chino poster im/ifip
DESCRIPTION
Poster presented at the Integrated Management (IM) conference in 2013TRANSCRIPT
Low-Level Operations (LLO)
Data Management Interfaces (DMI)
Medical Record System
Medical Record System
Medical Record System
Medical Record System
Goals and Approach
CHINO Process Definition and Execution
Medical Record Sharing
Jovan Stevovic, Fabio Casati, Bilal Farraj Dep. of Information Engineering and Computer Science
University of Trento, Italy
icons by http://dryicons.com
EHR Electronic Health Record System
The CHINO Business Process and Policy Execution Framework
Healthcare services = joint work of many organizations
Develop a system to easily share medical records while satisfying security, privacy and business requirements
Compliance-Aware Cross-Organization Medical Record Sharing
Record Store
Data Filtering PEP
Metadata Registry
Business Rules Manager
Access Rights PEP
Shared Process Execution Environment
The main modeler components are: A: List of all processes B: The Modeling framework C: List of the Custom CHINO elements D: Configuration of the custom elements
DMI and LLO implemented using SOA and EDA architectural patterns Some of the used tools: Activiti BPM open source engine, Mule ESB, MySQL, ebXML Registry
Security policies ¡ Access control
¡ Encryption strategy
¡ Data storage location
Requirements and Case Study
Jun Li, Hamid R. Motahari-Nezhad Hewlett-Packard Laboratories
Palo Alto, California, USA
Giampaolo Armellin CRG - Centro Ricerche GPI
Trento, Italy
1. Identification of Business Requirements
2. Identification of Compliance Requirements
3. Definition of Compliance-Aware Data Management Scenarios
4. Definition of Executable Processes and Policies
5. Deployment and Execution inside Runtime Environment
Chief Information
Officer
Business Analyst
Business Analyst and Developer
Developer
Chief Compliance
Officer
Patient
Doctor
Specialist
0: specifies/accepts sharing policies 1: problem
description
2: consultation request
4: request records
3: consultation request
7: Records / request denied
6: retrieve record from external store
5: check policies
Doctor-consultation scenario in Italy
EHR Electronic Health Record System
Patient
Doctor
Specialist
6: approve/ deny
1: problem description
2: consultation request
4: request records
3: consultation request
7: Records / request denied
Doctor-consultation scenario in UK
5: request approval
Privacy policies ¡ Data owners
¡ Policy enforcement points
¡ Purposes of use of data
Business specific requirements ¡ EHR standards
¡ Organizations’ requirements
The CHINO Methodology
• Interactions • Business req.
Descriptions of services
• Security req. • Privacy req.
Compliance requirements
High-level representation describing the interactions annotated with privacy, security
and compliance req.
input output input output
output
Executable compliance-aware business processes and rules.
output
Compliance-aware medical record sharing
output
It is challenging due to security, privacy and business requirements
The Process Modeling and Policy Definition Framework
Enable organizations to define their own data management processes and policies that manage their data and share them with others
pushRecord getRecord grantRights pushMetadata
The CHINO framework elements: ¡ Two categories of data:
• Records: detailed and privacy sensitive information
• Metadata: describes Records
¡ Rules:
• Access Right Rules: defines access control over Metadata and Records
• Privacy Filtering Rules: fine-grained data filtering mechanism for XML or HL7 data
¡ Data Management Interfaces (DMI):
• pushRecord, getRecord, grantRights to manage Records and Metadata
¡ Modeling Elements:
• BPMN 2.0 elements: supported by the Activiti engine.
• Custom CHINO BPMN elements: to facilitate access to LLO and interaction with external organizations trough DMI.
¡ Low Level Operations (LLO):
• pushRecord, getRecord, grantRights to access to internal components
OpenMRS + CHINO integration 1. Doctor-consultation module for OpenMRS 2. Integrated with CHINO 3. 2 sets of processes to demonstrate cross-
regulation record sharing.
Validation Validation
Specialist Doctor
The custom CHINO tasks are mapped on Low-Level Operations
over data and policies
Record requests trigger record owners’ processes and policies
From requirements collection to process and policy execution
demo
Ongoing study with 2 Groups 1. Developers and Business Analysts to
understand if it is feasible to model requirements with CHINO. - preliminary results are positive
2. Privacy Experts: to understand if CHINO process visibility can improve trust
Validation User Study
our approach… Data sharing is essential but...