1 executive summarysite:og-context... · 1 executive summary the dhis2 platform is one of the more...

Digital Square RfA 2018-026 - CONCEPT NOTE 1/10

1 Executive summary

The DHIS2 platform is one of the more widely deployed Health Information System (HIS) components in Low and Middle Income Country (LMIC) contexts. Its more recent ability to track patients through care pathways coupled with the release of standardised patient-orientated add-on Apps endorsed by WHO (e.g. TB Patient tracking, Malaria Patient Tracking) has created both new opportunities and challenges that were not as apparent while the platform was mostly focused on routine aggregate reporting of health data from facilities.

While the challenges of security and privacy in relation to the handling and storage of patient identifiable data (PID) are often raised as a concern, there are a lack of guidelines, best practices, audit tools or case examples that implementers can reference or apply to ensure they approach their projects with these concerns foremost in their mind. It is only a matter of time before a patient data-breach occurs in a DHIS2 related LMIC national health project.

We propose therefore to engage the expert community, via an agile Target Product Profile (TPP) process, to determine the security and privacy assets that need to be adapted and/or developed, which, if adopted by implementers, would help reduce the security and privacy risks for patient-centric solutions developed in LMIC contexts using DHIS2.

The TPP process is normally used to arrive at a consensus for the minimum characteristics that the researchers and developers of new drugs or diagnostics developers and researchers need to meet to create a viable product. We propose that the engagement model that underpins TPP’s - if adopted and adapted - can also support the evolution of a broad consensus on what needs to be developed to address security and privacy concerns for deploying digital systems handling patient identifiable data in LMIC contexts.

Rather than adopting the relatively ‘heavy’ TPP process that consists of a series of in-person workshops that bring together a global set of experts, we suggest an agile approach that engages participants in a highly collaborative virtual process. We have used this approach before to develop consensus for workbooks/guidelines/tools in the Maternal, Newborn and Child Health context. We would reserve the option of at least one in-person side-meeting at an international eHealth, DHIS2 or HIS event if deemed useful by participants in the TPP process.

The goal of this process is to identify the assets that would help implementers of DHIS2 address patient-related data security and privacy issues that complement the efforts of the DHIS2 Open Source Developers Community to enhance the security of the DHIS2 platform. This also ensures that many of the data and security assets derived from this agile TPP process will be applicable to other HIS components that deal with patient identifiable data.

The tangible outputs of this proposal will include:

● Broad consensus from experts on the security and privacy assets that need to be developed to support implementers,, strategists and funders working with or sponsoring systems that contain patient identifiable data in LMIC contexts.

● A detailed prioritised list of security and privacy asset definitions that can form the basis for development of said assets by other partners, sponsors or the community.

● Validation from at least three countries in the form of participation and feedback in the process as well as prioritisation information for which assets are most critical to develop.

Main Office: 45 ch de Machefer, CH-1290 Versoix, Switzerland | Phone: + 41 79 718 4180 | eMail: [email protected] | Web: www.eshift.org eSHIFT Partner Network is a Swiss NGO helping great ideas scale into national health systems


2 Consortium Team

is a Swiss not-for-profit association established in 2012 to help great ideas scale into the national health systems of developing countries so that populations achieve better health outcomes. At the core of eSHIFT is our network of partners with many years of expertise, providing strategic advice on, and implementation of, information management and digital health solutions to both national level and global-health bilateral actors. eSHIFT also hosts the Swiss node of HISP (HISP Geneva), the network of global partners supporting DHIS2 and improvement of health information systems in low and middle income countries.

eSHIFT has a number of projects currently underway in conflict zones, politically complex and/or resource constrained settings. The efforts documented herein, if made easy to use and accessible, could have very positive broad sustainable impacts to the successful ongoing operations of many country-level DHIS2 implementations.

The nominated team for this proposal is derived from member organizations. Specific examples of relevant work and team CV’s are combined and available at the end of the document or as separate attachments.

is a boutique consulting company founded in Switzerland in 2008 that focuses on the International Development and Humanitarian sectors. SageHangan has an established specialty practice in DHIS2 planning and implementation and proactively contributes to joint evolution of the DHIS2 platform in partnership with the University of Oslo (UiO) and the DHIS2 HISP Community.

SageHagan has an extensive record of in-country health information systems and business intelligence assessment, planning and implementation experience in Europe, Africa and the Middle East (UK, Ukraine, Sudan, Eritrea, Ethiopia, Senegal, Congo, Kenya, Malawi, South Africa, Lesotho, Jordan, Egypt, and Turkey/Syria). SageHagan has also carried out several significant global information systems reviews on behalf of the International Community, including independent review of information systems and processes supporting the Global Influenza Programme as a result of strains the emerged during the last flu pandemic, and the landscape analysis of the information systems supporting the Accelerated Vaccines Initiative on behalf of PATH.

The proposed agile TPP process was used very successfully by SageHagan to engage an international panel of experts who guided the development of the workbook Information and Communication Technologies (ICTs) for Women’s and Children’s Health: A Planning Workbook For Multi-Stakeholder action, an effort proposed to and supported by the Partnership for Maternal, Newborn and Child Health (PMNCH) and the UN Secretary General’s Every Woman, Every Child Innovation Working Group (IWG).

The nominated expert to provide input the TPP process should be David Hagan ( LinkedIn ), an international expert with 10 years of experience in Health Information Systems for LMIC’s, three years as Principal Consultant/Advisor for Health Intelligence to the NHS (UK), and six years with WHO as senior information management advisor. David also has a prior background in secure communications, system hardening, encryption and information threat assessment.

Further details on SageHagan found in the attached joint project list (for SageHagan, Entuura, and eSHIFT) and in the CV for the nominated expert (David Hagan).

is a consulting and

engineering company. The company supports a variety of digital health information related



multinational projects and activities. These projects involve supporting international multilateral organisations and key donors in the global health domain. Entuura has established a specialty practice in DHIS2 consulting, IT systems support and secure hosting. Entuura currently supports the University of Oslo HISP group in a number of country DHIS2 implementations, including more strategic work around IT security, mobile device management, systems administration and DHIS2 implementation governance.

In our work we have supported many deployments of DHIS2 at national level with a complete technology platform. We have also developed curriculums for DHIS2 academies around IT Systems Administration (including platform security and disaster mitigation strategy), architecture and overall IT Governance.

The nominated expert providing input to the TPP process is Steven Uggowitzer ( LinkedIn ), an international expert with 20 years of experience as an engineer working in the Global Public Health space, of which 10 years was building health information systems in LMICs, and 10 years of experience with WHO. While at WHO Steven’s activities included 3 years as senior architect for the Health Metrics Network, lead designer of the WHO crisis response center, founder of the WHO Data Managers Forum and many years of experience leading the organization’s IT architecture and internet security systems design and risk mitigation. Steven also has prior background in engineering of internet solutions, including participating in ISOC & IETF along with implementation of organizational standards such as TOGAF, ISO 9000/1 & ISO/IEC 27001.

will be made up of members drawn from a wide range of stakeholders. Categories of experts are likely to include: (drawn from the HISP development community); ;

; ; ; from one or more LMIC contexts;

; from the Multilateral Agencies; and representatives from the community. Other categories of expertise may be included in the agile TPP

process if identified as appropriate.

3 Project description

The DHIS2 community is increasingly implementing technical health information solutions that capture patient-identifiable data. This can range from collecting data in fragile settings via DHIS2 mobile Apps through to tracking the treatment of HIV-positive patients over the course of their lifetimes.

There is significant anecdotal evidence that security and privacy concerns are not necessarily adequately addressed when designing these solutions, and therefore the potential exists for accidental or intentional exposure of sensitive patient data. In fragile settings, or in settings where health or ethnic status has social impact, this could lead to endangerment of the patient if the data were to fall into the wrong hands.

The key cause of this problem appears to be a lack of appropriate workbooks, guides, tools, and knowledge for both implementers and users of the DHIS2 platform that can be used to assess and plan solutions which adequately address security and privacy concerns.

These same concerns are applicable to most HIS software components used in LMICs that capture, store or use patient identifiable data.



It should be noted that while the focus for this proposal is DHIS2, the outcomes would be generally be beneficial to other patient-centric settings in LMIC contexts.

The proposed process is expected to ‘ ’ for addressing security and privacy concerns for patient-centric solutions developed using DHIS2 in LMIC contexts. It will engage a wide variety of traditional and non-traditional experts and stakeholders, and establish the list of key that need to be adopted, adapted and/or developed,

. Many different national and international policies or recommendations that already exist (e.g. HIPAA, GDPR, MEASURE Evaluation’s guide to ‘ Using DHIS2 Software to Track Prevention of Mother-to-Child Transmission of HIV ’ etc.) that can be tapped to inform what would be appropriate in an LMIC setting. The types of assets that are likely to be identified as useful include:

● Security Categories (areas that should be addressed in an audit and/or review) ● Privacy Categories (areas that should be addressed in an audit and/or review) ● Workbooks and/or Guidelines including applicable existing standards; ● Templates and/or Checklists; ● Assessment tools; ● Best practices white papers in domains of policy, management and operations, and

technology; ● Case studies;incl. exemplary tools and compliant approaches to technical deployments; ● Materials to clearly show alignment to the new WHO Resolution on Digital Health

As a specific deliverable for this grant, one of the assets -- a workbook for designing systems that address patient privacy -- would be fully developed to a completed product and tested in a real context.

The beneficiaries of the larger process include: Patients, Ministries of Health, Implementers, and their funding partners.

eSHIFT’s approach leverages modern communications and applies Agile methods to activities. Rather than engaging in physical meetings, participating experts will be expected to provide inputs via a virtual presence. SageHagan/eSHIFT previously led a process to develop a workbook for multi-stakeholder action in the scale-up of ICT/mHealth interventions . We would draw 1

heavily on the management and engagement structure used for that project in this endeavour.

The approach entails:

● An initial project setup and engagement activity to establish protocols, communication modalities, tools for collaboration, and the presentation of interim outputs. This will consist of a small collaborative web space for the Agile TPP process which we recommend be publically viewable (previously, we used Google Sites for this purpose), this would also be primary means to engage with the broader community;

1 http://www.who.int/pmnch/knowledge/publications/ict/en/



● Establishing a broad cross-section of experts (including from outside of the International Development and HIS domains) that for any given topic/conference-call will provide enough breadth and depth to provide valuable and informative feedback;

● The use of several iterative cycles of activity to encourage rapid evolution of outputs; ● Elimination of the usual process of lengthy in-person expert meetings through the

extensive use of interactive micro-surveys, discussion threads, and immediate feedback on ideas/insights to facilitate dialogue. Summary conference calls on a 2-weekly basis allow participants to review progress from on-going activity and focus on process rather than debate the content (as this has been derived from the on-going activity);

● The use of recorded Individual interviews with experts, which are summarised as inputs into the ongoing evolution of ideas and points-of-view.

Both the collaborative environment and the outputs of the agile TPP process will be hosted online by eSHIFT.

By design, this proposal attempts to ultimately raise-the-bar of digital health maturity by addressing factors that impact maturity but are not reflected in the Global Good Maturity Model (v1.1) instrument. It is with some interest that we note the terms "Governance", "Security", or "privacy" do not appear anywhere in the model, yet these areas play an important role in the overall maturity of health information systems.

A. Work Plan and Schedule

Digital Square: Security & Privacy Project Schedule

eSHIFT Partner Network

WBS Task Lead Start End

Cal

Days

Work

Days

Days

Left

1 Phase 1a Agile TPP eSHIFT Mon 1/14/19 Sun 6/30/19 168 120

1.1 Project Initiation and Engagement eSHIFT Mon 1/14/19 Fri 2/08/19 26 20 26

1.2

Iteration 1 research, survey,

discussion, summarize eSHIFT Mon 2/11/19 Sun 3/10/19 28 20 28

1.3



1.4



1.5



1.6

Prepare and finalise the initial outputs

of the Agile TPP process eSHIFT Mon 6/03/19 Sun 6/30/19 28 20 28

2 Phase 1b Validation Mon 9/16/19

Sun

10/27/19 42 30

2.1 Candidate Country 1 Validation eSHIFT 9/2/2019 Sun 9/15/19 14 10 14

2.2 Candidate Country 2 Validation eSHIFT Mon 9/16/19 Sun 9/29/19 14 10 14

2.3 Candidate Country 3 Validation eSHIFT Mon 9/30/19

Sun

10/13/19 14 10 14

2.4

Summarize outputs and feedback

into Agile TPP outputs eSHIFT Mon 10/14/19

Sun

10/27/19 14 10 14



B. Project deliverables

The overall program of activity is split into three phases. Funding at this stage is sought for Phase 1 (1a and 1b) only :

● Facilitating the agile TPP process for the security and privacy of patient-centric systems in LMICs: covers the engagement, research and expert working-group activity for the agile TPP process which will determine the scope of any Security and Privacy assets that need further development. The deliverables for part A of Phase 1 include:

○ A categorisation of the classes of data security and privacy areas that need to be considered;

○ A consensus view of which data security and privacy implementation assets are required to assist implementers of systems (such as DHIS2) that include patient identifiable data, organised by the categories above; and

○ The candidate assets will be nominally sorted by priority as assessed by TPP participant experts, and specified in enough detail so that (for Phase 1b), candidate LMIC countries can assess the validity and priority for each asset, and (for Phases 2 and 3) allow form the starting point for elaboration and development of a given data security or privacy asset.

● Validating the nominal priorities of the outputs of the agile TPP process in three candidate LMIC countries: using this to inform the recommendations for priority security/privacy asset development. Initial candidate countries include those with which eSHIFT and its partners are familiar, one in each of three settings: a South-East Asian country, a fragile-setting country/territory, and an African country. The TPP may recommend other alternatives. The deliverables for part B of Phase 1 include”

○ A rapid assessment report for each candidate country which identifies the priority data security and privacy assets that would be of use to that country; and

○ A combined report/priority list of data security and privacy assets.

● - Develop one of the Security or Privacy Assets, as identified by the agile TPP process, and in particular the asset highlighted as most important by the Phase 1b countries.

● Further stakeholder funding will be sought from International Partners to build out and validate other priority assets that are identified by the agile TPP process

As host to HISP Geneva, eSHIFT will act as project manager and secretariat for Phase 1. Together, these require an average of 2.5 PTE over the durations of Phase 1a and 2 FTE for Phase 1b (project coordination, research assistance, internal domain expert, and editor/content resources) .

We may choose to host update/final meeting(s) in a physical location(s), but only if needed, and e.g. as side-meeting(s) to other event(s) that may attract a quorum of participants.



It is expected that will be a six-month elapsed activity, consisting of: 1. A preliminary setup and engagement phase (1 month); 2. An initial kickoff virtual meeting; 3. 4 x 4-week iterative cycles that includes research/content development activity and

2-weekly virtual review sessions; 4. A final meeting with follow-on content preparation, publishing, and communication (1

month).

It is expected that will consist of: 1. 3 x 2-week country validation exercises; 2. .A final 2-week session to use the findings and feedback from the validation exercises to

adjust and inform the outputs of Phase 1b.

C. Digital Health Atlas

By design, this proposal attempts to ultimately raise-the-bar of digital health maturity by addressing factors that impact maturity but are not really reflected in the Digital Health Atlas web site. This site is focused on system and project implementation and not the broad heuristics around building capacity to enable cross-cutting improved implementation outcomes related to privacy, security, confidentiality etc. The site also doesn’t reflect our country of origin (Switzerland), and also does not include at least 2 locations where we are carrying out systems implementations wherein security is of paramount concern (projects in Palestine and in Turkey for the ‘Syria’ relief response). We will make best effort to register on this site.

D. Self assessment on the Global Goods Maturity Model

As this project is not focused on software per se thus ranks lower in this area. Self-assessment attached as PDF to this proposal, but also available at: https://docs.google.com/spreadsheets/d/1uw1mMrJGbrpDtxOxo_MjvwoXhJ3DU2nES6cNjbGa4hg/edit?usp=sharing

E. Use Cases to be Addressed

We see this endeavor addressing two (2) broad categories of use cases:

1. Use case(s) where TPPs have been well described and developed, enough to inform actors from both inside and outside our usual communities to engage in and actually develop or offer significant contributions to one or more of the tools called for/required



by the TPP work. I.e. use these TPPs to broaden the involvement and interest in these issues surrounding scaling digital health applications in ICT4D contexts.

2. Use case(s) where actors who are decision makers / strategists with very differing areas of focus can benefit from the TPP outputs. For example:

a. Use case where e.g. deployment of a DHIS2 tracker-based ‘intervention’ can clearly reference/utilise one of our tools, created from a TPP, to guide the whole infrastructure deployment (down to OS on bare metal) of how a system such be conformally deployed;

b. Given that TPPs should also generate tools and guides which conform to WHO’s new resolution on digital health , a strategic actor could use tool(s) generated from one of the TPPs to completely specify and advocate for the ‘right’ level of skills and investments into architecture and support/sustainability in order to ethically and appropriately specify budget and strategise around the whole IT governance of a project.

c. Clear assessments of readiness for operational data systems containing named patient data may be developed and used at country level for both gap analysis and clear categorisation for requests for investment/funding/staffing etc.

4 Tagging

Health Information Repositories Data Auditability and Integrity DHIS2 Systems Availability Systems Administration Health management information system (HMIS) Data Security and Confidentiality Human rights and ethics Shared Health Record Risk-based health data de-identification


1 executive summarysite:og-context... · 1 executive summary the dhis2 platform is one of the more...

Documents