountability requires authentication of a digital signature for any access to a PHR through a data repository. This ensures that data repositories are maintained and monitored [24]. Ensuring data security is paramount in PHR requiring strict transmission protocol.
The National Health Information Network (NHIN) is being developed to provide a robust health information infrastructure needed to support cloud computing technologies and user control of their PHR [25]. The NHIN framework addresses the connectivity issue between healthcare providers and health information exchange (HIE). The NHIN is essentially a “Network of Networks” [25].
Core capabilities of these HIE networks include the ability to access and exchange health information in a secure manner giving users control over information exchange preferences. In accomplishing this goal, NHIN has developed two sub components: (1) NHIN CONNECT which services large organizations and (2) NHIN Direct which targets at smaller physician practices. These two systems are tailored to the specific health information network architectures of large organizations such as HIE systems versus smaller information networks in a practicing physician’s office [24]. NHIN Direct poses a specific challenge for providing data security knowledge to users of PHR systems. Techniques and methods for enhancing data security exist in encryption methods and protocols.
Having a robust health information infrastructure in today’s personal communication market includes the ability of users to be able to securely access a PHR system from mobile devices outside of trusted domains of healthcare facility networks. Preventing unauthorized access to data is a major concern with cloud computing. Another major issue is exposing the data to other network during the data transmission such as over the wireless network. One method used to address the issue of data privacy and security in cloud computing is attribute-based encryption (ABE) [26].
ABE has provided a proof-of-concept for secure mobile encryption of health data [27]. Within the framework patient-centric EHR systems and cloud computing, ABE allows for the encrypted storage of personal health data in the cloud with access to that information being directly controlled by the patient. The key to this system is the ability of a patient to encrypt data under healthcare provider attributes so that deciphering the information can only be accomplished by a healthcare provider with those attributes such as (provider attribute: Dr. Jones and identification attribute: 12345). In this method metadata associated with patients files is also hidden so that repositories cannot identify any particular file thereby, a user insuring the privacy of data is protected [26].
HL-7 encoding also allows the information encryption and therefore data security. HL-7 encoding is complex ebXML code format used to transmit health information messages between health care facilities [9]. One framework for DICOM and HL-7 implementation is Mirth Connect. Mirth Connect addresses the interoperability problem with disparate healthcare information systems providing integration in information exchange. Mirth Connect is a standards-based integration engine for healthcare information systems making use of communication messaging interfaces or channels to send and receive data [28]. These channels carry data in many formats including standardized medical information formats such as HL-7. Mirth Connect is open source platform coded using the JAVA programming language [29].
DICOM is the specialized coding format for radiological images [13]. Mirth Connect helps to solve the interoperability problem translating messages to and from coded formats for display and manipulation. The open source environment of Mirth Connect allows for individual tailoring of data acquisition, data storage, and data presentation to the needs of an individual health care facility. This ability to select plug-ins and modules for a specific interest gives Mirth Connect the power to create efficient and effective solutions to HIE for healthcare organizations. One module focusing on HIE security and individual entity identification is Mirth Match [29].
Mirth Match is a solution cross referencing patient data files between providers that creates a master patient index used by providers. This is especially important when implementing HIE’s. Using a cross referencing index for matching patient records is vital in providing interoperability in a HIS. Mirth Connect is powerful framework for using DICOM objects.
Mobile diagnostic devices are becoming available as technology goes into the mobile domain. With the strict privacy guidelines needed for data security this is a challenging process. A diagnostic mobile ultrasound system research framework has been developed that includes DICOM capabilities accessed with cloud connectivity. Implementing DICOM compliant encryption in the cloud is accomplished by the development of the DICOM Mobile software development kit (SDK) [30]. The SDK includes a DICOM conversion module and a DICOM communication module to further divide the task of converting raw image files to DICOM standards and transmitting DICOM images to the cloud storage facility or to a PACS. This SDK interacts with m-Health applications and provides an intermediate transport protocol for data transfer to a cloud DICOM server or to a PACS. The application is Windows based utilizing Azure server software for the cloud connectivity portion and utilizing mobileUS open source software for the data acquisition from the mobile ultrasound equipment [31]. This application for mobile imaging diagnostics gives the implementation of a working prototype for such a system. Another domain for timely research requiring adherence to healthcare standards is cardiac monitoring.
Telemonitoring of Cardiovascular Implantable Electronic Devices (CIED) can be an extremely powerful tool indicating the onset of cardiac arrest or other heart conditions. With the timely monitoring of data received from such devices, the quality of life for patients can be improved. The iCARDEA project delivers CIED data form CIED vendors to adaptive care planners to make informed decisions concerning the well-being of patients. The iCADREA project uses protocols outlined in IEEE 11073 (Health Informatics, Point-of-care Medical Device Communication) and HL-7v2 in the implementation of telemonitoring. Even with communication standards this research cites a problem with development in that there are many CIED vendors with a variety of operational protocols.
Conclusion
Healthcare standards have evolved slowly along with the development of technology to provide medical knowledge through electronic medical systems. These standards have been regulated through legislation that does not fully address the interoperability and security issues associated with electronically collecting, storing, and transmitting personal health information. Disparate business interests developing medical equipment devices and technologies have further compounded the problem of interoperability. Implementing the standards that are in place is a challenging process, but with improved interoperability comes the benefit of greater efficiency and effectiveness in providing healthcare services leading to maximization of positive results in patient driven healthcare.
References
R.S. Dick, E.B. Steen, D.E. Detmer, “The Computer-Based Patient Record: An Essential Technology for Health Care” Revised Edition, Washington, D.C.: National Academy Press, 1997. pp. i-xii.
K.A. Wager, F.W. Lee, J.P. Glaser, “Healthcare Information Systems: A Practical Approach for Healthcare Management”, San Francisco, CA., John Wiley & Sons, 2009, pp. 65–107.
Institute of Medicine (IOM). (2012, Sept. 14). [Online]. Available: http://www.iom.edu/About-IOM.aspx
W.R. Braithwaite, “The federal role in setting standards for the exchange of health information”, Proceedings of the Symposium on Pacific Medical Technology (PACMEDTEK ’98). IEEE Computer Society, Washington, D.D., USA, 2012, pp. 340–347.
Workgroup for Electronic Data Interchange (WEDI). (2012, Sept. 15). [Online]. Available: http://www.wedi.org/public/articles/details.shtml
Heath Insurance Portability and Accountability Act of 1996 (HIPAA). (2012 Sept. 12). [Online]. Available: http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf
T. Piliouras, et al., “Impacts of legislation on electronic health records systems and security implementation”, Systems, Applications and Technology Conference (LISAT) IEEE Long Island, 2012, pp. 1–7.
HITECH Act, The Health Information Technology for Economic and Clinical Health Act (HITECH) Act, ARRA Components–January 6, 2009 HITECH. (2012 Sept. 12). [Online]. Available: http://www.hipaasurvivalguide.com/hitech-act-text.php
Health Level 7 (HL7). (2012 Sept. 16). [Online]. Available: http://www.hl7.org/
International Organization for Standardization (ISO). (2012 Sept. 17). [Online]. Available: http://www.iso.org
M. Vida, O. Lupse, L. Stoicu-Tivadar, “Improving the interoperability of healthcare information systems through HL & CDA and CCD standards”, \(7{\rm^{th}}\) IEEE International Symposium on Applied Computational Intelligence and Informatics. Timisoara, Romania 2012. pp. 157–161.
T. Namli, G. Aluc, A. Dogac, “An interoperability test framework for HL7-based systems”, IEEE Transactions on Information Technology In Biomedicine, vol. 13, no. 3, May 2009. pp. 389–399.
Digital Imaging and Communications in Medicine (DICOM). (2012 Sept. 15). [Online]. Available: medical.nema.org.
M. Mustra, K. Delac, M. Grgic, “Overview of the DICOM standard”, IEEE \(50{\rm^{th}}\) International Symposium ELMAR, Zadar, Croatia, 2008. pp. 39–44.
L. Yang, Y. Gu, “Design and realization of DICOM/HL7 gateway in PACS”, IEEE 2011 International Conference on Electronic & Medical Engineering and Information Technology, Shanghai, China, 2011. pp. 2164–2167.
N. Goga, S. Costache, F. Moldoveanu, “A formal analysis of ISO/IEEE P11073–20601 standard of medical device communication”, 3\(^{rd}\) Annual IEEE International Systems Conference, Vancouver, Canada, 2009. pp. 163–166.
Current Procedural Terminology (CPT). (2012 Sept. 14). [Online]. Available: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/cpt.page
M.S. King, M.S. Lipsky, L. Sharp, “Expert agreement in current procedural terminology evaluation and management coding”, Archives of Internal Medicine, vol. 162, no. 3. 2002, pp. 316–320.
International Classification of Diseases, Ninth Revision (ICD-9). (2012 Sept. 14). [Online]. Available: http://www.cdc.gov/nchs/icd/icd9.htm
International Classification of Diseases Ninth Revision, Clinical Modification (ICD-9-CM). (2012 Sept. 14). [Online]. Available: http://www.cdc.gov/nchs/icd/icd9cm.htm
OpenEMR. (2012 Sept. 14). [Online]. Available: http://www.oemr.org/
J. Noll, S. Beecham, D. Seichter, “ A qualitative study of open source software development: the OpenEMR project”, 2011 IEEE 5th International Symposium on Empirical Software Engineering Measurement, Banff, Canada, 2011. pp. 30–39.
Z. Li, et al. “A secure electronic medical record sharing mechanism in the cloud computing platform”, IEEE 15\(^{th}\) International Symposium on Consumer Electronics, Singapore, 2011, pp. 98–103.
D. Mashima, M. Ahamad, “Enhancing accountability of electronic health record usage via patient-centric monitoring”, The 2\(^{nd}\) ACM SIGHIT International Health Informatics Symposium (IHI 2012), Miami, Florida, 2012, pp. 409–418.
National Health Information Network. (2012 Sept. 14). [Online]. Available: http://www.hhs.gov/healthit/healthnetwork/background/
S. Narayan, M. Gagne, R. Safavi-Naini, “Privacy preserving HER system using attribute-based infrastructure”, Proceedings of the 2010 ACM Workshop on Cloud Computing Security, Chicago, IL., 2010, pp. 47–52.
J.A. Akinyele, et al., “Securing electronic medical records using attribute-based encryption on mobile devices”, 18\(^{th}\) ACM Conference on Computer and Communications Security (CCS), Chicago, Il., 2011, pp. 75–86.
Mirth Corp., Mirth Connect. (2012 Sept. 16). [Online]. Available: http://www.mirthcorp.com/products/mirth-connect
Mirth Corp., Mirth Match. (2012 Sept. 16). [Online]. Available: http://www.mirthcorp.com/products/mirth-match
C. Teng, et al. “Mobile ultrasound with DICOM and cloud connectivity”, Proceedings of the IEEE-EMBS International Conference on Biomedical and Health Informatics”, 2012, Hong Kong, China, pp. 667–670.
M. Yang, et al., “Guideline-driven telemonitoring and follow-up of cardiovascular implantable electronic devices using IEEE 11073, HL7 & IHE profiles”, 33\(^{rd}\) Annual International Conference of the IEEE EMBS”, Boston, Massechusets, 2011, pp. 3192–3196.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this chapter
Cite this chapter
Cyr, T., Agarwal, A., Furht, B. (2013). Brief Overview of Various Healthcare Tools, Methods, Framework and Standards. In: Furht, B., Agarwal, A. (eds) Handbook of Medical and Healthcare Technologies. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8495-0_12
Download citation
DOI: https://doi.org/10.1007/978-1-4614-8495-0_12
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8494-3
Online ISBN: 978-1-4614-8495-0
eBook Packages: Computer ScienceComputer Science (R0)