English - Infostructure

Chapter XVIII

Infostructure

This is not a typo. Rather, it is a central dimension of well-functioning digital health. In the field of health, infostructure¹, ² refers to developing and adopting information and communication technology (ICT) systems and components so patients, healthcare personnel, and other members of the health ecosystem can effectively communicate with each other and make informed decisions. While the infostructure is multifaceted, key components are interoperability,³ health standards,⁴ and cybersecurity.

Interoperability in Digital Health
Learn more here.

Interoperability makes it possible to share and understand a national health system’s information. It involves two dimensions: the syntactical, which facilitates the information exchange itself; and the semantic, which allows the recipient of the information to correctly understand and process it and use it effectively.

Interoperability can tell you, for example, that the Pedro Pérez who visited a hospital in Bogotá today is the same person who went to an outpatient center in Cauca a year ago. It also allows users to differentiate this Pedro Pérez from any other person, even if they have the same name, surname, or even date of birth.

Interoperability also ensures that the diagnosis, treatment, and prescription that Pedro Perez received today is recorded in a way that any other physician and information system at any other place or time can understand. This is especially relevant in the field of medicine, where diagnoses, equipment, medications, and treatments are often given different names in different environments and by different actors.

Furthermore, a completely inter-operable national health system can yield major economic benefits, with net savings that can amount to 5% of all health spending, without counting indirect savings as a result of providing better medical care and the savings from the lawsuits that would be prevented.⁵

Governance

Chapter XIV

Daniel Luna- Interoperabilidad: La base de la salud digital

Why is interoperability important and what policy measures can promote it in LAC?

The European Telecommunication Standards Institute (ETSI)⁶ proposes a system to classify the different levels of interoperability:

Technical interoperability. This level generally refers to hardware or software components, with systems and platforms that allow systems to communicate with each other to exchange data but not its meaning.
Syntactic interoperability.The messages, documents, and services consumed need to have well-defined syntax and coding to be interpreted by the software that receives them.
Semantic interoperability. Additionally, the content can be written in different languages, like Japanese or English, and to understand the message’s content, there has to be a vocabulary that both the sender and receiver know how to interpret.
Organizational interoperability. Finally, there needs to be the option to generate actions through the exchanged content.

The IDB note Interoperability for Beginners: the Foundation of Digital Health gives detailed definitions, examples, and references for each aspect of interoperability and explores the steps to achieving it, which are summed up below.

Five steps to achieving effective interoperability

Establish an interoperability framework. This framework is a set of policies, guidelines, standards, rules, and recommendations designed by a network of stakeholders to attain the highest level of interoperability.
Promote the development and integration of information systems. Adopt open solutions and provide tools or services to make implementation easier.
Empower the patient. Put patients in charge of their own information with tools that allow them to decide how their data is used.
Address legal and regulatory issues. Amend or pass laws on medical records.
Develop human capital. Properly train all system users on the technology and processes and inform them about their challenges and changes to them.

Interoperability⁷,⁸ and health standards⁹

It might seem utopian to envision a single national information system used by the operational and business units of all health establishments in the country. However, interoperability standards make this possible by ensuring that all information shared can be understood by everyone involved, regardless of the device or program used to access it. Using standards is important for interoperability, for scaling up systems, and, especially, for the quality of the information.

A traffic analogy helps illustrate the usefulness of standards: when a car’s red lights come on, people all over the world know the car is braking, and when its white lights come on, they know it is going to back up. Whatever the car’s brand or year, and wherever it is being driven, there is an agreement that applies to all manufacturers and drivers for communication and safety. That is a standard.

In the same way, the information systems that support healthcare processes also need standards¹⁰, ¹¹ for each level of interoperability

While standards have been classified in multiple ways, some of the most important are:¹², ¹³

Messaging standards: how do I structure a message so another system understands it?
Terminological standards: how do I codify the terms I use so others understand them?
Documentation standards: how do I structure a clinical document?

Semantic interoperability requires ordinary dictionaries or master tables. The following diagram of a care process shows which data needs to be standardized.

From a care perspective, interoperability increases a patient’s safety, enhances the quality of care, and contributes to the continuity of care since it makes the patient’s clinical data available during care.

Figure 13. Anatomy of the medical act. ¹⁴

Source: Hospital Italiano de Buenos Aires.

Cybersecurity

The health sector was among the most frequently targeted by hackers in 2019. It is also the industry that has experienced the most damaging attacks in recent years. The average cost of a cyber-attack on the health sector in terms of lost business and money spent on preventing, detecting, and recovering from the attacks is $7.13 million. Meanwhile, the average cost of a cyber-attack for all other industries is $3.86 million.¹⁵

How do we start protecting health information?

There are four groups of tools that help improve systems’ cybersecurity: frameworks, controls, guides, and the regulatory framework.

Protecting digital healthcare
Learn more here.

Frameworks equip organizations to carry out different information security activities in a systematized and controlled way. Controls are technical security or management measures taken to meet different information security objectives. Account management is one example. The regulatory framework includes compulsory regulations and optional standards that govern behavior and establish how organizations must act. Lastly, guides are practical tools for addressing specific problems. For example, the guide NIST SP 1800- 8¹⁶ lays out how to administer assets, protect against threats, and mitigate vulnerabilities in wireless infusion pumps.

Resumen de los principales frameworks, controles, normativa aplicable y guías

Figure 14. Summary of the main frameworks, controls, applicable regulations and guides

7 key steps for cybersecurity:

Include cybersecurity as one of the organization’s strategic management priorities. An example is setting the goal of achieving ISO/IEC 27001 certification for critical processes.
Define the organizational structure for cybersecurity. The organization needs to designate at least one information security officer and an information security committee.
Define the cybersecurity objectives and goals.
Assess the situation by performing a GAP analysis. The IDB has developed different tools to facilitate that assessment, including an industry best practice self-assessment tool for the health sector, based on the NIST cybersecurity framework.
Create a cybersecurity master plan. This plan should include the information security objectives, specific goals, and a portfolio of products/services
Execute the master plan. The information security officer should monitor the plan’s implementation, analyzing the management indicators and associated risks.
Evaluate the results and remaining risk. The results of implementing the plan should be evaluated periodically by analyzing their impact.

Those creating a national infostructure platform have to work collaboratively with the ecosystem, define a national interoperability framework, jointly design the core components for exchanging healthcare information, and establish a national framework of standards to be used, among other actions. This synergy, and spaces for sharing knowledge for a common objective, help the health system itself grow and are part of the effort to improve the quality of people’s health care.

People and culture

Read Chapter XV

Informed health policy and practice

Read Chapter XVI

Infraestructure

Read Chapter XVII

Applications and digital services for the sector

Read Chapter XIX

References:

¹ World Health Organization and International Telecommunication Union, Digital health platform handbook: building a digital information infrastructure (infostructure) for health, (Geneva: ITU-WHO, 2020).
² ISO/TR 14639:2014 provides a guide to requirements and principles of best practice business principles for countries and their subordinate health authorities that plan and implement the use of ICT to support the delivery and development of healthcare. https://www.iso.org/standard/54903.html.
³ OPS, Interoperabilidad en salud pública IS4HKMCI,(s.l.: OPS/OMS, 2019) https://www3.paho.org/ish/images/toolkit/IS4H%20CC_InteroperabilidadenSP.pdf?ua=1.
⁴ See Red Americana de Cooperación para la Salud Electrónica (RACSEL): Estándares de interoperabilidad en salud https://socialdigital.iadb.org/es/sph/resources/kits-de-herramientas/271/274.
⁵ Walker, Jan et al., “The value of health care information exchange and interoperability”, Health Affairs Millwood, (enero-junio de 2005), https://www.healthaffairs.org/doi/10.1377/hlthaff.W5.10.
⁶ Hans Van der Veer y Anthony Wiles, Achieving Technical Interoperability - the ETSI Approach (Cedex: European Telecommunication Standards Institute, 2013).http://goo.gl/RnJ2RB.
⁷ “... The ability of two or more systems to exchange information and to use the information that has been exchanged…” Ref: IEEE Computer Society. Standards Coordinating Committee. IEEE standard computer dictionary: a compilation of IEEE standard computer glossaries, (New York: Institute of Electrical and Electronics Engineers, 1990), 610. https://ieeexplore.ieee.org/document/182763
⁸ PAHO, Interoperability in.
⁹ See Digital Health Cooperation Network of the Americas (RACSEL): Interoperability standards and health https://socialdigital.iadb.org/en/sph/resources/toolkits/271/274.
¹⁰ OPS, Revisión de estándares de interoperabilidad para la eSalud en Latinoamerica y el Caribe, (Washington D.C.: OPS, 2016), https://iris.paho.org/handle/10665.2/28188.
¹¹ See IEEE-SA What are standards? Why are there important. https://beyondstandards.ieee.org/what-are-standards-why-are-they-important/
¹² Emilio Salvador Molé, “Introducción a Interoperabilidad y estándares en salud – Parte 2/2”, Informática en salud (blog), 17 de febrero de 2019, https://www.informaticaensalud.net/2019/02/introduccion-a-interoperabilidad-y-estandares-en-salud-parte-2-2/
¹³ Funmi Adebesin et al., “A review of interoperability standards in eHealth and imperatives for their adoption in Africa”, South African Computer Journal, 50 (julio 2013): 55-72, https://pdfs.semanticscholar.org/9f2e/cae4dbb143aad6afb8db0ee907348d04db4a.pdf.
¹⁴ Daniel Luna et al., Sistemas de Información para la Salud, (Buenos Aires : Hospital Italiano de Buenos Aires, 2018).
¹⁵ Pablo Alzuri et al., Protegiendo la salud digital: Una guía de ciberseguridad en el sector de la salud, (Washington D. C.: BID, 2021), 6
¹⁶ Gavin O’Brien et al., “Securing Wireless Infusion Pumps in Healthcare Delivery Organizations”, NIST, 1800-8, (agosto de 2018), https://csrc.nist.gov/publications/detail/sp/1800-8/final.

Go back