ON THE USE OF openEHR IN A PORTABLE PHR

Cândido Santos

1,2

, Tiago Pedrosa

1,3

, Carlos Costa

and José Luís Oliveira

DETI/IEETA, Universidade de Aveiro, Aveiro, Portugal

DEE, Instituto Superior de Engenharia de Coimbra (ISEC), Coimbra, Portugal

IPB, Instituto Politécnico de Bragança, Bragança, Portugal

Keywords: Personal health record, Electronic health record, openEHR, Privacy, Security.

Abstract: Quality medical acts rely on patient medical information. With paper records, the responsibility of gathering

the disparate information and making it available to the caregivers, falls exclusively upon the patient. This

still is, to great extent, the case with electronic health documents. The consensus is that the advantages of

patient involvement in his own health are numerous. With the advent of recent technologies and their

deployment in healthcare, new ways of involving the patient and making him an active part of his own

health are possible. Electronic Health Records (EHR) and specially Personal Health Records (PHR) are

important tools for patient empowerment but data population and management through non-intuitive

structured forms is time consuming, takes a great amount of effort, and can be deterring specially for people

that are not very computer-oriented. PHRs can be simple and scalable applications that the patient uses to

get started and afterwards evolve towards complexity. In any case, compliance with standards must be

accomplished. In this paper we present a PHR simple to use, implemented on a USB Flash pen for mobility,

and compliant with the openEHR specification. Our model builds on openEHR and adds security and

privacy features, allows patient data management and can work as an information repository.

1 INTRODUCTION

Healthcare is currently undergoing profound

changes. New diagnose and treatment techniques

make possible to address more conditions thus

increasing personal life quality but also the number

and severity of illnesses per patient. People pay an

increasing attention to their own health, demanding

for quality healthcare. Population ageing leads to an

increase in the number and seriousness of medical

conditions per patient, and to continuous and

integrated healthcare.

All the aforementioned factors result in an

increase in the number of medical acts, their

improved quality, the rise in health costs, and the

exponential escalation of the amount of existing

information per patient. Of special interest to us is

the latter.

Personal Health Information (PHI) is typically

generated in many different places making its

collection and management difficult for the patient.

With great amounts of PHI to process, existence

doesn’t necessarily mean availability and availability

doesn’t necessarily mean usability. Information can

exist and not be available to the professional

caregiver, or it can be available but take too much

time to browse through.

It is common sense that involving patients in

their own healthcare is positive. The more involved

and informed a patient is, the more useful

information he will supply and more informed

medical decisions will be made by healthcare

professionals.

Information technologies bring new possibilities

to PHI management through the use of computerized

medical records that can assume many forms. The

deployment of Electronic Health Records (EHR) in

general replaces with advantages the paper-based

records. Personal Health Records (PHR) are an

important factor contributing for patient

empowerment.

Patient management of PHI through the use of a

PHR can be daunting, specially for people not very

familiar with computers. Meticulous, regular and

timely data input by the patient is undoubtedly

clinically relevant and helpful. But most

implementations force the use of complex and user-

unfriendly screen forms. Thus, instead of acting as

351

Santos C., Pedrosa T., Costa C. and Luís Oliveira J..

ON THE USE OF openEHR IN A PORTABLE PHR .

DOI: 10.5220/0003173203510356

In Proceedings of the International Conference on Health Informatics (HEALTHINF-2011), pages 351-356

ISBN: 978-989-8425-34-8

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

positive factors in involving the patient in his own

health, these implementations can easily deter an

individual away from technology, accomplishing

exactly the opposite objective they were designed

for.

We share the vision that PHRs are an important

factor in positive patient involvement in his own

health, and ultimately in total patient empowerment.

But we take a simplistic approach and propose that

complicated computerized PHI management

schemes can be more prejudicial than beneficial.

Instead, a minimal PHR, conformant with current

standards, and easy to use can serve as an entry point

specially for users that are not too computer-skilled.

If, later on, those users decide they want extra

features in their PHR, more complex

implementations are available.

In this paper we review the current situation

concerning patient’s medical records and advocate

steps towards patient empowerment through PHRs.

Considering that a) A great percentage of data

that is accessible to patients consists of

Complementary Diagnose Tests (CDT), mostly in

paper format; b) When converted into electronic

format, this data will also be responsible for the

greatest demands in terms of storage and

management needs; c) The open source standard

specification openEHR allows integration with

legacy systems (assumed to be professionally

managed); a simple system for the patient to perform

that integration and PHI management at a personal

level is worthy of attention.

Most PHR proposals state that it must be patient-

centric, but that usually just means that the health

information revolves around the patient. We propose

a PHR that is patient-centric in information terms,

and that is also user-centric in terms of easiness.

2 BACKGROUND

One way of making the patient a more active

participant in the healthcare services he seeks

throughout his lifetime is by allowing him to

responsibly manage his own PHI. Population ageing

is changing some paradigms in healthcare, making it

more patient-centric and increasingly relying on the

patients’ responsible actions in the management of

their own conditions like diabetes, for example.

With the objective of giving the patient some

form of access to his health information, some PHI

management schemes have been proposed, namely

through the use of EHRs and PHRs operated on

servers, personal computers and mass storage

devices and accessed locally or remotely via smart

cards, as proposed by Costa (2003) and Costa (2004)

and other portable devices like USB pens.

2.1 Patient Empowerment

Anderson and Funnel (2009) argue that patient

empowerment in healthcare can be conceived as the

capacity of patients to think critically and make

autonomous decisions. In order to achieve this, the

patient must have access to a comprehensive set of

his own PHI and be capable of managing that data in

the way he sees fit. To achieve this goal, the control

of the medical information has to fall under the full

responsibility of the patient, i.e. the patient must

have physical possession of all the data pertaining to

his health.

When considering PHI management through the

use of information technologies, different levels of

computer knowledge have to be considered since

some people are not technology-oriented. A scalable

solution adaptable to different user technology

awareness is a major advantage.

2.2 EHRs and PHRs

PHI management is achieved through EHRs and

PHRs but various problems presently afflict this

technological field, in particular the lack of data

representation and data transfer standards widely

accepted, the non-agreement on the basic data fields

that make up an EHR/PHR, the varying definitions

of EHRs and PHRs, and legal issues concerning data

ownership.

There are no generally accepted definitions for

EHRs and PHRs but most of the literature seems to

agree at least on one basic difference between them:

an EHR contains PHI and is usually stored and

managed by a healthcare institution for the use of

healthcare professionals, while a PHR consists of a

set of PHI (that might be the same or different from

the data set contained in the EHR) that is usually

stored under the patient’s ownership and

management, and for his own use.

Of special concern to us is the concept of PHR.

According to Tang et al (2006) a PHR is more than a

simple means to gather all the scattered information,

it encompasses a set of data, knowledge and

applications that allow the patient to become

actively involved in his health by providing a set of

functionalities. Kaelber et al (2008) have presented a

general description of most of the work that remains

to be done in the field of PHRs.

HEALTHINF 2011 - International Conference on Health Informatics

352

One of the problems that face developers is the

right choice of model to work with. Given the

present interest surrounding this theme, it’s only

natural that various classifications arise. For

example, Kaelber and Pan (2008) classified PHRs

according to their degree of interconnectivity as a)

Stand-alone; b) Tethered. The later being subdivided

in provider-tethered, payer-tethered, third-party-

tethered and interoperable.

The stand-alone model has the advantage of

being non-biased in terms of the focus it presents

towards parts of the data contained in the PHR but

the disadvantage of having to be bought, while the

tethered models tend to be offered as fidelity factor

or, at least, to be less expensive. Another important

factor to have in mind is the record data population

method.

The tethered models present the advantage of

being frequently given by institutions free of charge

and being already populated with some information.

But also have the disadvantage of each particular

type of PHR being too focused on the type of

information more relevant to that institution.

Tang et al (2006) consider that the most

promising architecture for a PHR is the one that

integrates with an existing EHR. According to the

classification presented this corresponds to the

tethered-interoperable model.

From the perspective of patient empowerment

data ownership and management assume a crucial

importance. Maloney and Wright (2010) classify

PHRs in four categories: a) self-contained EHR,

maintained and controlled by the patient; b) self-

contained EHR, maintained by a third-party such as

a web service provider; c) component of an

integrated care EHR maintained by a health provider

(e.g. a general practitioner) and controlled at least

partially by the patient; d) component of an

integrated care EHR but maintained and controlled

by the patient.

2.3 PHRs in Portable Devices

Smart Cards (SC) are very secure authentication

tokens and some of them have very useful

cryptographic capabilities, thus providing very

interesting characteristics when deployed in

healthcare in general namely as remote PHI access

tokens. Some of the proposed models of PHR in

smart cards are remote information aggregation

tokens that allow the patient to visualize some of his

PHI contained elsewhere and to manage some of

that information in a necessarily limited manner.

Some countries are shifting from traditional

paper-based national identification cards and

passports towards smart cards. This evolution

towards a technological overlap between

identification, health information access, and

management makes possible to envision many forms

of integration.

The storage capacity of smart cards is on the

constant rise but more so is the amount of medical

information generated per patient that can nowadays

take some gigabytes of storage space, and this is an

important limitation at the moment. For all their

security features, SC’s are undoubtedly a type of

device to keep under close observation in search of

future developments.

Among the logical candidates for storage devices

capable of holding a PHR under the patient’s

responsibility are external hard drives, CDs, DVDs,

and USB flash pens. According to Srinivasan and

Datta (2007), because of issues like physical

resistance to damage, better performance under

electromagnetic fields, the fact that they have no

moving parts, don’t need any additional hardware,

are not susceptible to dust, and that can come in a

variety of shapes and forms, the USB pens are the

most advantageous of them.

On top of all those advantages, there are now a

number of portable applications described by

PortableApps (2010) and Pendriveapps (2010) that

don’t need installation and can be executed from the

pen, an additional security factor.

2.4 Standards

In this field of work the lack of widely accepted

standards is a reality, there is no shortage of

proposed standards, the shortage is at the acceptance

level. At the core of data representation, structure

and storage there are three well positioned

candidates: openEHR as described by openEHR

(2007); HL7-CDA (Health Level 7 – Clinical

Document Architecture), described by Dolin et al

(2006); and CCR (Continuity of Care Record)

described by Ferranti et al (2006). At the

communication level, HL7 seems to hold the

advantage at the moment. We will not get into an in-

depth analysis of these standards and will focus our

attention on the openEHR specification mainly

because it is open source and attempts to comply

both with HL7 and HL7-CDA.

OpenEHR is a set of specifications for an EHR

focusing mainly on structure and content. An EHR

compliant with openEHR consists of a logically

organized structure of folders, each containing

ON THE USE OF openEHR IN A PORTABLE PHR

353

versioned healthcare events. Versioning is

accomplished through recording every data change

in special data structures (Contributions).

All the interaction with data is achieved through

the use of Archetypes and Templates. An archetype

is a component that allows standardization by

mapping each medical event into pre-agreed

individual fields of information (Entries) forming a

Composition. A Template serves both as a

messaging standardization structure and is closely

related to screen forms. It aggregates one or usually

more archetypes.

An archetype can be used to manage data

referring, for example, to a blood pressure

monitoring event, that are mapped into various

information fields (date, systolic, diastolic,

respective values, etc), forming a Composition, e.g.

“blood pressure measurement”. A Template can be

an aggregate of information, e.g. “discharge

summary” that manages the information relative to

various healthcare events, each one of them created

through a particular archetype.

Archetypes are meant to be created by other

parties, namely in close collaboration with medical

experts, and Templates are mostly to be developed

by local implementations. Archetypes are also the

structures that allow the use of terminologies.

OpenEHR’s main focus is on components

instead of documents and its main specification is

the openEHR EHR Reference Model, namely its

EHR Information Model described by Beale et al

(2008). An openEHR system is composed of an

EHR Repository, an Archetype Repository,

Terminology, and Demographic or identity

information. A high-level openEHR EHR structure

consists of Contributions, EHR_id, EHR_Access,

EHR_Status, Directory, and Compositions.

3 A PORTABLE PHR openEHR-

Compliant

The basic paradigm of the Portable PHR (p.PHR) is

simplicity in order to attract users to the world of

PHRs. The best way to start is by allowing

individuals to scan their current paper records,

mostly CDTs and to provide a simple means to

store, organize and manage that information that will

be kept in a USB flash pen for total portability. The

proposed model also accommodates a workflow

similar to the paper-based but in which CDTs are

handed to the patient in electronic format both by e-

mail and in physical presence.

In another work (Santos et al, 2010), we

proposed a p.PHR, implemented on a USB flash

pen, based on secure virtual containers with

characteristics briefly summarized below. In this

paper we present the necessary steps to make it

compatible with the openEHR specifications.

One of the key concepts of the previously

proposed PHR model is the existence of five

different conceptual data types implemented through

individual document classification or by placing the

documents in different data storage areas or virtual

containers: a) Confidential Data (extremely

sensitive); b) Normal Data (disclosed to health

professionals); c)Transfer Data (recently entered the

PHR); d) Prescription Data; e) Emergency Data.

This model allows patient mobility, provides an

emergency data repository, and can be used, by a

patient with just basic computer skills, as a passive

information repository to be carried between

healthcare facilities, thus mimicking the existing

social habit with paper-based records.

In order to achieve this, the p.PHR’s structure

needs to be secure and to allow for different data

storage areas depending on the degree of

confidentiality the patient deems the particular data

items that make up his PHR. The information

contained in the p.PHR is controlled, managed, and

made available to third parties by the patient and

only under his explicit consent.

In order to allow the patient to both manage the

PHI contained in the p.PHR and to make it available

to other actors in a scalable manner, various

operating modes are available upon patient’s option.

These operating modes are shown in figure 1.

Upon receiving the p.PHR in the respective

device, the patient authenticates himself for account

provisioning. The device is supplied with a master-

password that will be used for the initial setup of

p.PHR native applications and for the creation of a

working-password (password). When the patient

accesses the p.PHR an operating mode is selected.

Each actor in healthcare delivery has different

information access needs, therefore with different

access privileges to each data type. Figure 1 shows

these data types in usage context.

Although an EHR is conceptually different from

a PHR, the openEHR specification can be deployed

for data structure. In terms of data, the EHR

openEHR-compliant’s structure can be deployed

with the added feature of the secure virtual

containers (containing the classified compositions)

reflected at the openEHR directory level.

In terms of the overall system the EHR

repository

will be reduced to just one PHR and the

HEALTHINF 2011 - International Conference on Health Informatics

354

Figure 1. p.PHR data and user-access.

Figure 2. Containers, EHR, and HER system.

demographic repository will also be reduced to just

the individual’s information. There is no need for a

Patient Master Index (PMI) since there is only one

patient in the PHR system. The same applies to the

EHR_id data structure since there is no need to make

the p.PHR a part of any uniquely identifiable

scheme. The Archetype Repository, residing outside

any secure virtual container, is populated with the

necessary Archetypes on a needed basis. Outside

any container is also the EHR_Status data structure.

This Architecture is depicted in figure 2.

Inside each secure container there are openEHR

compositions, that are data previously instantiated

by the Archetypes, optionally including, or

referencing, CDT multimedia files, and the virtual

container File Indexing Database that references all

documents in the container.

The openEHR specification is directed towards

various users creating data and populating the

record. In our p.PHR implementation, the patient is

the only data creator who shows different views of

his PHI to various users, this fact carries some

implications. There is no need to implement a heavy

access control strategy and we can rely on the

password-protected secure virtual containers for

different user-access. The data structure

EHR_ACCESS provided by openEHR is not used in

our implementation. The versioning supported by

openEHR can be discarded in favor of simplicity

since there aren’t many data alterations that can be

foreseen. There is no internal electronic signature

scheme for information integrity although, in the

case of externally generated electronic data items

should be signed by the respective institutions that

generated them by their own software.

The data management functionality is

implemented as document classification through the

use of Archetypes, e.g the openEHR-EHR-

CLUSTER.exam-generic.v1 that is simultaneously

generic and allows for the storage of a multimedia

file, which is very useful for CDT management.

Medication and allergies lists are entered through

openEHR-EHR-COMPOSITION.medication-list.v1

and openEHR-EHR-EVALUATION.adverse.v1

Archetypes.

The pPHR is completely pen-resident and

consists of a stand-alone application with various

management functionalities allowing access to a

virtual container where the various data items are

stored. The virtual container is implemented in a zip-

like manner (ZipArchive) with compression and file

encryption via a soft-coded encryption key. AES

encryption algorithm and the fact that, upon access

by the application, the files are decompressed to

computer RAM memory only, are important features

contributing for enhanced security. Encryption

capabilities are allowed by openEHR.

The access to any individual file stored inside a

virtual container is subject to authentication and the

decompression of the files is made to computer’s

memory. The fact that decompressed data is not

written to hard disk or even to the USB pen is an

increased security feature.

ON THE USE OF openEHR IN A PORTABLE PHR

355

4 CONCLUSIONS

PHRs are a way of involving patients in their own

healthcare but complex implementations can turn

those users with just the basic computer knowledge

away from technology.

An individual’s PHI is at present generated

dispersedly and is stored in many different locations

under many physical formats. The responsibility of

collecting it and making it available to the healthcare

professionals falls upon the patient.

Our approach to PHRs is a simplistic one

providing an implementation that can be a point of

entry for the patient. Later he will be given the

chance of more functional implementations and

consequently more complex to use.

A portable PHR in a USB pen device can be

envisioned as a complement, rather than a

replacement for existing PHI management systems,

such as EHRs. The p.PHR intends to be the initial

step in letting the patient assume the responsibility

of managing his own PHI, thus contributing for

patient empowerment. The medical data pertaining

to a patient and maintained in the p.PHR is kept

under his direct control, allows patient mobility, and

provides an emergency data repository. The patient

decides which data becomes part of the record and

who, and under what circumstances, has access to it.

Data is kept in conceptually different data

containers and is controlled, managed, and made

available to third parties by the patient and only

under his explicit consent. Any access to the p.PHR

and the data within depends exclusively on patient’s

authorization.

Standard conformity is achieved through the

deployment of the openEHR specifications and their

generic, multi-user, and EHR-oriented, adaptation to

our specific, single-user, PHR needs.

Security features are added through the use of

password-protected virtual containers.

Privacy concerns are addresses by different data

containers and data-classification.

REFERENCES

Anderson, R.M & Funnell, MM 2009, Patient

empowerment: Myths and misconceptions. Patient

Educ Couns.

Beale, T et al 2008, EHR Information Model - Revision

5.1.1. The openEHR Foundation.

Costa, C 2004, Doctoral Thesis: A Security Dynamic

Model for Healthcare Information Systems.

Departamento de Electrónica e Telecomunicações,

Universidade de Aveiro.

Costa, C et al 2003, A New Concept for an Integrated

Healthcare Access Model. The New Navigators: From

Professionals to Patients. Proceedings of MIE2003.

Dolin, RH, et al 2006, HL7 Clinical Document

Architecture, Release 2. J Am Med Inform Assoc,

13(1): p. 30-9.

Ferranti, JM et al 2006, The clinical document

architecture and the continuity of care record: a

critical analysis. J Am Med Inform Assoc, 13(3): p.

245-52.

Kaelber, D et al 2008, A Research Agenda for Personal

Health Records (PHRs). JAMIA.

Kaelber, D & Pan, EC 2008, The value of personal health

record (PHR) systems. AMIA Annu Symp Proc, p.

343-7.

Maloney, FL & Wright, A 2010, USB-based Personal

Health Records: An analysis of features and

functionality. Int J Med Inform.

openEHR 2007, Introducing openEHR - Revision 1.1. The

openEHR Foundation.

Pendriveapps.com 2010, Portable applications that can be

run from a usb device [Online]. (Accessed 2010-02-

10).

PortableApps.com 2010, Portable Aplications - Your

Digital Life Everywhere

[Online]. (Accessed 2010-

02-10).

Santos, J et al, 2010, Modelling a Portable Personal

Health record. Proceedings of the International

Conference on Health Informatics (HealthInf 2010).

Valencia, Spain. p. 494-498.

Srinivasan, U & Datta, G 2007, Personal Health Record

(PHR) in a Talisman: An Approach to Providing

Continuity of Care in Developing Countries Using

Existing Social Habits. 9th International Conference

on e-Health Networking, Applications and Services, p.

277-279.

Tang, PC et al 2006, Personal health records: definitions,

benefits, and strategies for overcoming barriers to

adoption. JAMIA 13(2): p.121-6.

HEALTHINF 2011 - International Conference on Health Informatics

356