chino poster im/ifip

Low-Level Operations (LLO)

Data Management Interfaces (DMI)

Medical Record System

Medical Record System

Medical Record System

Medical Record System

Goals and Approach

CHINO Process Definition and Execution

Medical Record Sharing

Jovan Stevovic, Fabio Casati, Bilal Farraj Dep. of Information Engineering and Computer Science

University of Trento, Italy

icons by http://dryicons.com

EHR Electronic Health Record System

The CHINO Business Process and Policy Execution Framework

Healthcare services = joint work of many organizations

Develop a system to easily share medical records while satisfying security, privacy and business requirements

Compliance-Aware Cross-Organization Medical Record Sharing

Record Store

Data Filtering PEP

Metadata Registry

Business Rules Manager

Access Rights PEP

Shared Process Execution Environment

The main modeler components are: A: List of all processes B: The Modeling framework C: List of the Custom CHINO elements D: Configuration of the custom elements

DMI and LLO implemented using SOA and EDA architectural patterns Some of the used tools: Activiti BPM open source engine, Mule ESB, MySQL, ebXML Registry

Security policies ¡ Access control

¡ Encryption strategy

¡ Data storage location

Requirements and Case Study

Jun Li, Hamid R. Motahari-Nezhad Hewlett-Packard Laboratories

Palo Alto, California, USA

Giampaolo Armellin CRG - Centro Ricerche GPI

Trento, Italy

1. Identification of Business Requirements

2. Identification of Compliance Requirements

3. Definition of Compliance-Aware Data Management Scenarios

4. Definition of Executable Processes and Policies

5. Deployment and Execution inside Runtime Environment

Chief Information

Officer

Business Analyst

Business Analyst and Developer

Developer

Chief Compliance

Officer

Patient

Doctor

Specialist

0: specifies/accepts sharing policies 1: problem

description

2: consultation request

4: request records

3: consultation request

7: Records / request denied

6: retrieve record from external store

5: check policies

Doctor-consultation scenario in Italy

EHR Electronic Health Record System

Patient

Doctor

Specialist

6: approve/ deny

1: problem description

2: consultation request

4: request records

3: consultation request

7: Records / request denied

Doctor-consultation scenario in UK

5: request approval

Privacy policies ¡ Data owners

¡ Policy enforcement points

¡ Purposes of use of data

Business specific requirements ¡ EHR standards

¡ Organizations’ requirements

The CHINO Methodology

•  Interactions •  Business req.

Descriptions of services

•  Security req. •  Privacy req.

Compliance requirements

High-level representation describing the interactions annotated with privacy, security

and compliance req.

input output input output

output

Executable compliance-aware business processes and rules.

output

Compliance-aware medical record sharing

output

It is challenging due to security, privacy and business requirements

The Process Modeling and Policy Definition Framework

Enable organizations to define their own data management processes and policies that manage their data and share them with others

pushRecord getRecord grantRights pushMetadata

The CHINO framework elements: ¡ Two categories of data:

•  Records: detailed and privacy sensitive information

•  Metadata: describes Records

¡ Rules:

•  Access Right Rules: defines access control over Metadata and Records

•  Privacy Filtering Rules: fine-grained data filtering mechanism for XML or HL7 data

¡ Data Management Interfaces (DMI):

•  pushRecord, getRecord, grantRights to manage Records and Metadata

¡ Modeling Elements:

•  BPMN 2.0 elements: supported by the Activiti engine.

•  Custom CHINO BPMN elements: to facilitate access to LLO and interaction with external organizations trough DMI.

¡ Low Level Operations (LLO):

•  pushRecord, getRecord, grantRights to access to internal components

OpenMRS + CHINO integration 1.  Doctor-consultation module for OpenMRS 2.  Integrated with CHINO 3.  2 sets of processes to demonstrate cross-

regulation record sharing.

Validation Validation

Specialist Doctor

The custom CHINO tasks are mapped on Low-Level Operations

over data and policies

Record requests trigger record owners’ processes and policies

From requirements collection to process and policy execution

demo

Ongoing study with 2 Groups 1.  Developers and Business Analysts to

understand if it is feasible to model requirements with CHINO. - preliminary results are positive

2.  Privacy Experts: to understand if CHINO process visibility can improve trust

Validation User Study

our approach… Data sharing is essential but...