Medical record search engines, using pseudonymised patient identity: An alternative to centralised medical records

https://doi.org/10.1016/j.ijmedinf.2010.10.003Get rights and content

Abstract

Purpose

The purpose of our multidisciplinary study was to define a pragmatic and secure alternative to the creation of a national centralised medical record which could gather together the different parts of the medical record of a patient scattered in the different hospitals where he was hospitalised without any risk of breaching confidentiality.

Methods

We first analyse the reasons for the failure and the dangers of centralisation (i.e. difficulty to define a European patients’ identifier, to reach a common standard for the contents of the medical record, for data protection) and then propose an alternative that uses the existing available data on the basis that setting up a safe though imperfect system could be better than continuing a quest for a mythical perfect information system that we have still not found after a search that has lasted two decades.

Results

We describe the functioning of Medical Record Search Engines (MRSEs), using pseudonymisation of patients’ identity. The MRSE will be able to retrieve and to provide upon an MD's request all the available information concerning a patient who has been hospitalised in different hospitals without ever having access to the patient's identity. The drawback of this system is that the medical practitioner then has to read all of the information and to create his own synthesis and eventually to reject extra data.

Conclusions

Faced with the difficulties and the risks of setting up a centralised medical record system, a system that gathers all of the available information concerning a patient could be of great interest. This low-cost pragmatic alternative which could be developed quickly should be taken into consideration by health authorities.

Introduction

For more than 20 years now, many research projects have been conducted on a standardised, centralised, secure and reliable medical record (MR) system, but they have still not met with success. The French DMP project to implement personal MRs for each patient that are accessible to the patient is an illustrative example. The DMP has encountered many difficulties regarding ethical and legal aspects, the definition of a common identifier and centralised storage of all records. We are not aware of a country that has successfully implemented a standardised, centralised, secured, privacy-compliant and reliable medical record system at the national level. Thus it is time to develop a new strategy based on a pragmatic, secure, non-centralised, unstructured MR system which will be operational in the very short term. The main goal of this article is to promote this non-centralised and non-standardised MR system, which is based on an original system to search for and gain access to distributed medical data like the one that exists in Israel (Clalit HMO and government hospitals), Pittsburg (Pennsylvania – UPMC) [1] and is being implemented in Brussels (IRIS hospitals) [2] and Franche Comte, France (EMOSYST) [3]. In these examples, all focusing on the sharing of medical data, MRs are not standardised but can be structured or unstructured. However, the sharing of medical data is standardised and structured.

Section snippets

Planned standardised MR system: the reasons for the failure and the dangers of centralisation

The main reasons for the failure are related first to insufficient human and financial resources, second to the lack of or failure to properly deploy a unique patient identifier (UPI), third to the lack of standardisation or structuring of the MRs.

Many solutions concerning these aspects are being developed to provide for example, an Enterprise Master Patient Index and standards have been proposed [4]. In practice harmonisation of patient identification is very difficult to achieve in many

The alternative: decentralised management of MRs

First, in industrialised countries, each health-care structure whatever the type (public or private) has an information system that gathers structured or unstructured computerised medical records. Then, information contained in the daily routine MR is sufficient for most of the needs of health professionals. It is rarely necessary to gather distributed information on a patient for health care reasons. Thus, the additional work a doctor needs to do to reconstitute a patient's medical history

Discussion

MRSEs are platforms that coordinate a decentralised search. They never have direct access to the database of the local systems of the HS as it is the HS itself which makes the requests on it. MRSEs are platforms where encrypted information is temporarily stored before being passed on. MRSEs do not store any MRs but may keep logs of transactions. One of the key points of the procedure we propose relies on the fact that MRSE1 and MRSE2 are not allowed to communicate. This solution guarantees

Conclusion

The main reasons for the failure of centralised MR management are related not only to insufficient human and financial resources but also to difficulties in the implementation of a UPI and the lack of MR standardisation. In this paper, we have discussed the interest of a pragmatic solution relying on existing data. The collection of information through Medical Record Search Engines using pseudonymisation of patient's identity could be a secure alternative solution to the Centralised Medical

References (8)

  • G.D. Martich, T. Worrall, Interoperability platforms: bringing intelligence to healthcare data, Hospital Information...
  • Belgium hospitals use dbMotion for interoperability eHealth Europe, 7 juillet 2008....
  • P. Leavy, Israeli vendor sees telecom contract as foothold in French market, Healthcare IT News.eu, Thursday, 5 juin...
  • Global IHE standards-based profiles adopted by several national and regional projects....
There are more references available in the full text version of this article.

Cited by (25)

  • Emerging information technologies for enhanced healthcare

    2015, Computers in Industry
    Citation Excerpt :

    An optimal method of k-anonymisation is provided in [76,95] for de-identification of personal health data. The combinations of cryptography and data security protocols [75,78,79,82–84,106] are employed to handle the security and privacy issues for the development of secure healthcare systems. In particular, the attribute-based cryptography [78] is used to construct a secure and privacy-preserving EHR system that enables patients to share their data in the cloud.

View all citing articles on Scopus
View full text