Health Transformation

Krister, I would like to respond on behalf of the Global Trust Center on your comments.
The Global Trust Center is, as you say, a non-profit independent international organisation that develops policy, best practice and guidance to enable trust in digital interactions.
We have developed the ‘Global Trust Center Policy on Enabling Trust in the Digital World’ (the ‘Global Trust Center Policy’) with a supporting document architecture of over 100 documents. Some time ago we realised that there were problems with the issue of trust in the digital world and that you rarely knew the other parties with which you were dealing. In fact if you think about it, our trading processes have evolved in the real, or physical, world over thousands of years, yet in the digital world only over a decade or two.
The Global Trust Center Policy puts the individual user in charge and control of their digital interactions. This allows them to be responsible and accountable for them, the ability to verify their interacting parties and provides an independent witness service to provide traceability and proof of all digital interactions.
So what has this to do with e-Health, I hear you say?
Well it goes like this ….
There is a recognised need to share health records and other medical information both nationally and internationally to ensure that all citizens can be assured of the best and most up to date health care based on their medical history. The EU wants to have interoperability so that disparate and distant systems can be interoperable (the EU Interoperability Framework and the requirements for Pan-European eGovernment Services (PEGS) amongst others). There is a defined and definite need to look after our citizens from a healthcare viewpoint.
Given that, the Global Trust Center looked at how it could help administrations, businesses and the citizens best achieve this. This led to the development of the Global Trust Center Policy.
This not only places the individual user in control of their own identity, with the ability to divulge as much personal information as they want, but also can enable any business or administration to do the same, respecting the individual users right to privacy. The underpinning infrastructure for this enforces role and identity management and will protect intellectual property and personal data from unauthorised disclosure by the setting of appropriate access rights by any party, including the health services, that holds that information. If it is ever released, then the independent witness service, chosen by all parties to a digital interaction, can provide legally admissible evidence as to who released it.
Whilst a policy may seem worthless without a thing tangible and implementable infrastructure to back it up, the Global Trust Center has engaged a number of partners to turn the Global Trust Center Policy into reality.
One of the sectors that has been addressed is that of e-Health.
So what can the Global Trust Center Policy and its partners do – or has it done – for e-Health?
The Global Trust Center, recognising the importance of what they do in the e-Health arena, addressed this issue and developed a pilot to show how the Global Trust Center Policy with a supporting infrastructure could be used.
This small, proof of concept, pilot linked hospitals and other stakeholders together who had disparate and diverse systems to prove the interoperability that was possible using the Global Trust Center Policy and it supporting infrastructure.
The pilot was a success and proved that given the correct roles, each individual user in the e-Health process could perform the correct duties, be accountable and responsible for their actions and integrate seamlessly with the other systems that needed to be used in the e-Healthcare process. Simultaneously with the pilot, the Global Trust Center ran a number of benchmarking studies for e-Health legislation and regulations and those for personal privacy.
The results of this twin exercise, practical implementation of the pilot and paper-based benchmarking, identified and, in many cases, demonstrated the following benefits:
• reduction of costs: e-procurement can be managed between health authorities and hospitals to maximise buying power and stock control, benefitting patients, hospitals and health authorities;
• increased shareholder value: health authorities and hospitals will be able to reduce costs and so provide more income for healthcare;
• reduce fraud losses: fraud losses will be severely reduced as control over purchasing and spending can be made personally accountable for all actions through the relevant audit trail held by the independent witnesses;
• accountability of information assets: is achieved by individual users acting in a delegated role on behalf of a legal entity (i.e. an health authority or hospital). They have sole control of the PDI and are in control of any information assets related to their delegated role. Any digital interactions taken on or with the information asset will be recorded in the secure audit trail;
• building trust: trust is able to be built in relationships over time as the interacting parties will be able to verify the existence of other legal entities (hospitals or health authorities), verify if individual users are authorized to act in a delegated role and have the ability to receive independently verifiable references;
• control of process and roles: the roles and responsibilities of individual users involved in digital transactions are achieved through the consensual acceptance of delegated roles by individual users (with the associated access rights, privileges and responsibilities) by health authorities and hospitals;
• enforce consumer rights: the patient will have their rights enforced as they, the health authorities and hospitals will all be placed on an legal equal footing in case of legal dispute over healthcare;
• integrity of data: data integrity is assured using the irrefutable time-stamp, positive identification of the individual user, acting in a delegated role or not, and the hash value of the content stored in the secure audit trail which shows if the data has been altered during processing and preserves the privacy of the interacting parties and the related healthcare information in interoperable systems;
• integrity of process: the ability to identify who has performed what at a specific point in time through the secure audit trail enables the verification of the integrity of all processes;
• integrity of users: is achieved by the use of delegated roles which explicitly define the access rights and privileges assigned to the individual user by an health authority or hospital in their delegated role;
• intellectual property rights: hospitals and health authorities are able to protect their intellectual property rights through setting access rights and privileges and assigning them to the specific delegated roles. Additionally, integrity and version control of electronic information is achieved through the secure audit trail which allows records to be recovered to determine any incident relating to intellectual property rights protection. This is especially important in patient records and healthcare generally;
• interoperability: within a common framework, interoperability between disparate and diverse systems is achieved through the use of Personal Digital Identity (PDI) by individual users in a delegated role on behalf of an hospital or health authority;
• legal equality: all parties in any healthcare process will have access to their chosen witness, allowing all parties to have the same evidence relating to a patient care dispute, giving equality of evidence;
• low entry cost: the health authorities and hospitals can implement which ever processes relating to improved healthcare they want and integrate them with their own existing legacy systems, there is no need to install them all;
• reduced IT costs: the Global Trust Center interoperability implementation has existing role and identity management tools that can be utilised as Role and Identity Management as a Service (RIMaaS). This can seamlessly integrate with existing permissions databases (such as Active Directory);
• reputational protection: the reputational protection of the health authority, hospitals and individual members of staff can be proved by the use of the secure audit trail to support litigation in case of need.
• support for dispute resolution: the use of the chosen witnesses by all parties in any healthcare interaction with the stored secure audit trail with an irrefutable and consistent time stamp allows all parties to access the records of the interaction. The secure audit trail would be admissible to the relevant dispute resolution process;
• traceability of actions: in all healthcare interactions, traceability of interacting parties is ensured through the secure audit trail stored by the chosen witness for the interaction;
• verification of individuals: the verification of individuals is made possible through the framework referral points, various registers and the use of independently verifiable references;
• verification of legal entities: the verification of health authorities and hospitals, as well as individual users acting in a delegated role on their behalf, is made possible through the framework referral points and various registers;
Given that there is a requirement across the EU for interoperability and equality of healthcare systems, it is understandable that this system could be rolled out to any Member that has issues with interoperability with healthcare – or any other e-government services for that matter.
The classic case of this in the EU is the UK’s National Health Service National Program for IT (NPfIT) allowing the sharing of medical records between doctors and hospitals. The original budget for this was £2.3 billion but, according to the UK press, this has grown considerably.
Our belief is that if the Global Trust Center infrastructure, its partners, and the Global Trust Center Policy were used to deliver this solution, it could be achieved on cost, on time and on budget.
David Lilburn Watson, Global Trust Center, Malmö, Sweden

David,
thanks for your input!
Do you have any benchmarks done proving this or
whitepapers on pilots?

Krister Svanberg, Capgemini