General Information

Cases/Enablers
OOP Case
Appetizer
The Central Health Information System EHR is a patient-oriented system where patient summaries about every case are collected. Data are visible to all clinicians who treat patients and patients can see their own data and see who have accessed their data.
Short summary
The Central Health Information System (so called Personal Digital History www.digilugu.ee – as EHR service) started in Estonia in 2008. The central system is a patient-oriented system (based on the personal ID–code). In the EHR central system, epicrises about every case (short overview about visits, anamnesis, diagnoses, treatment, examinations and recommendations) have been collected, which are visible to all clinicians who treat patients. The doctors` access to the central database is allowed only via the personal ID-card for security reasons. All accesses will be logged and are allowed only to licensed health care providers. In addition to this database all the collected epicrises are linked to the Medical Images Bank, the Prescription Centre and health care providers systems via the X - road.
The Estonian EHR has a specific service portal for patients – the Patient Portal. Every person has access to the portal via her/his ID-card and can have a look at his/her personal data. A patient can also look up information about his/her children (up to 18 years) or others if specifically permitted. There are several services possible for a patient:
• to see their own data from various service providers in one place
• make declarations (allow donation, distribution of the rights for the family to open or to close the data, data closure for doctors) all over Estonia
• look at their treatment bills, prescriptions, and the loggings (who has accessed their data)
Focus
Citizens
Business
NGO's
Government
Start date
Domain
Health
Scope
National/Federal
Country
Estonia
Nature and status of project
Rolled Out
Is the OOP case/enabler mandatory?
Opt-in

ENABLING ASSETS OR COMPONENTS

Political commitment
* http://sm.ee/en/e-health
* https://www.digilugu.ee/login;jsessionid=E4977B1746FACDA24D4D56596C953C46
* http://sm.ee/et/eesti-e-tervise-strateegia
* http://tehik.ee/
Socio-cultural influence factors
Legal and organizational interoperability: legislation approved by stakeholders

All registers must linked by use commonly accepted keys:
• personal code for citizens,
• code of institution,
• standardized address presentation.

Secure data exchange layer X-Road (https://www.ria.ee/en/x-road.html) is used for gathering data from different registers. X-Road is a technological and organizational environment enabling a secure Internet-based data exchange between information systems. All registers and Statistics Estonia must be a member of X-Road

Information regarding the X-Road members and the services they provide is available via the Administration System for the State Information System (RIHA). RIHA (https://www.ria.ee/en/administration-system-of-the-state-information-system.html ) serves as a catalogue for the state’s information system. At the same time RIHA is a procedural and administrative environment via which the comprehensive and balanced development of the state’s information system has ensured. RIHA guarantees the transparency of the administration of the state’s information system and helps to plan the state’s information management.

PKI or the public key infrastructure (https://www.ria.ee/en/public-key-infrastructure.html ) enables secure digital authentication and signing. The infrastructure also allows forwarding data by using an encrypting key pair: a public encryption key and a private decryption key. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID). All members of X-Road are using Digital seal certificates for signing messages. Citizens and officials are using electronic identity tokens.

All participants must be implemented three-level IT baseline security system ISKE (https://www.ria.ee/en/iske-en.html). The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level achieved by implementing the standard organisational, infrastructural/physical and technical security measures.


Data guidelines of Estonian Data Protection Inspectorate (http://www.aki.ee/et/juhised) must followed.

DATA HANDLING / DATA EXCHANGE

Data handler
Stakeholder name
Health Information System (TEHIK)
Stakeholder category
Government
Stakeholder Role
Database owner
Kind of data
Health data
Stakeholder name
Population Register
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Personal data
Stakeholder name
Busines Register
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Busines Data
Stakeholder name
Universities, Scientists
Stakeholder category
Citizen
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Address Data System
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Address data
Stakeholder name
Health Care providers (GP, Hospital, Emergency service, Dentists IS)
Stakeholder category
Business
Stakeholder Role
Data recorder
Kind of data
Health data
Stakeholder name
Medicines Coding Centre (State Agensy of Medicine)
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Semantic data
Stakeholder name
Registre of Handlers of medicines – Licences of Pharmacies and pharmasists (State Agency of Medicine)
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Licences data
Stakeholder name
Health Insurance Status Register (Health Insurance Foundation)
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Insurance data
Stakeholder name
Health care providers Register (Health care Board)
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Providers data
Stakeholder name
Health professionals Register (Health care Board)
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Data about professionals
Stakeholder name
Statistics Portal
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Statistics data
Stakeholder name
HIS X-Road MISP – Portal for GP
Stakeholder category
Business
Stakeholder Role
Data recorder
Kind of data
Health data
Stakeholder name
HIS X-Road MISP – portal for Emergency Mobile Stations
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Prescription Centre (Health Insurance Foundation)
Stakeholder category
Government
Stakeholder Role
Database owner
Kind of data
Health data
Stakeholder name
Medical Images Repository
Stakeholder category
Government
Stakeholder Role
Data provider
Kind of data
Health data
Stakeholder name
Patient Portal
Stakeholder category
Citizen
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Road Administration Board
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Social Security Board
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Health Insurance Foundation
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Medical Registries (Cancer Register) – National Health Development Institute
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
Medical Registries (Infection Diseases register) – Health Care Board
Stakeholder category
Government
Stakeholder Role
Data consumer
Kind of data
Health data
Stakeholder name
State Information Board (X-road, eID, Mobile-ID, ID-card)
Stakeholder category
Government
Stakeholder Role
Data supervisor
Kind of data
Governance data
Stakeholder name
Citizen as Patient (via www.eesti.ee or www.digilugu.ee )
Stakeholder category
Citizen
Stakeholder Role
Data consumer
Kind of data
Health data
Architecture
Data: citizens
Medical documents: Health care providers (hospitals, doctors, etc)
National registry (National Health Information System):
Processor: Health and Welfare Information Systems Centre (former Estonian eHealth Foundation)
Image upload
Lessons learned
Benefits:

- Each family doctor is able to view the data on patients in their practice list to see which specialist doctors they have visited or whether they have been hospitalised or received emergency care (irrespective of geographic location)
- Each attending doctor is able to see which prescriptions (both historical and current) a patient has from other doctors in order to assess pharmaceutical interactions
- Each attending doctor is able to see a patient’s tests or visits associated with the same case (this is particularly important in case of chronic diagnoses or chronic patients, as well as patients under monitoring)
- Each attending doctor is able to see whether ordered test results are in, even if the tests were made by another provider
- Reduced number of duplicate tests for the same case
- A brief general overview of patient’s critical data is available without any tests in emergency situations
- Collected data can be used to develop various new services
- Persons can view their prescriptions, summary reports, test results (except images) and the details of their children, and they can also see who else has viewed their data in the systems; they can make their data accessible or inaccessible, issue expressions of will (regarding organ donations, powers of attorney) and order electronic medical certificates
- For the patient is available to ask a second opinion
- Various public agencies can order aggregate and anonymised statistics
- Scientists can conduct research based on different linked databases, subject to a permission of the ethics committee

Enablers:
• Legal, organizational, technical, social-cultural, fiscal and professional interoperability (see conclusions for detailed description)
• Secure data exchange layer for confidential and legally binding data needed. In case of Estonia the X-Road is used, The use of X-Road ensures complete security of the exchange of data
• The unique personal identification code provides opportunity to merge personal data from different registers.
• The unique company commercial registry code provides opportunity to merge business data from different registers.
• eID and PKI infrastructure needed. Citizen, Doctors and nurses can use for login IDcard, mobileID or digiID
• Central eHealth system meets very high security requirements for trust reasons (Baseline security system ISKE)
• All e-health classificatories are regulated by government act and published at publishing center https://pub.e-tervis.ee/ and identified by OID register
• All health care providers have a contract with the TEHIK (former E-health Foundation, processor of the HIS)
• The Data security guidelines of Estonian Data Protection Inspectorate (http://www.aki.ee/et/juhised) must be followed by all counterparts.
• Harmonized and agreed working flows, standard, classificatory and data models among the health professionals


Barriers :
Motivation is needed for stakeholders
High development costs (health care providers infosystem development - hardware and software, implementation and training, harmonizing the work flow processes and data models among different health care providers, implementing the international standards and indicators )
High standardization cost (medical terminology and international standards adaptation. Example SNOMED and others)
Organisational interoperability
Changing paradigms between global market, entrepreneurs, patient awareness, technological possibilities and insurance market – lack of clear vision (where to invest)