tm facilitating electronic sharing of data needed for public health preparedness: the national...

TM

Facilitating electronic sharing of data needed for public health preparedness: the National

Electronic Disease Surveillance System (NEDSS)

Claire Broome, M.D.Centers for Disease

Control and PreventionMarch 20, 2002

Public Health Data Standards Consortium

TM

NEDSS “at-a-glance”

• NEDSS is a broad initiative using national data and information system standards for development of efficient, integrated, and interoperable surveillance systems at the state and local levels • Data standards- data models, http://www.cdc.gov/nedss• Harmonizing with HL7 Reference Information Model• NEDSS System Architecture, http://www.cdc.gov/nedss

• Includes tools for electronic data transfer to health department from health care system:• Eg from multi-jurisdictional clinical labs

• Architecture built on Integrated Data Repository; data from health care to health department sent via• single pipeline: single format, receiving point, security

• Security standards (HIPAA compliant) to maintain public health track record in protecting sensitive data

• Starts with focus—infectious disease—but keeps big picture in mind

TM

NEDSS Systems Architecture

For State and local Public Health Departments

ClinicalDatabase

CDC and OtherHealth Depts.

XMLData

Exchange

ElectronicLaboratoryMessages

HL7

SecurityIntegrated State / Local DataRepository

State HealthDepartment

Local HealthDepartment

OrClinical

Site

ShareableDirectory of

PH Personnel

Reporting, GIS and AnalysisB L

B L

B L

B L

TM

Current Status of NEDSS• 50 states, 6 cities, and 1 territory funded for

NEDSS: 43 started with Assessment & Planning phase in 2000

• September 2001: 35 states and 1 city receiving funds for development of NEDSS compatible systems• 16 implementing NEDSS compatible state

developed system• 20 deploying NEDSS Base System (NBS)

• January 2002: Public Health and Social Services Emergency Fund provides major funding for state and local public health capacity, including surveillance and IT capacity

TM

IT Functions and Specifications for BT

Guidance to states from CDC and HRSA

Need- Public health emergency preparedness and response need

IT to support programmatic capacities in the guidance; systems MUST be interoperable among partners and across states

Industry Standards⁻ Involved industry standards (HL7, ebXML, SNOMED,

LOINC…)

Technical specifications⁻ Specifications derived from the standards as per the

National Electronic Disease Surveillance System (NEDSS) and Health Alert Network (HAN)

⁻ Some additional specifications to be refined with partners in coming months

TM

IT Functions and Specifications for BT Guidance

• Automated Exchange of Data Between Public Health Partners

• Management of Possible Case and Contacts Data

• Specimen and Lab Result Information Management and Exchange

• Use of Electronic Clinical Data for Event Detection

• Manual Data Entry for Event Detection

• Analysis and Visualization

• Directories of Public Health and Clinical Personnel

• Public Health Information Dissemination and Alerting

• IT Security and Critical Infrastructure Protection

TM

How can NEDSS support state and local preparedness

capacity?• IT functions and specifications in Guidance

extend and incorporate NEDSS standards• Guidance explicitly proposes NEDSS

compatible systems as basis for surveillance and response systems (focus area B) and exchange of electronic data (focus area E)

• All 50 states have NEDSS funding, and Points of Contact. Forty three states have done NEDSS assessment and planning which may help with preparedness IT planning

• Bioterrorism coordinators are encouraged to work closely with NEDSS coordinators

TM

State “Base System” Option

A NEDSS compatible system for state use developed by an experienced web software developer (Computer Sciences Corporation)

• “Base system”includes Core Demographics and National Notifiable Disease Module; person based Integrated Data repository; HL-7 messaging

• Also useful as a specific implementation of NEDSS e.g. standard messages, database model

• Base System now pilot testing with state security, DBMS infrastructure in TN and NE

• Base system is platform for other modules• States have option to use (or not) CDC modules

TM

How does NEDSS support PHDSC objectives to encourage use of standards?

• NEDSS uses actual or de facto national standards for architecture; NOT specific to infectious disease• Need for broad interoperability emphasized by

states at NEDSS stakeholders’ meeting, April 2001

• Current discussions with vital registrars, NCHS to harmonize new birth and death records re-engineering

• FY2001 intra-mural $’s to support NEDSS pilot projects beyond infectious diseases at CDC

• Discussions with CMS about CMS-NEDSS harmonization to support interoperable data systems at state level

TM

How can NEDSS help encourage use of standards?

• Understanding of need for preparedness high among providers, public

• Public private partnership with eHealth Initiative includes public health, Standards Development Organization, clinical systems vendors supporting 80% of US hospitals, providers • practical solutions to implement standard messages• early step en route to NHII

• Electronic data reporting complements alert clinicians, backstops the system, (and eases burden of public health reporting requirements)

TM

Background information

TM

National Electronic Disease Surveillance System (NEDSS)

NEDSS Use of National Data Standards• HL7 2.3 public health lab message• HL7 Reference Information Model and supplement of

Public Health Conceptual Data Model• data storage• messaging

• HL7 Version 3.0 Public Health Notification messages• Commitment to participate with PH partners in SDO’s• LOINC, SNOMED, ICD and others (North

American Industry Classification System (NAICS), the Bureau of Labor Statistics Standard Occupational Class (SOC) codes, and various ISO codes)

TM

How does standards based approach support state health department ?

• Single, consistent approach to health sector partners to obtain public health data, and use of data in electronic format, when available—ie decreased respondent burden, decreased health department burden• Provides ability for public health to accept

electronic information from e.g. eHealth Initiative members

• Efficient use of infra-structure at state level• Skilled IT personnel• Software, hardware

TM

Automated Exchange of Data Between Public Health Partners

Need:

To have a “live” network for the secure exchange of appropriate data between partners in public health without manual intervention

Standards:

ebXML over SOAP over HTTPS with standard messages

Specifications:

A variety of message content formats including (with associated vocabularies):HL7 3.0 Public Health Notification messages (NEDSS)

HL7 2.3 lab result message

X12 messages

LDIF directory information messages

TM

Management of Caseand Contact Data

Need:

To manage and trace possible cases from detection, through lab testing and confirmation, possible prophylaxis and/or vaccination, adverse events monitoring and then follow-up

Standards:

HL7, SNOMED, LOINC, ISO

Specifications:

NEDSS logical data model, vocabularies, and extensions for possible case reports, contacts, and other data

TM

Specimen and Lab ResultInformation Management and

ExchangeNeed:

To have participating laboratories electronically receive laboratory requests, accept specimen and sample data, manage these data and immediately report electronic results to public health partners

Standards:

HL7, SNOMED, LOINC

Specifications:

HL7 2.3 public health lab result message

HL7 2.3 lab request message

TM

Use of Electronic Clinical Datafor Event Detection

Need:

To send appropriate primary use clinical data, in a timely fashion, to public health for the purpose of surveillance for the identification of possible bioterrorism or chemical attack.

Standards:

HL7, ebXML, X12, CPT, ICD

Specifications:Existing HL7 2.x, order and result messages with vocabularies

Extensions to the NEDSS Logical Data Model for storage and messaging in the areas of presenting complaint and syndromic data, laboratory order and diagnostic study requests and results, admission and discharge data, utilization data, other clinical data

TM

Manual Data Entryfor Event Detection

Need:

To accumulate for public health purposes, manually entered syndromic and other data (utilization, clinical census, aggregate diagnoses), entered at clinical points of care that may provide surveillance for the identification of a possible bioterrorism or chemical attack.

Standards:

PKI, strong authentication, WWW – N-Tiered Architecture, HL7

Specifications:

Extensions to the NEDSS Logical Data Model for storage in the areas of presenting complaint and syndromic data, laboratory order and diagnostic study requests and results, admission and discharge data, utilization data, other clinical data

TM

Analysis and VisualizationNeed:

To analyze, display, report and map data accumulated and stored according to the specifications in the other functions including outbreak detection algorithms, statistical analysis, Geographic Information Systems (GIS). To be able to share analytic, reporting and display capabilities.

Standards:

HL7 RIM

Specified Vocabularies

Specifications:

Use of a variety of Commercial Off the Shelf Software platforms

NEDSS logical data model and extensions

TM

Directories of Public Healthand Clinical Personnel

Need:

To support directories of public health participants (including primary clinical personnel), their roles and contact information for public health jurisdictions

Standards:

LDAP

Specifications:

LDAP schema for public health directories*

Public health LDIF data exchange specification*

* In draft form

TM

Public Health InformationDissemination and Alerting

Need:

To receive, manage and disseminate alerts, protocols, procedures and other information for dissemination to public health workers, primary care physicians, public health laboratorians, and public health partners in emergency response.

Standards:

SMTP, XML

Specifications:

Messages specifications to include criticality, target audience, etc. to match public health LDAP schema

TM

IT Security and CriticalInfrastructure Protection

Need:

To assuring that access to sensitive or critical information is not lost, destroyed, misappropriated or corrupted and to assure that continuity of operations can be maintained subsequent to a deliberate or natural catastrophic event.

Standards:

HIPAA, PKI, HTTPS

Specifications:Independent validation and verification security and continuity of operations

TM

State and local health department participation in

NEDSS• Partner organization “point of contact” & co-ordination,

IT Committees (ASTHO, NACCHO, CSTE, APHL, NAPHSIS, NAHDO)

• Working groups on cross-cutting topics• Participation in developing NEDSS Base System

• JAD sessions• Ongoing review of requirements drafts, prototypes• Integration testing, pilot testing Nebraska,

Tennessee• Stakeholders meetings• Representation on CDC Information Council• Web Board conferences, postings

TM

COTSApplication

COTSApplication

SystemsElement

SystemsElement

Standards Standards

NEDSS Systems Architecture Elements

• The NEDSS architecture is currently built around 8 elements that are functionally and technically defined.

• The elements encourage highly modular systems implementations.

• They are delineated by industry standards and the de facto standards of existing commercial product niches.

• They facilitate the use of commercial software as elements, but minimize proprietary commercial applications that cross element boundaries.

• They try to facilitate exit strategies to take advantage of new commercial development.

TM

Implement an integrated data repository• able to be patient centered, non-categorical• support “thick” client and web applications • (ODBC, JDBC and ANSI SQL)

Integrated State / Local DataRepository

TM

Implement a security system and appropriate security policies (Internet-based, with a firewall and certificates or tokens)


TM

Conduct and support web browser-based data entry and data management.

• Internet presentable, but not necessary• Multi-tiered including an application server

to run web “forms” from others



OrClinical

Site


TM

Accept, route and process electronic HL7 messages containing laboratory and clinical content (LOINC, SNOMED).

ClinicalDatabase


HL7




OrClinical

Site

TM

Develop active data translation and exchange (integration broker) functionality (XML, DTD’s HTTPS).

ClinicalDatabase


XMLData

Exchange


HL7




OrClinical

Site

TM

Develop data reporting and visualization capability (messaging and import/export ODBC, JDBC, ANSI SQL).

ClinicalDatabase


XMLData

Exchange


HL7

Reporting, GIS and Analysis




OrClinical

Site

TM

Implement a shareable directory of public health personnel (LDAP).

ClinicalDatabase Shareable

Directory of PH Personnel


XMLData

Exchange


HL7




OrClinical

Site

Reporting, GIS and Analysis

TM

Develop transportable business logic capability (COM, CORBA, EJB).

ClinicalDatabase


XMLData

Exchange


HL7




OrClinical

Site

ShareableDirectory of

PH Personnel

Reporting, GIS and AnalysisB L

B L

B L

B L

TM

Will support and run CDC developed applications and web based “case reports” that interoperate with this environment.

Integrated State / Local DataRepository

CDC Forms and Applications


XMLData

Exchange

TM

What does NEDSS have to do with HIPAA?

• HIPAA mandates national health care data standards and policies in four areas:• Transaction content; unique identifiers for providers, health

plans; security; privacy

• NEDSS architecture standards are HIPAA compliant: • supports “dual use” for security, messaging elements

• Approach to NEDSS data standards is HIPAA compliant: • Adopting HIPAA standards where relevant eg electronic

laboratory reporting in NEDSS uses standards in HIPAA NPRM for laboratory claims attachment

• Advocating inclusion of data elements relevant to public health with SDO’s

TM

What does NEDSS have to do with HIPAA Privacy Rule?

• Privacy Rule allows current practice of sharing data with public health• Rule permits health care providers to share

individually identifiable information with legally authorized public health entities for public health activities

• Public health activities include surveillance (NEDSS), investigation, intervention