A Framework for the Philippines&rsquo PHR
June 2007

A Framework for the Philippines’ PHR : Dr. Alvin B. Marcelo

Views: 533

When patients are more involved in their own healthcare, including the management of their personal health data, they become active participants in their healthcare and become more responsible. Providing a platform for personal health records may yet become the foundations for an effective and efficient healthcare system, that is oriented more to the welfare of the client. The Philippine National Health Information Infrastructure plays a crucial role in making personal health records happen in the Philippines. Personal health record systems may be the impetus that will spur facilities to digitize their operations and allow clients to have electronic copies of their health records.

The advent of Internet technology has made it easier for consumers to participate in the management of their own health records. Add to this the proliferation of person-based devices that allow consumers to hold on to electronic copies of their health data (e.g., in their cellphones, PDAs, flash drives), and the situation seems  full of possibilities. Traditionally, health records are  maintained in hospitals, and patients could only access them on a per request basis (often in the form of a photocopy of the original).

But the new emerging technologies (Internet, eXtensible Markup Language or XML, flash memory, mobile computing, etc) are already enabling consumers to store copies of their own CT/MRI scans and laboratory results in their personal storage devices, which they can bring with them as they transfer from one facility to another. As more modalities automate the digitization of health data and make these portable, the more we foresee consumers demanding access to their personal records and asserting their rights to manage their own data themselves. We would attempt to examine them further in the following paras.

A Present with Possibilities

The twenty-first century has been called the information age, and it promises to revolutionize the health sector. With the lowering cost of hardware and the advent of open systems interfaces, it is now possible for individuals to participate more actively in transactions that concern their private information. In no other domain is this participation more relevant than in health, where intimate and personal data need to be exchanged with providers and healthcare facilities, to effect the most cost-effective approach to the solution of any health issue.

Even today, conventional health record management in the Philippines mostly follows a facility-centric or provider-centric model, where the data are stored in paper records in the clinic or in the hospital. This system essentially constrains patients into returning to the same provider every time, because their data is most complete in that facility. If they decide to transfer to another facility, they have to request for a photocopy of their record from the provider. This photocopy is often incomplete; and for health data that are not text-based such as radiology and pathology images, the second facility usually requests for repeat examinations, so they can have a copy of their own. This results in greater medical expense for the patient.

However, recent developments in health information technology are changing all these. All of them increase the ability of patients/consumers to participate in the management of their health data. First is the wide availability of person-based computing devices, such as cellphones or any device, with flash-based memory. These devices have matured to the point that their storage and computing power give them as much capability as desktop computers. Aside from cellphones, there are flash-based memory devices (such as Universal serial bus [USB] thumb drives), which can store volumes of digital information. The USB port specification has opened numerous possibilities for health data capture. The USB drives enable patients to have portable copies of their own health data, text-based or multimedia-based, that they can bring to any healthcare provider or facility.

Second is the increasing digitization of health data. With the advent of electronic medical records, automated laboratory machines, and digital radiology equipment, much of what used to be written only on paper or printed in imaging plates, are now also being made available in digital format. These digital files can be transferred from one facility to the other, without any degradation of quality. With such data, it is possible to have an examination done in one healthcare facility and viewed in another, regardless of the second healthcare facility’s infrastructure.

Third is the increasing availability of Internet connectivity. The Internet allows for the low-cost exchange of data between facilities, and between patients and facilities in a seamless manner. It is essentially possible for patient data to be in various places of the Internet and to be consolidated into one comprehensive record in a provider’s clinic.

The Issues to Reflect Upon

Certainly, there are numerous issues that accompany such a dramatic shift from the conventional healthcare, which we must dwell in, before going in raptures over these innovations. Foremost would be the security and integrity of the data as they are stored in media, that are prone to tampering. Another would be the issue of identification and authentication, both of the patient and of the provider, who would be accessing the data. Resistance from providers is also expected as personal health records would require them to invest heavily on technology infrastructure. Last but not the least, integration of the health records, parts of which may be in different facilities aside from the patient, remain a serious challenge to personal health record systems.

Here in this article we propose a framework for the design and implementation of a state-of-the-art personal health record systems in the Philippines. This framework allows policy makers to manage the transition from conventional to electronic health records in a secure yet cost-effective way; using a patient-centric approach. If the bottomline is greater participation of patients in their own care, a thorough analysis of the strengths and weaknesses of personal health records must be made to facilitate the inevitable shift from provider- and facility-centric care to one that revolves around the one who truly counts …. the patient.

However, before we analyze further, we must clearly understand what a personal health record entails. Contrary to common belief, the PHR does not contain all of a patient’s health data. Rather it is a subset of data that can give healthcare providers a more comprehensive and longitudinal perspective of the patient’s care. The ASTM International (formerly American Society for Testing and Materials) has published Standard E 2369 Continuity of Care Record (CCR), which might throw some light in this context. It reads, “The standard provides a core data set of the most relevant administrative, demographic, and clinical information facts about a patient’s healthcare, covering one or more healthcare encounters. The CCR data set includes a summary of the patient’s health status (e.g., problems, medications, allergies) and basic information about insurance, advance directives, care documentation, and the patient’s care plan.”

In Search of a Comprehensive PHR for the Philippines

The Electronic Commerce Act of 2000 provides much of the policy framework for electronic-based transactions in the Philippines and would include electronic health records. From the recent Electronic Health Records Philippines 2006 conference, we can find several applications which had some components of an electronic health record. The Community Health Information Tracking System (CHITS) is a Philippines government health center-based information system designed to manage the administrative and clinical tasks of a local health center. The Integrated Surgical Information System (ISIS) is a hospital-based patient registry that manages data about surgical patients at the Philippine General Hospital. The Blood Bank Information Management Package (BLIMP) manages the donor information system and transfusion services at the UP-PGH Blood Bank. At the Riverside Medical Center in Bacolod, Philippines, a pharmacy information system called HYSYPTO has been deployed, where prescriptions are filled up by the pharmacy right after doctor’s orders are scanned on the floor. However, none of these systems may be called personal health records since all of these are facility-based and do not share any information to the patients. Based on the author’s review of healthcare literature and of the local environment, there is no end-to-end model right now for personal health records in the Philippines. An end-to-end model allows for the transferring and viewing of health data seamlessly and securely, from one facility to another, with patients serving as the bearers of the data.

In radiology, a few imaging facilities have procured DICOM -compliant equipment, which could output digital data. Upon request, these facilities have provided their patients CD-ROMs of their images, which patients can view on a personal computer.

Laboratories on the other hand often give out test results in paper printout format. Having no actual system to receive electronic data from laboratories, only a few facilities provide electronic data to their patients in the Philippines. For the few who are able to output electronic data, they often deliver results to providers via fax or via e-mail, in portable document format (PDF). Others allow patients to print out their lab results through a web interface. Presently, there is no laboratory facility that offers electronic data to patients in the raw. The issue foremost among the operators of lab facilities is the integrity of the data once they are in the hands of patients. And there is no agreed upon way of assuring that the laboratory data would not be tampered, after transferring it to the patient.

As a matter of conventional practice, health facilities, especially providers’ clinics, do not give electronic data, in whole or in part, to their patients. Most of the time, the data are in paper format and they comply with a certain template such as clinical abstracts or medical certificates. Rarely will a provider supply a full medical record to a patient. More comprehensive and complex documents such as operative records and surgical techniques can only be obtained from hospitals, where the procedures have been performed.

At the policy side, a partnership between the Department of Health, Department of Science and Technology, Philippine Health Insurance Corporation, University of the Philippines Manila, and the Philippine Medical Informatics Society was formalized on 10 October 2005. The partnership, called the Philippine National Health Information Infrastructure or PNHII, aimed to consolidate the standards for health information in the Philippines. The PNHII focuses on four key areas: capability-building, standards and interoperability, connectivity, and test beds.

Succinctly, we can assert that the technological infrastructure to support personal health records seem to be in place already in the Philippines, but the awareness of consumers and openness of providers to the portability of data leaves much to be desired. The issues involved are multi-faceted and needs multi-stakeholder involvement.

The Role of Stakeholders

(i) The Health Consumers

Currently, most Filipino patients are not aware that it is their right to have copies of their health data and that they own the data even if they are in paper format, and even if the paper is being managed by hospitals or clinics. This knowledge is crucial in involving patients/consumers in the care of their own health data. Without an acknowledgement of this right, patients will default the care of their health records to health facilities, who serve as caretakers of their personal health data. Unless consumers realize that they can manage their own health data, the concept of personal health record systems will not prosper in the Philippines.

(ii) Providers and Facilities

The healthcare providers and facilities must accept that the patient owns the digital data, but at the same time they are compelled to retain and manage copies of the data internally. They should also accept that the data must be supplied to the patient when demanded. In effect the provider/facility manages the data, but it is the patient who owns the data within. These concepts must be made clear to all parties for personal health records, to be accepted by all involved stakeholders.

However, current local practice puts the control and power over health records to healthcare providers and facilities. Shifting the current systems from manual to electronic within a facility itself is formidable; stiffer resistance is expected for transformation to electronic personal health records. Most of the resistance will be encountered from healthcare providers who will require additional equipment to view data from personal health records. On the other hand, it is also possible for a consumer-led trend towards personal health records to push the health facilities to invest on infrastructure. It will depend on generating a critical mass of end users and the establishment of a sustainable ecosystem to make the transition as seamless as possible.

Security Issues

Since personal health records entail strict privacy due to the potentially sensitive nature of their data, there are substantial security issues that need to be addressed in order to have successful personal health record systems in the country. If stakeholders do not trust the integrity of a personal health record, its utility and value decrease. There are four security components that must be addressed by a trustworthy personal health record system. First is the clear identification of the stakeholders (that the system can identify external actors [persons, other systems] before interaction). All parties involved in the accrual of digital health data must be unambiguously identified � the patient, the facility, the technician, the examining physician, the requesting physician, to name a few. This means a persistent (central or distributed) mechanism for storing authoritative identifiable data must be kept in an accessible place.

A second security component dependent on unambiguous identification is authentication. Authentication is the process by which a previously identified entity is validated to be who the identified person really is. In conventional health record systems, the authenticating process is performed by medical records staff who keep the paper-based records. These personnel are presently in charge of identifying and authenticating their patients correctly.

A partnership between the Department of Health, Department of Science and Technology, Philippine Health Insurance Corporation, University of the Philippines Manila, and the Philippine Medical Informatics Society was formalized on 10 October 2005. The partnership, called the Philippine National Health Information Infrastructure or PNHII, aimed to consolidate the standards for health information in the Philippines.

A third security feature is non-repudiation (extent by which an application makes it impossible for an actor to deny that a transaction has taken place). This follows the principle that disallows an entity that has previously participated in an electronic transaction, to refute the transaction. Current advanced devices have already integrated this into their system by using Write Once Read Many (WORM) hard drives. Software based non-repudiation techniques are also available and may be the most practical solutions when data needs to be transferred from one facility to the next. Authorization refers to the access and user privileges for authenticated users/applications.

This security component ascertains whether an entity has the privilege to view the electronic health record. Assigning authority is primarily a social issue but once established, it can be implemented into security systems.

A Use Case Scenario for a Personal Health Record Here I have conceived of a proposed case scenario for the use of a personal health record: Upon the request of his family physician, a patient goes to a radiology facility to have his CT scan taken. After the examination, the patient requests for a copy of his CT.

Consent and waiver forms are signed and the patient’s USB drive is loaded into the healthcare facility’s personal computer. The patient’s digital CT scans are signed by the facility and transferred to the USB drive. Once the data is in the USB drive, any alterations of the file will be detected, and any authorized user will be informed of such.

Upon reporting to the healthcare provider’s clinic, the patient supplies the USB drive to the provider. Using a PNHII supplied software or proprietary viewing software compliant with PNHII specifications, the provider is able to view the patient’s CT scans with full view of the digital signature of the facility from where the scans were made. Any alterations in the scans will be detected and the provider will be informed accordingly.

Electronic documents such as clinical abstracts or medical certificates may also be transferred to the patient’s USB drive as long as the security process is followed. Doubts about file integrity can be resolved by sending the file’s fingerprint to a central indexing system or to the originating facility, where it can be compared to a previous fingerprint in file.

The Proposal

Based on the current healthcare practices and available technology and capacity, I have recommended the following framework for personal health records development in the Philippines. All of the components of the framework should be overseen by the PNHII.

At the semantic level, all messages exchanged between facilities must be consistent across systems. This means the ‘standards and interoperability’ component of the PNHII must take the lead in determining the vocabulary for the messages as well as the syntax. The messages must comply with the 3S, as listed in the figure below:

For syntax, the eXtensible Markup Language (XML) has become the lingua franca. It is platform-independent and has established itself as a neutral data format that is acceptable to many participating systems.

Once the messages can be constructed in a semantically and syntactically consistent manner, it must be wrapped within a security layer (similar to a secure envelope) prior to the transfer. This is where a certification authority using the public key infrastructure will play a role. The public key infrastructure employs a two-step authentication process which assures that messages exchanged between two trusting entities are protected from alteration. In addition, it also provides a framework for identifying and authenticating the sender and recipients of secure messages. Stakeholders involved in the transfer of the message (including the patient) will require a public and private key that they will use to sign the data. Since most of the transfers will be from facility (radiology, laboratory or clinic) to patient, these healthcare entities are the ones who should obtain a key.

What is crucial at the facility level is the identification and authentication of the patient and the signing of the unaltered health data (CT, MRI, lab, etc) with the facility’s private key and the patient’s public key. Identifying and authenticating persons at the facility level may be done on a federated, distributed basis, by employing a web of trust. Central to the adoption of personal health records will be the ease of viewing the data using freely available software. The test beds component of the PNHII will make sure that free reference implementations are available for end users and developers.

Education and awareness campaigns must be undertaken to ensure smooth implementation. The shift from conventional health record systems to personal health records is a giant leap from current reality and is prone to failure unless deliberate attempts to bridge the gap slowly and in measured steps are made. An effective way to overcome resistance from the healthcare providers and facilities is to offer the benefits of automation in lowering the cost of operating the clinic or the facility. Focusing on patient empowerment also helps in convincing providers to make the necessary investments.

When patients are more involved in their own healthcare, including the management of their personal health data, they become active participants in their healthcare and become more responsible. Providing a platform for personal health records may yet become the foundations for an effective and efficient healthcare system, that is oriented more to the welfare of the clients.

The Philippine National Health Information Infrastructure plays a crucial role in making personal health records happen in the Philippines. Personal health record systems may be the impetus that will spur facilities to digitize their operations, and allow clients to have electronic copies of their health records.  

CancerGrid Project: Using ICT to Tackle Cancer

According to the WHO estimates, Cancer affects 13 percent of people across the globe. It is one of the menacing threats afflicting the humanity. The recently launched CancerGrid project can provide a solution to this growing health concern.

The project is perhaps the first ever large scale application of computer grid technology for finding and developing new anti- cancer agents. It is a concerted effort by academia and industry to tackle one of the pressing medical challenges of our times.

The multidisciplinary research project is funded by the EU and is comprised of a 10-member, SME-led consortium. The partners of this ambitious project are AMRI Hungary, Inte: Ligand, Tallinn University of Technology from Estonia, GKI Economic Research Co. from Hungary,Computer and Automation Research Inst., Hungarian Academy of Sciences, University of Jerusalem from Israel, DAC from Italy, University of Bari from Italy and University Pompeu Fabra from Spain.

Here it deserves a mention that in the human genome, there is an estimated subset of approximately 3000 genes which encode proteins, including novel cancer-related targets, which could be regulated with drug-like molecules. The partners in the project will work towards developing specific chemical compound collections, which are also called chemical libraries, that will interact with these cancer proteins.

The project endeavours to develop and refine methods for the enrichment of molecular libraries for facilitating the discovery of potential anti-cancer agents. It will strive to amalgamate new technologies with biology to enrich molecular libraries and increase the likelihood of discovering potential cancer-curing drugs. The project will use the resources of grid computing to enable the researchers to tap into a potent network of interconnected workstations, which are able to process large chunks of data and reduce computational time.

Using grid-aided computer technology, the likelihood of finding innovative anti-cancer leads will substantially increase the translation of basic knowledge to application stage.

In particular, through the interaction with novel technologies and biology, the R&D consortium aims at developing focused libraries with a high content of anti-cancer leads; building models for prediction of disease-related cytotoxicity and of kinase/ HDAC/MMP and other enzyme (i.e. HSP90) inhibition or receptor antagonism using HTS results; developing a computer system based on grid technology, which helps to accelerate and automate the in silico design of libraries for drug discovery processes, and which is also suitable for future design of libraries for drug-discovery processes that have different biological targets (the result is a new marketable technology).

Recommended from all portals

Latest News

To Top