THE DEVELOPMENT OF A PROTOTYPE E-P.O. BOX AND ITS

APPLICATION TO PERSONAL HEALTH INFORMATION

MANAGEMENT SYSTEM

Joong-Sun Lee

, Hiroyuki Suzuki

, NaokoTaira

, Kouichi Kita

, Takashi Obi

Masuyoshi Yachida

, Takahiro Yokoyma

, Hiroshige Yamamoto

, Kazuhisa Uryu

Masahiro Yamaguchi

and Nagaaki Ohyama

Tokyo Institute of Technology, 4259 Nagatsuta, Midori-ku, Yokohama 226-8503, Japan

Health Information Security Performance Rating Organization, 2-9 Sakuragaokacho, Shibuya, Tokyo 150-0031, Japan

Keywords: Electronic Health Records, PHR, e-Post Office Box, Health Card, Healthcare Management System.

Abstract: We introduce e-Post Office Box system which renders individuals their personal information management

and safe access through the Internet to share and utilize their personal information under their own control.

We have developed a personal health information management system based on the e-P.O.Box conception.

All the personal information dealt in the system is securely protected in the network complying with the

government guidelines for safety management of medical information systems. The system is connected

with medical institutions using on-demand VPN and, the access to it is securely guarded by the use of IC

card. We conducted a field experiment for the evaluation of the developed system with the staffs of Tokyo

Institute of Technology and doctors in a hospital, simulating the cases of clinical consultation of patients

with some adult disease. The experiment confirmed the effectiveness of the system for the patients.

1 INTRODUCTION

In the healthcare field, it is important to compile the

healthcare information into a database to share and

utilize it. So far, healthcare information sharing has

been discussed on the viewpoint of community

medicine cooperation and statistics, and several

experiments have been done in some areas.

However, information sharing on the viewpoint of

individual-centric and self-healthcare management is

just the beginning stage of discussion. To record

personal health data for the lifetime requires many

complicated access control with various limitations

on privacy protection. Meanwhile, individual-centric

self-healthcare management system provides

communication tool for the patient to convey

precisely his state to healthcare staffs, and it has the

effect of eliminating unnecessary or redundant

clinical trials reducing the burden of the patient. In

addition, the system furnishes patient episodes of pre

and post-hospital care, medical certificate, and

referral letters online. It also makes medicines

information including prescription managed by

patient himself, and is effectively used as a

healthcare consultation tool.

We introduce e-Post Office Box (e-P.O.Box)

system which renders individuals their personal

information management and safe access through

the Internet to share and utilize their personal

information under their own control. The concept

was at first proposed in the meeting of IT Strategic

Headquarters of Japanese government Dec. 2006,

and adopted in the Priority Policy Program 2007.

The e-P.O.Box project had been supported by the

Cooperation of the Cabinet Secretariat, Ministry of

Internal Affairs and Communications (MIC), and

Ministry of Health, Labor and Welfare (MHLW).

In the New Strategy in IT May 2010, "My

Hospital Everywhere" (Japan's Personal Health

Record service) policy was declared, of which the

concept enables individuals to electronically manage

and utilize their own medical and health-related

information wherever they may be. Government is

scheduled to start partial services based on the

concept (management of medication and other

records) by 2013, at the latest. In fact, "My Hospital

622

Lee J., Suzuki H., Taira N., Kita K., Obi T., Yachida M., Yokoyma T., Yamamoto H., Uryu K., Yamaguchi M. and Ohyama N..

THE DEVELOPMENT OF A PROTOTYPE E-P.O. BOX AND ITS APPLICATION TO PERSONAL HEALTH INFORMATION MANAGEMENT SYSTEM.

DOI: 10.5220/0003295406220625

In Proceedings of the International Conference on Health Informatics (HEALTHINF-2011), pages 622-625

ISBN: 978-989-8425-34-8

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

Everywhere" concept can to be implemented by the

application of the e-P.O.Box.

We developed a prototype of the e-P.O.Box

Basic System applied to personal health information

management system, whereby health information is

delivered from medical institutions to the server, i.e.

e-P.O.Box, for patient to manage his own. The

patient can access to the server using his ID card,

download his information, register other necessary

information, and refer to them when required for the

treatment or health maintenance from a medical

institution or from home. We conducted a field

experiment for the evaluation of the developed

system with the staffs of Tokyo Institute of

Technology and doctors in a hospital, simulating the

cases of clinical consultation of patients with some

adult disease. The experiment confirmed the

effectiveness of the system for the patients.

2 CONCEPT OF THE E-P.O. BOX

The introduction of the e-P.O.Box is for the purpose

of providing citizen’s personal information to the

citizen himself by governmental administrative and

social security-related organization. All the e-

Government services is expected to be converged

through the e-P.O.Box aiming for one stop service,

including the social security status check, national

pension, health insurance, employment insurance

etc. as well as healthcare service of private sector.

Especially, if personal healthcare information added

and managed, then e-P.O.Box functions as a PHR,

and it can also include personal pharmaceutical

information, such as e-Prescription and personal

medication history.

It is just like a bank account through which

people manage his monetary flow trusting the

baking service provider. The use of the account is

fully under the holder’s control and the status could

be checked at anytime. Every people in Japan

including foreigner has resident registration is given

a personal account of e-P.O.Box in the cyberspace.

However, it is not mandatorily but by the voluntary

application, which is for good social acceptance.

The e-P.O.Box account has a role of reliable

point in the cyberspace trusted publicly and

definitely tied to the user, like the address of home

in the real world, of which the existence is registered

in the local government. The cyber home position

provides a method of certification and qualification

of the user in public services, and the access to it is

securely guarded by the use of IC card. The newly

introduced Social Security Card is expected to be an

access card of the e-P.O.Box, the issuance covering

resident aliens in Japan. Another candidate is the

Basic Resident Register Card currently being used as

an identification card. In this case, however, the card

holder is limited to only Japanese nationality so far.

The e-P.O.Box seems at first glance to be similar

to the portal sites and PHR (Personal Health Record)

systems, which already exist in the Internet sites. In

such systems, however, management of information

flow is under the service provider’s control, so users

usually have ‘windows’ or ‘gates’ only to browse

their information. Moreover, the existent services

are separately provided by local governments, health

insurers, and medical institutions. Protection of

user’s privacy is always a matter of great concern.

3 APPLICATION TO PHR

AND MEDICATION HISTORY

MANAGEMENT

A prototype of the e-P.O.Box System was developed

in Tokyo Institute of Technology for personal health

information management system. It consists of three

parts, inBox, viewBox, and Concierge. The inBox

has the function mainly to receive data from

healthcare institutions. The viewBox is used to

Concierge is a bridge for cooperation with external

services, which effectively utilizes the personal

health data for the user. Fig.1 shows the schematic

diagram of personal health information reference

system. In this diagram, the part of the Examination

Center is taken out of the laboratory and put in the

hospital near Tokyo Tech to collect the medical

examination data of users. For the upload from the

hospital to the server, HPKI signature is used to

confirm the potential authentication of the data.

The system adopts the Tokyo Tech ID card as an

access IC card, which is issued to all the staffs and

students of Tokyo Institute of Technology. The IC

card has user authentication function by PKI (Public

Key Infrastructure) technology, and is used for data

encryption and decryption to guarantee a

confidential communication. The electronic

signature of doctor is generated using HPKI

(Healthcare Public Key Infrastructure) and attached

to the data to confirm the integrity and non-

repudiation of it. The HPKI certificate is issued by

MEDIS-DC (Medical Information System

Development Center) in Japan.

The healthcare data dealt through the system are

to be described in a unified form to share and

THE DEVELOPMENT OF A PROTOTYPE E-P.O. BOX AND ITS APPLICATION TO PERSONAL HEALTH

INFORMATION MANAGEMENT SYSTEM

623

utilized effectively. As a standard format, we applied

HL7 CDA R2 to the health checkup report. It is

standardized in CDA SIG of HL7 Japan and adopted

HELICS (Health Information and Communication

Standards) Board of Japan. The health checkup

report is converted to a document written in XML

using data transformation software developed in

Tokyo Tech.

The formally arranged document is added with

metadata and packaged with appendant files before

compression. The metadata contains concise

information to make the contents of the document

easily searched and managed effectively.

Figure 1: The schematic diagram of personal health

information management system.

4 EXPERIMENT AND RESULTS

We conducted field trial experiment of the

developed system with the staff and students of

Tokyo Institute of Technology. For the experiment,

The Tokyo Tech ID card is substituted for the access

card of is the e-P.O.Box. The Tokyo Tech ID card

has PKI function.

The workflow is as follow;

(1) The medical examination data including

diagnostic images and electrocardiograms, if

any, are digitally signed by the doctors and sent

to the account of the patient in the Examination

Data Server, i.e. inBox of the prototype e-

P.O.Box. The data pass through the OD-VPN(a

Dynamic On-demand VPN) Router is encrypted

by a secret key of symmetric key cryptography

and the secret key is encrypted by patient’s

public key and attached to the data 20).

(2) The patient accesses to his account with

authentication by his ID card, and download the

data from the hospital. The secret key used in the

encryption of the data is decrypted using his

private key packed in the ID card.

(3) The data is decrypted by the secret key. The

medical examination data with digital signature

of the doctor is securely registered in viewBox at

patient discretion.

(4) Dynamic On-demand VPN authenticates the

sender to be a healthcare professional by HPKI

and the connection control is performed by the

policy.

(5) By HPKI, the referring side of the data can

confirm that it is provided by healthcare

institution or by a source of the public

responsibility.

To evaluate the developed system, we conducted

a simulation of consultation referencing healthcare

data in the field experiment in a hospital. In the

experiment, we verified that whether the system was

easily operated with several privacy protection

installations, procedures of data acquisition and

reference are adequate, and after all it was clinically

effective or not. The problems occurring when

individuals manage their own healthcare information

were also investigated.

The patients participating in the simulation are

supposed to have a symptom of adult diseases, such

as hyperpiesia, diabetes, and arrhythmia. Doctors are

given the explanation of security mechanism of the

system to understand the significance of using the

ID card. They can check the authenticity of patient

data through verification of the electronic signatures

knowing the name of institutions where the dada are

originally produced. Doctors can confirm some of

data are concealed by the patient, if any, for some

reason of his privacy.

5 DISCUSSION

In the field experiment conducted in the hospital to

evaluate the system, we confirmed the effectiveness

of it in the consultation for the patients. Doctors

gave precious comments to improve the system,

especially about the user interfaces. Through the

experiment, we have known that the system provides

a good tool to share the healthcare data securely

among medical institutions. It also makes it possible

for people manage his own health data under his

control, which is one of the main purposes of the

system.

HEALTHINF 2011 - International Conference on Health Informatics

624

The system complies with governmental network

security management guideline for health

information system by using the dynamic on-

demand VPN technology on the Internet.

In the near future, we are going to conduct

another experiment of actual service for a group of

staffs and students of Tokyo Institute of Technology

with newly developed pseudo-electronic prescription

function. The function enables patient to manage his

medication history, as well as daily measuring data

such as blood pressure, weight, and caloric intake.

Technical aspects for uncommon uses of the

system are under study. They include handling

emergency cases with unconscious patients. The

access of patient data by a legal representative or

guardian has also to be considered for children or

people who do not have an ability to manage his

data. Preparing for the case when patient cannot use

his access card anymore by loss or fault of it is

necessary as well.

For the real service using the system,

participation of as many medical institutions as

possible is inevitable. However, it requires

multifaceted incentives for the participant hospitals.

This is thought to be one of the most crucial factors

for widespread public use of the system.

To spread the system for the public use, who pay

the cost of the system is one of the most significant

considerations in the future. It sounds reasonable

that the sender of the information bears the cost.

Other data such as EHR could be treated in the e-

P.O.Box box at the user’s choice, even more life

event such as employment, retirement, graduation,

move, etc. could be included with a good navigation

of the Concierge function. The more widely used,

the less expensively it would costs.

The access method of the system is another key

factor for the diffusion of the system. The adoption

of various terminals, such as Mobile phone and

kiosk terminal, is being considered as the candidates.

Access through the digital TV for terrestrial

broadcast that wholly starts from Jun. 2011 is also

under discussion. It is from the perspective of

dissolving digital divide and providing universal

service for the people who are not familiar with

using computer.

REFERENCES

Priority Policy Program 2007, from: http://www.kantei.

go.jp/foreign/ policy/it/Program2007.pdf. Accessed

August 28, 2008.

A New Strategy in Information and Communications

Technology (IT) May 11, 2010, from www.kantei.

go.jp/foreign/policy/it/100511_full.pdf

Takeda H., Matsumura Y., Kuwata S., Nakano H.,

Sakamoto N., Yamamoto R., (2000). Architecture for

networked electronic patient record systems. Int J Med

Inform 60(2):161-167.

Application service of HPKI certificate in MEDIS-DC.

from: http://www.medis.or.jp/8_hpki/index.html .

Accessed September 4, 2008.

Kita K., Hirai M., Suzuki H., Yachida M., Yamaguchi M.,

Obi T., Ohyama N., (2007). The personal health data

referring system conforming to a health checkup

report standard for personal use based on CDA R2;

The 27th Joint Conference on Medical Informatics.

Joong-Sun Lee, Hiroyuki Suzuki, Naoko Taira, Kouichi

Kita, Takashi Obi, Masuyoshi Yachida, Hiroshige

Yamamoto, Yuji Homma, Masahiro Yamaguchi,

Nagaaki Ohyama, Masataka Inokuchi, (2009)

Development and Field Evaluation of the Personal

Health Information Reference System based on

e-P.O.Box Conception, The 6th Conference of Asia-

Pacific Medical Informatics Association

(APAMI2009), P-04.

THE DEVELOPMENT OF A PROTOTYPE E-P.O. BOX AND ITS APPLICATION TO PERSONAL HEALTH

INFORMATION MANAGEMENT SYSTEM

625