RESEARCH ARTICLE

 

A system architecture for ensuring interoperability in a South African national electronic health record system

 

 

Tamir Tsegaye^I; Stephen Flowerday^II

^IDepartment of Information Systems, Rhodes. University. tamir.tsegaye@gmail.com (corresponding)
^IIDepartment of Information Systems, Rhodes University. s.flowerday@ru.ac.za

 

 

---

ABSTRACT

Countries such as South Africa have attempted to leverage eHealth by digitising patients' medical records with the aim of improving the delivery of healthcare. This involves the use of an electronic health record (EHR) which is a longitudinal electronic record of a patient's information. The EHR includes all the patient's encounters that have been made with different health facilities. In the national context, the EHR is also known as a national EHR, which enables the sharing of patient information between points of care. However, a lack of interoperability exists between many South African health information systems making communication between these disparate systems impossible. As a result, the sharing of patient information is inhibited and the benefit of improving healthcare delivery cannot be realised. This paper proposes a system architecture for addressing interoperability challenges and indicates how interoperability can be ensured in a national EHR system. The proposed system architecture is differentiated from other national EHR system architectures found in the literature in order to emphasise its novelty. Secondary data obtained from a systematic literature review was analysed using content analysis, resulting in 9482 tags which informed the development of the proposed system architecture.
CATEGORIES: · Applied computing ~ Health informatics · Applied computing ~ Information integration and interoperability · Social and professional topics ~ Medical records

Keywords: electronic health record, interoperability, syntactic interoperability, semantic interoperability, system architecture, National Health Insurance, NHI

---

 

 

1 INTRODUCTION

ICT is central to countries' healthcare strategies since it can be leveraged to improve healthcare delivery (Tsiknakis & Kouroubali, 2009). However, the current state of South Africa's health system has not been conducive for ensuring interoperability between disparate systems even though ICT has been leveraged (RSA Department of Health, 2012). Interoperability is essential in order to allow disparate systems to communicate with one another and for improved healthcare to be feasible (B. G. M. E. Blobel & Pharow, 2007). South Africa aims to address its interoperability challenges through the implementation of the National Health Insurance (NHI) system. This system is focused on improving the accessibility of health services for all South Africans and includes the implementation of an interoperable national electronic health record (EHR) system (Weeks, 2014). The national EHR system serves as a critical enabling factor for the implementation of the NHI (RSA Department of Health, 2012).

An EHR is defined as a longitudinal electronic record of a patient's health information (De Moor et al., 2015). The EHR is longitudinal since it encompasses all the health information which is created and stored with each visit the patient makes to a health facility. In a national context, the EHR is also known as a national EHR (Deloitte, 2015). The EHR includes health information such as medical history, laboratory test results, medication and allergies (Bakker, 2007; Deloitte, 2015; Gkoulalas-Divanis et al., 2014; Joshi et al., 2021). The EHR comprises electronic medical records (EMRs). An EMR is an electronic record of a patient encounter in a single health facility and is accessible to clinicians (Cabitza et al., 2015; Kierkegaard, 2011). The use of the EHR enables benefits such as the sharing of patient information between points of care (RSA Department of Health, 2012). Other benefits of the EHR include monitoring diseases, a decrease in medical errors and reduced costs by avoiding redundant tests and medication (Bourgeois et al., 2008; Ohuabunwa et al., 2016; Yoo et al., 2013).

However, in order for these benefits to be realised, interoperability between health information systems is required. Interoperability is defined as the extent to which two or more systems can exchange information and interpret that information (Kush, 2012). South Africa currently faces issues with regard to the disparate systems operating in each of its nine provinces. In some provinces, health information systems exist which cannot communicate with other provinces, while in others systems are still paper-based (Ohuabunwa et al., 2016; RSA Department of Health, 2012). This results in a lack of interoperability among systems and thus the inability to exchange information, which can lead to medical errors owing to the fragmentation of patient information (Kushniruk et al., 2013). Thus, there is a need in South Africa for a national EHR system that is interoperable. This paper proposes a system architecture that addresses the interoperability challenges in the context of South Africa's future national EHR system. While the focus of the proposed system architecture is on interoperability, other important components of a national EHR system such as access control are covered at a high level. Owing to the sensitive nature of patient information, it is important that it is protected from unauthorised access (Santos et al., 2014). Hence, access control is required to ensure the security and privacy of patients' EHRs. However, the low-level details regarding how the national EHR is created are not covered, nor does this paper cover usability standards. In the next section, South Africa's interoperability challenges are discussed in more detail.

 

2 STATE OF ELECTRONIC HEALTH RECORDS IN SOUTH AFRICA

South Africa currently faces a number of challenges which have acted as barriers to interoperability. One of these barriers is the fact that the majority of health facilities in South Africa are currently using paper-based systems (CSIR and RSA Department of Health, 2014). On the other hand, some South African health facilities have implemented EMR systems. For instance, in the Western Cape, EMR systems that include pharmacy and radiology systems have been implemented (RSA Department of Health, 2012). However, even where EMR systems have been introduced, the use of a variety of proprietary systems (as depicted in Table 1) in South Africa's nine provinces has meant that they have not been able to exchange information. These proprietary systems have been implemented using different platforms and databases and differ in terms of their architecture (RSA Department of Health, 2012).

Network connectivity is essential for the realisation of a national EHR system, as achieving interoperability (more specifically foundational interoperability as discussed in Section 4.1) is dependent on systems that are connected together over the network (Ryan & Eklund, 2010). However, many parts of South Africa's nine provinces have been negatively affected by network connectivity problems. One example includes the Clinicom EMR system that is widely used in the Western Cape (Ohuabunwa et al., 2016). The aim was to implement a fully operational EMR system in 38 different hospitals and specialised care centres in the Western Cape but this has been hindered by the bandwidth requirements in health facilities. As a result, the EMR systems at these health facilities have not been able to communicate at a regional level and consequently there is no interoperability between these systems.

South Africa has also experienced challenges resulting from a lack of governance in the public sector, which has acted as a barrier to interoperability and has resulted in the acquisition of systems that are not interoperable (RSA Department of Health, 2012). Additionally, there has been a lack of cooperation between the numerous groups involved due to a lack of understanding that eHealth includes all ICTs for health such as the EHR. Consequently, this has hindered the progress that could be made by using eHealth as an enabler. Challenges have also been experienced with regard to information governance, which is needed to ensure compliance with essential standards such as those relating to interoperability and to ensure that the use of patient information adheres to regulations.

Previous studies exist that cover interoperability in the South African context. Coleman (2013) proposed an integrated model for sharing patient information in public and private hospitals in South Africa. The findings of this study identified that patient information created in private or government hospitals are sent electronically or in paper form exclusively within the same hospital. The CSIR and RSA Department of Health (2014) study focused on developing a National Health Normative Standards Framework for interoperability in South Africa. The study also discussed a fully integrated South African national shared EHR system. The findings related to this discussion were the following: the majority of clinics, community health centres and rural hospitals use paper-based systems for storing patient information while most South African public health facilities that utilise health information systems use them in combination with a paper-based system. Wright et al. (2017) reviewed existing South African electronic health information systems in public healthcare including the Clinicom EMR system. The Clinicom EMR system provides a unique patient identification number, i.e. patient master index (PMI), which facilitates interoperability and is shared with other health information systems in the Western Cape. Despite this, it was found that no national master patient index exists to support the South African public health system. The PMI has been included in the proposed system architecture in the form of the patient registry component, which is discussed in Section 5.4. The proposed system architecture differs from previous studies as it discusses how interoperability can be ensured via governance and standards, while also illustrating the relationship between these components. The research methods that were used by the study are discussed in the next section.

 

3 RESEARCH METHODS

This study conducted a systematic literature review based on the PRISMA (preferred reporting items for systematic reviews and meta-analyses) flow diagram (Moher et al., 2009). This resulted in secondary data which was analysed using the content analysis method. Content analysis was used to quantify the qualitative secondary data which resulted in tagged codes related to the EHR (Wahyuni, 2012). The results of the content analysis informed the development of the proposed system architecture. The retrieval of the content analysis sample via the systematic literature review is covered below.

3.1 Systematic literature review

The content analysis sample was retrieved by conducting a systematic literature review based on the PRISMA flow diagram (Figure 1). A search query was used comprising "access control" and "electronic health record" and the search results were filtered to only include journal papers. "Electronic health record" was selected as a keyword since it consists of interoperable medical records such as EMRs, while "access control" was chosen as it is necessary for securing the EHR. The screening of the 282 papers resulted in 257 papers being excluded and 25 papers remaining for the next phase. This screening involved the following method: the initial search query was also run on the Google Scholar database using the same parameters as well as filtering the results to show only papers published in ScienceDirect via Elsevier. This was followed by selecting the first 25 journal articles which appeared in both the Google Scholar and ScienceDirect databases. One journal article, titled "Creating a global rare disease patient registry linked to a rare diseases biorepository database: Rare disease-HUB (RD-HUB)", was excluded during the eligibility phase since the focus of the paper is on a rare disease patient registry as opposed to the EHR. After following each step of the PRISMA flow diagram, 34 papers (available in Appendix A) were selected as the content analysis sample. These 34 papers were included in the quantitative synthesis as the content analysis quantified the secondary data. The content analysis process and results are discussed next.

3.2 Content analysis

Content analysis is a method that is used to interpret the meanings of textual data with the analysis being done either quantitatively or qualitatively (Wahyuni, 2012). In this study, the content analysis was conducted quantitatively, using the MAXQDA software program, by transforming the qualitative secondary data into numeric data. Firstly, the 34-paper sample identified from the systematic literature review was imported into MAXQDA. Any terms related to the EHR were coded as they were encountered in the sample. The sample represented a saturation point, which was reached towards the end of the sample when the number of new codes encountered decreased significantly (Ando et al., 2014).

The coding of the secondary data using content analysis resulted in the creation of 9482 tags along with 143 unique codes. Codes representing the same terms, such as EHR and electronic health record, were merged. Table 2 depicts the top 30 codes before categorisation along with the number of times the codes appeared in the sample. Since the number of codes was large, they were reduced by merging similar codes together under the same category. For example, the personal health record, electronic medical record and virtual electronic health records were merged with the electronic health record category, which also functions as a code.

 

 

Table 3 depicts the categories after the reduction process. It includes the number of unique codes that were merged under the category as well as the number of times these codes were tagged throughout the sample. The codes were reduced from 143 codes to 9, i.e. categories. Here, the number of codes is inclusive of the category since a category is also a tagged code.

Figure 2 illustrates the nine categories as well as three additional codes: portal and distributed architecture, which form part of the system architecture category and electronic medical record, which was included in the electronic health record category. These codes were identified as themes using the content analysis results and informed the development of the proposed system architecture (Figure 4). The system architecture theme represents the contribution of this study and was thus added to the centre of the mind map. The remaining themes constituted the system architecture in the form of components and are covered in this section. The distributed architecture represents the way the proposed system architecture operates by retrieving EMRs from distributed regions and aggregating the EMRs to form the EHR. The EMRs and EHRs were added to all the regions in the proposed system architecture. The portal was also added for providing patients with access to their EHR. Since interoperability is the focus of this study, this theme was added to the centre of the system architecture along with health information exchange (HIE) in the form of layers. The HIE component was included as it facilitates the aggregation of patient information located in disparate EMR systems (Alverson, 2021). Governance and standards were linked to interoperability through a relationship in the system architecture which emphasises how governance and standards are necessary for ensuring interoperability. Additionally, access control was added to the system architecture since it is a relevant security control for ensuring the security and privacy of the EHR. Security and privacy are an integral part of any system architecture in the healthcare domain (B. Blobel, 2007). Thus, these two components were included in the system architecture and are linked to access control. Two themes which did not appear in the content analysis sample but were important to include in the proposed system architecture were registries and South Africa's Protection of Personal Information (PoPI) Act. Registries play an important role in facilitating interoperability (CSIR and RSA Department of Health, 2014). With regard to the PoPI Act, it is an important regulation for protecting patient information in a South African national EHR system (RSA Government Gazette, 2013). The next section discusses interoperability, which is required for the establishment of a national EHR system.

 

4 INTEROPERABILITY FOR A NATIONAL ELECTRONIC HEALTH RECORD SYSTEM

This section focuses on what is needed to ensure an interoperable national EHR system. Interoperability is essential since a national EHR system cannot be established unless interoperability exists between its regional systems. Interoperability allows the regional systems to exchange information while also interpreting the exchanged information. This is made possible by three levels of interoperability-foundational, syntactic and semantic interoperability- which are illustrated in Figure 3 (Broyles et al., 2016). This section focuses on a combination of healthcare interoperability standards, clinical models and initiatives that ensure syntactic and semantic interoperability, thus foundational interoperability is not covered in detail. This is because the requirements for syntactic and semantic interoperability are relatively harder to address than foundational interoperability. The three levels of interoperability are examined below.

4.1 Levels of interoperability

Interoperability can be ensured by addressing all three levels: foundational, syntactic and semantic interoperability (Broyles et al., 2016). Foundational interoperability (also known as technical interoperability) enables the exchange of information between health information systems over a network (Benson & Grieve, 2021; Ryan & Eklund, 2010). With regard to the scope of foundational interoperability, this level of interoperability only ensures that information is transmitted and does not indicate anything about the representation or meaning of this information (Kubicek et al., 2011). These limitations of foundational interoperability are addressed by syntactic and semantic interoperability.

Syntactic interoperability is realised by ensuring that the messages exchanged between two systems are transmitted in a format that is recognised by both systems (Broyles et al., 2016). In order for the exchanged messages to be recognised by both communicating systems, these messages would need to be transmitted using a structure and syntax that is recognised by both systems, for example XML (Hosseini & Dixon, 2016). Although the receiving system may recognise the message structure, it does not ensure interoperability because syntactic interoperability does not ensure that the message content is interpreted by the receiving system (Iroju et al., 2013).

Semantic interoperability, which can address this issue, ensures that both sending and receiving systems have a common understanding of certain terms which will allow them to interpret and process the exchanged messages (van der Linden et al., 2009). Preserving meaning after messages have been sent from one system to another is important especially if there are plans to aggregate information from disparate systems. For example, a national EHR would be generated by combining the information stored on disparate EMR systems. Thus, it is essential that the meaning in the content of the national EHR is preserved after the EMRs have been aggregated. It is required that standards for foundational and syntactic interoperability are implemented in order to ensure semantic interoperability (Kubicek et al., 2011). The next section covers standards, as well as clinical models and initiatives, for ensuring syntactic and semantic interoperability.

4.2 Interoperability through standardisation

In the previous section, the three levels of interoperability that are essential for achieving interoperability were discussed. Interoperability standards are available that address each of these three levels. This section also discusses clinical models and initiatives that address two levels of interoperability, namely, syntactic and semantic interoperability (Table 4).

HL7 is an international organisation that provides standards which enable interoperability within the healthcare domain (Dolin & Alschuler, 2011). Unlike other interoperability standards that only focus on one level of interoperability, HL7 standards can be used to ensure both syntactic and semantic interoperability. These standards include HL7 version 2 (v2), HL7 version 3 (v3), HL7 Clinical Document Architecture (CDA) and Fast Health Interoperability Resources (FHIR) standards. HL7 v2 is a messaging standard that enables the exchange of clinical information, such as patient demographics, clinical observations and laboratory test results, between health information systems (CSIR and RSA Department of Health, 2014). HL7 v2 is recognised as the most widely used healthcare interoperability standard in the world (Aliakbarpoor et al., 2017; Aziz et al., 2020; CSIR and RSA Department of Health, 2014). A HL7 v2 message has a specific structure where the data is encoded in segments, fields and components using various delimiters (Hosseini & Dixon, 2016). Thus, HL7 v2 ensures syntactic interoperability since a HL7 v2 message is structured. Like HL7 v2, HL7 v3 is a messaging standard that allows the exchange of clinical information between health information systems (CSIR and RSA Department of Health, 2014). Unlike HL7 v2, HL7 v3 is based on a Reference Information Model (RIM), a fundamental part of HL7 v3, which specifies the representation of the semantics and grammar of HL7 v3 messages. The grammar of HL7 v3 messages is represented using XML, which ensures syntactic interoperability. Additionally, HL7 v3 ensures semantic interoperability because HL7 v3 messages can contain terminologies such as Systematized Nomenclature of Medicine-Clinical Terms (SNOMED CT) (Dolin & Alschuler, 2011; Lopez & Blobel, 2009). As a result, clinical information exchanged between systems can be represented by using terminologies that ensure semantic interoperability. However, as stated by Hosseini and Dixon (2016), owing to the complexity of HL7 v3, the majority of healthcare organisations use HL7 v2 messages instead. Despite this, the HL7 CDA standard, which is based on HL7 v3, is widely used in combination with HL7 v2 (CSIR and RSA Department of Health, 2014).

HL7 CDA specifies the structure and semantics of clinical documents such as a progress note and discharge report (Heymans et al., 2011). This is in contrast to HL7 v2 and HL7 v3, which both focus on messages as opposed to documents. Similar to HL7 v3 messages, the structure of CDA documents is based on XML, which can be parsed by any web browser, enabling the exchange of information between disparate systems (AlJarullah & El-Masri, 2013). Thus, the CDA ensures syntactic interoperability via the use of structured documents. Additionally, since the CDA is based on the HL7 v3 RIM, it achieves semantic interoperability. In agreement, CSIR and RSA Department of Health (2014) state that the CDA is based on the HL7 RIM which supports the use of terminology standards for enhancing semantic interoperability.

FHIR is a HL7 standard that defines a set of resources which are aggregated to build an EHR or bundle patient information that needs to be shared electronically (Saripalle, 2020). For example, resources such as patient, observation, medications, etc. can be used to construct a patient's EHR, which is accessible via a URL. FHIR supports REST web services that allow users and systems to access resources using the HTTP protocol (Saripalle, 2020). As a result, FHIR facilitates technical interoperability, allowing patient information to be exchanged between systems. Additionally, FHIR also ensures syntactic interoperability. It achieves this by enabling the exchange of patient information using JSON or XML formats (Silva et al., 2020). This is similar to the HL7 v3 and CDA standards which also use XML to structure their data. However, compared to these two standards, the data exchanged using FHIR is not verbose (Silva et al., 2020). FHIR can also achieve semantic interoperability as it has built-in mechanisms for enabling the linkage and validation of clinical terminologies (HL7 International, 2019).

Digital Imaging and Communications in Medicine (DICOM) is a standard that includes the storage and exchange of information in medical imaging (Peleg et al., 2008). In addition to an EHR containing patient information, the inclusion of medical images is important as they can provide vital information about the patient that would not be possible with text alone. Hosseini and Dixon (2016) mention how a variety of medical images, generated by different types of medical imaging devices, can be integrated using DICOM. DICOM achieves this by integrating medical images into picture archiving and communication systems (PACS), which can exchange medical images with other systems, thus facilitating interoperability.

Terminology standards such as Logical Observation Identifiers Names and Codes (LOINC), International Classification of Diseases (ICD) and SNOMED CT also play an important role in ensuring semantic interoperability. LOINC focuses on laboratory and clinical observations (Benson, 2012). It provides codes and a name for each concept that correspond to a specific test result or observation measurement (Braunstein, 2018). A laboratory test can contain a large amount of information and meaning that would need to be preserved if it were to be transmitted to another system. Using a LOINC name, large amounts of information can be represented in a compacted structure that can be interpreted by the receiving system, thus achieving semantic interoperability. Similar to LOINC, an ICD code consists of parts that provide important information about the cause, location and symptoms of a disease (Braunstein, 2018).

While a computer may find it difficult to interpret a sentence indicating the cause, location and symptoms of a disease, a computer would be able to parse an ICD code representing this sentence because of its structure. Thus, the use of ICD codes can ensure semantic interoperability. The current version of ICD is ICD-11 (Braunstein, 2018). Although LOINC and ICD have a specialised focus with regard to healthcare terms, SNOMED CT includes a broad coverage of concepts representing clinical information (Benson, 2012). SNOMED CT indicates important clinical relationships between concepts which show the location and symptoms of a disorder (Braunstein, 2018). While a doctor would be able to determine the cause of a disorder, a computer would experience a challenge performing the same task. By using a clinical relationship between the disorder and the cause of the disorder, a computer would be able to interpret the cause thus ensuring semantic interoperability. Additionally, CSIR and RSA Department of Health (2014) discuss an important feature of SNOMED CT that ensures semantic interoperability-mapping. This allows the terminology of SNOMED CT to be mapped to other terminology standards such as ICD. This would achieve semantic interoperability via a common terminology standard that would be used by both communicating systems.

An archetype is a model that describes a clinical concept such as blood pressure (Peder-sen et al., 2016; Sucurovic, 2007). Each archetype includes elements (data, state, events and protocol) that enable clinicians to record information about a specific clinical concept. For example, the elements of the blood pressure archetype can contain clinical information for data (systolic), state (score), events (24-hour blood pressure) and protocol (type of equipment). Thus, clinical information is represented in a structured and standardised manner which facilitates the transfer of information between health information systems. Archetypes are included in both ISO/EN 13606 and openEHR, which are open standard specifications for modelling the contents of EHRs (Duftschmid et al., 2013). Archetypes can be integrated with terminology standards such as LOINC, ICD and SNOMED CT (Moreno-Conde et al., 2015). This allows terminology standards to define archetypes by specifying possible terms that can be selected as clinical information values. This ensures semantic interoperability since the semantics of the exchanged clinical information can be interpreted by health information systems.

Integrating the Healthcare Enterprise (IHE) is an initiative that has been undertaken by the healthcare industry to improve the way health information systems exchange information (Bittins et al., 2021; Macia, 2014). IHE promotes the coordinated use of well-known standards (including the standards which were discussed in this section) with the aim of ensuring interoperability between systems. The use of coordinated standards is essential since some standards may not be compatible with each other when used together. In agreement, CSIR and RSA Department of Health (2014) state that some interoperability standards conflict with each other. IHE addresses this issue through the use of implementation guidelines known as IHE profiles (Hosseini & Dixon, 2016). Instead of starting from the beginning by selecting a number of interoperability standards, an IHE profile specifies coordinated standards that can be implemented to ensure interoperability for a specific use case such as 'query drug dispensed'. In the next section, the proposed system architecture and its components are covered.

 

5 PROPOSED SYSTEM ARCHITECTURE

This section presents the contribution of this study, the proposed system architecture, by examining each of its components in detail while also applying it to the South African context. The manner in which the EHR is accessed is covered under the distributed architecture. This paper also introduces the concept of tiered EHRs. The access control component, which is important for protecting the EHR, is covered at a high level. Lastly, the interoperability component is discussed in detail which assists in addressing the interoperability challenges. The proposed system architecture in its entirety is illustrated in Figure 4. Its use of the distributed architecture for accessing the national EHR is examined next.

5.1 Distributed architecture

The proposed system architecture is based on the distributed architecture. In the distributed architecture, patient information, i.e. the EMR, is stored and managed locally in EMR systems located in different health facilities (AlJarullah & El-Masri, 2013). Links containing the location of these health facilities are maintained in the central system. Upon making a request to retrieve a patient's EHR, the central system queries all the health facilities where the patient's information is located. After receiving this information from the EMR systems, it is aggregated by the central system and the result is an EHR which represents all the patient's health facility encounters. The type of patient information that is contained in the retrieved EHR will depend on the clinician's authorisation level. The use of the distributed architecture for retrieving the national EHR is now discussed using two generic examples involving the retrieval and updating of the national EHR, after which the South African context is applied to the remaining sections.

Referring to Figure 4, a patient is admitted to a hospital in Region A. The patient previously visited this hospital and two other health facilities in Regions B and C. These encounters have been recorded in the EMRs. The retrieval of the patient's EHR by their physician in Region A consists of several steps. Firstly, the physician must be authenticated in order to access the patient's EHR. Links to the patient's EMRs, located in different health facilities, are stored in the central system, which queries those health facilities where the patient's EMRs are stored. Once these steps have been completed, the central system returns the patient's aggregated EHR consisting of the retrieved patient's EMRs located in Regions A, B and C. The bidirectional lines connecting the EMR systems to the interoperability layer indicate how the EMR can either be sent or retrieved via the central system. On the other hand, the bidirectional lines between the clinician's device and the EMR system indicate how a clinician can update the EHR (in turn updating the locally stored EMR) or retrieve the EHR.

Unlike the previous example which only focuses on retrieving the EHR, the next example discusses adding information to the EHR (using the proposed system architecture) that would consequently be reflected in the retrieved EHR. After examining the patient, the physician adds new information to the patient's EHR, which is locally stored in the EMR system of the hospital in Region A. Using the distributed architecture, the patient's updated EMR is accessible to authorised clinicians in other regions. The EHR is also accessible to the patient through a patient portal which is accessible in Region X, i.e. any region in South Africa. The next section presents the concept of tiered EHRs.

5.2 Tiered electronic health records

This section presents two terms that have been used to describe two types of EHRs: the first-tier EHR and second-tier EHR. With regard to the patient's EHR, it is possible to retrieve it without the use of the distributed architecture provided that all the patient's encounters occur at the same health facility. Additionally, the EMR systems used by the health facility could be from a single vendor. In the South African context, EMR systems originating from a single vendor have been used by various departments in the same health facility. For instance, many Western Cape health facilities have chosen JAC Computer Services as their vendor for providing electronic access to medical records. This has been enabled through the use of Clinicom EMR systems in the same health facility (Ohuabunwa et al., 2016). The study refers to this EHR as a first-tier EHR. Figure 5 depicts a first-tier EHR which has been expanded. As illustrated, the physician, pharmacy and radiology EMR systems are co-located in the same health facility in Region A. The retrieval of the first-tier EHR in this instance would not entail aggregating EMRs from geographically distributed EMR systems. Instead, the EHR would be accessible locally from the health facility in which these EMR systems are located.

 

 

In the previous section, the discussion of the proposed system architecture was centred on the use of the distributed architecture for retrieving the aggregated EHR. This study refers to this EHR as a second-tier EHR. As illustrated in Figure 6, the second-tier EHR has been expanded to show its contents, which comprise the patient's EMRs from Regions A, B and C where the patient was previously treated. With regard to South Africa, these regions would correspond to the South African provinces such as the Eastern Cape, Western Cape and Gauteng. Although this study has discussed both first-tier and second-tier EHRs, this study focuses on the second-tier EHR. The use of access control in the proposed system architecture is covered below.

 

 

5.3 Access control

Access control has been included in the proposed system architecture since it is required in order to control access to the patient's EHR. Access control handles the identification, authentication, authorisation and accountability of the clinician (Genitsaridi et al., 2013; Whitman & Mattord, 2016). The clinician identifies themselves to the system by providing an identity such as a smart card that needs to be verified by providing credentials, such as a PIN, which are subsequently authenticated. Once the identity of the clinician has been verified, they are granted certain permissions in order to access the patient's EHR. The access control component of the proposed system architecture uses a combination of role-based access control (RBAC) and attribute-based access control (ABAC) for making access control decisions. RBAC enables the principle of least privilege which ensures that only the minimum set of permissions is granted to the clinician for performing their job functions based on their role (Furnell et al., 2008). However, RBAC alone is not able to provide EHR access based on dynamic events such as an emergency (Becker, 2007; Beimel & Peleg, 2011). In the event of an emergency, ABAC grants clinicians EHR access through the use of dynamic attributes such as purpose of use (International Committee for Information Technology Standards, 2012). Accountability ensures that clinicians are held accountable for actions that they have performed on the patient's EHR, such as the request for emergency access, by logging and auditing these actions (Dekker & Etalle, 2007; Gregg, 2017). The auditing of clinicians' actions is enabled by the construction of audit trails which are based on access logs stored in health information systems (Malin et al., 2011).

Another important component, which informs the way access control will operate, is South Africa's PoPI Act, which is similar to the European Union's General Data Protection Regulation (GDPR) (Botha et al., 2017). The PoPI Act aims to protect personal information by specifying the conditions for the lawful processing of personal information (RSA Government Gazette, 2013). The PoPI Act is the most appropriate regulation for protecting patient information in a South African national EHR system. The PoPI Act specifies that the confidentiality and integrity of personal information must be ensured through the use of security controls such as access control. The confidentiality of the EHR is ensured since access control prevents the disclosure of patient information to unauthorised entities while also ensuring that it is only modified by authorised clinicians, thus maintaining its integrity (Fernández-Alemán et al., 2013). Consequently, it is evident that the PoPI Act informs the way in which access control will function. Furthermore, access control prevents clinicians from accessing more patient information than they need to do their jobs through the principle of least privilege, thus ensuring both the security and privacy of the EHR. The interoperability component of the proposed system architecture is discussed next.

5.4 Interoperability

Interoperability is a key component of the proposed system architecture since it forms part of South Africa's NHI strategy for implementing an interoperable national EHR system (Weeks, 2014). The relationship between governance, standards and the interoperability components is illustrated in Figure 4. Governance is informed by standards that will ensure all three levels of interoperability, which were discussed in Section 4.1. Additionally, governance should monitor and evaluate adherence to these standards periodically so that interoperability between disparate systems is maintained. It is important to note that a strong governance structure is fundamental for supporting interoperability in a national EHR system. Therefore, the governance component and its relationship with standards and interoperability were included in the proposed system architecture to highlight the importance of governance in ensuring interoperability. This will help to address the governance challenges South Africa faces, as discussed in Section 2. Also illustrated in Figure 4 is an interoperability view of the proposed system architecture. In this view, four registries are connected to the interoperability layer: TR (Terminology Registry), PR (Patient Registry), HPR (Health Provider Registry) and FR (Facility Registry). The role of these registries in HIE, which also forms part of the interoperability view, is covered in this section. The interoperability view is discussed in terms of how it addresses the interoperability challenges faced by South Africa. The development of the proposed system architecture was also informed by the discussion of interoperability standards from Section 4.2. As a result, key components for ensuring interoperability were included in the proposed system architecture including the interoperability layer which supports interoperability standards such as HL7 and the terminology registry which supports terminology standards such as SNOMED CT and ICT.

The proposed system architecture ensures all three levels of interoperability: foundational, syntactic and semantic interoperability. These three levels are ensured by the interoperability layer which functions as a health service bus (HSB). The HSB achieves interoperability by enabling disparate EMR systems to communicate with each other via its middleware (Hammami et al., 2014). The interoperability layer enables foundational interoperability by connecting the disparate EMR systems together in a network, which allows these systems to exchange information with one another. As discussed in Section 2, South Africa's health information systems have experienced network connectivity issues; these can be addressed by meeting the requirements of foundational interoperability. Table 1 listed health information systems in South Africa's nine provinces that are not interoperable with one another. One of the reasons for this lack of interoperability is the use of systems that are not based on agreed interoperability standards (RSA Department of Health, 2012). The proposed system architecture addresses this problem by ensuring that syntactic and semantic interoperability are attained through the use of interoperability standards. Syntactic interoperability is enabled by the interoperability layer which functions as an interface. This interface transforms the messages exchanged between two disparate EMR systems into a common standardised format. For example, a HL7 v2 message which is sent by an Eastern Cape EMR system to a Western Cape EMR system would not be recognised if the Western Cape EMR system were using the HL7 v3 standard. By functioning as an interface, the interoperability layer can transform the sent HL7 v2 message into HL7 v3 format which will be recognised by the Western Cape EMR system and vice versa. Semantic interoperability is ensured through the use of a terminology registry, which is able to map between different terminology standards such as SNOMED CT and ICD. In order to map the terminology contained in a message sent from an Eastern Cape EMR system, the interoperability layer calls the terminology registry which maps the terminology to a standardised terminology. The standardised terminology can then be mapped by the terminology registry to terminology that the receiving Western Cape EMR system understands. In addition, the interoperability layer supports the integration of archetypes with terminologies, which ensures that archetypes are defined using clinical information values based on terminologies. By ensuring all three levels of interoperability, the interoperability layer enables HIE. This allows health information to be exchanged between health facilities in different regions (Ben-Assuli, 2015). HIE has been positioned at the outermost layer in the proposed system architecture to emphasise how it enables the sharing of health information to the surrounding regions. In addition, the HIE layer uses dotted lines to indicate that while it is at the outermost layer of the system architecture, EMR systems interface directly with the interoperability layer.

Registries, including the patient registry, health provider registry and facility registry, play an important role in HIE. These registries store and maintain the information needed to uniquely identify entities in the EHR: the patient registry uniquely identifies patients, the health provider registry uniquely identifies healthcare providers, and the facility registry uniquely identifies the locations of care (CSIR and RSA Department of Health, 2014). Before the patient's EMRs from different health facilities can be aggregated, it is important that the patient registry, which is also referred to as a PMI, uniquely identifies the patient so that a unique identifier (such as the South African ID number) can be used to identify the patient across all health facilities. This will ensure that the aggregated EHR consists of all the EMRs belonging to the same patient. Thus, the patient registry is a key component for facilitating interoperability in a South African national EHR system since it addresses the issues that South Africa currently faces with regard to duplicate patient identifiers, which is a barrier to interoperability. The same applies to the health provider and facility registries (CSIR and RSA Department of Health, 2014). The expert review used to evaluate the proposed system architecture is discussed next.

 

6 PROPOSED SYSTEM ARCHITECTURE EVALUATION VIA EXPERT REVIEW

The proposed system architecture was evaluated using the expert review method and was used to receive feedback from five health experts (Angkananon et al., 2013). The questions that were used in the expert review were based on Weber's (2012) evaluation framework, which can be used to evaluate the quality of theories and models including the proposed system architecture. Two perspectives that are covered by the evaluation framework are the 'parts' and the 'whole'. The first perspective covers the quality of the components which constitute the proposed system architecture, while the second perspective focuses on the proposed system architecture as a whole. The parts consist of constructs, associations, states and events, while the whole consists of importance, novelty, parsimony, level and falsifiability. Associations, states and events are not relevant to the proposed system architecture, as its constructs (security, privacy and interoperability attributes) are not quantifiable, which is required in order for the evaluation to be done using these three criteria. As a result, the evaluation of the proposed system architecture was based on the five criteria of the whole and was conducted qualitatively.

Most of the responses indicated that the importance of the proposed system architecture was prominent through the central location of the interoperability view. The interoperability view is relevant as it comprises components that are essential to the realisation of interoperability. These components include the interoperability layer, which functions as a HSB and ensures all three levels of interoperability (foundational, syntactic and semantic interoperability) as well as the terminology, patient, health provider and facility registries that also facilitate interoperability, which ensures HIE.

According to Weber (2012), for a contribution to be novel, it should frame well-known focal phenomena in different ways and should also make modifications to an existing model, for example, by adding constructs. The majority of respondents agreed that the proposed system architecture was novel. The proposed system architecture addressed the aforementioned criteria by providing a different illustration, compared to other national EHR system architectures from the literature, of the manner in which the interoperability view and its components can be used to facilitate interoperability through the aggregation of disparate EMRs in order to realise a national EHR. The proposed system architecture also addressed the second criteria as it illustrates the relationship between governance, standards and interoperability. This relationship, which indicates how governance and standards are required to ensure interoperability, has not been included in previous national EHR system architectures.

A model is considered parsimonious if it realises a good degree of explanatory power with regard to its focal phenomena while utilising a small amount of constructs (Weber, 2012). Most of the responses mentioned that the number of components used by the proposed system architecture were sufficient. Thus, the explanation of the proposed system architecture's focal phenomena (interoperability) was not negatively impacted by the adjacent components.

The level criteria indicates whether a model covers its phenomena in a broad or specific way. The majority of the respondents stated that the level of the proposed system architecture was broad. This is because in addition to the central interoperability view, the proposed system architecture also includes other essential components that form part of a national EHR system architecture such as access control, which is required to secure patient information.

The falsifiability of a model indicates whether it can be tested empirically (Weber, 2012). There was consensus among all the respondents that the proposed system architecture could be tested in the real world. This could be achieved by for example, creating a prototype of the proposed system architecture in order to test it empirically.

The evaluation of the proposed system architecture using the perspective of the whole from Weber's (2012) evaluation framework, verified the quality of the proposed system architecture as it satisfied all five criteria of the 'whole' perspective. The discussion of the proposed system architecture is covered below.

 

7 DISCUSSION

This paper proposed a system architecture that addresses interoperability challenges by indicating how the interoperability of EMR systems would be possible at a South African national level. Accordingly, the proposed system architecture was created to address the interoperability issues faced within the South African context, which is a prerequisite to realising an interoperable national EHR system.

The development of the proposed system architecture was informed by themes obtained from the content analysis results. These themes were incorporated into the proposed system architecture as components, which were discussed in Section 3.2. For instance, a patient portal was incorporated into the proposed system architecture for providing patients with EHR access. The proposed system architecture retrieves the EHR using the distributed architecture, which is in contrast to the centralised architecture. Notable disadvantages of the centralised architecture include the fact that centralised patient information is not always up to date, there are security risks when storing patient information centrally and the centralised architecture is a single point of failure (AlJarullah & El-Masri, 2013). These disadvantages could have a negative impact on providing healthcare electronically in South Africa, as well as creating security risks in relation to the centrally stored patient information. However, the distributed architecture is able to address these issues since the latest patient information is available from the health facility where it is stored, there is an increased level of security since patient information remains at the source health facility and as a result there is no single point of failure (AlJarullah & El-Masri, 2013). The proposed system architecture also incorporated certain registries, including terminology, patient, health provider and facility registries. The inclusion of these registries was important since they facilitate interoperability, for instance the terminology registry is used to facilitate semantic interoperability.

The interoperability layer of the proposed system architecture, which also functions as an HSB, is used to address the three levels of interoperability: foundational, syntactic and semantic interoperability (the interoperability challenges South Africa faces, which inhibit the attainment of these three levels, were covered in Section 2). Foundational interoperability is enabled by the interoperability layer since it connects disparate EMR systems together in a network, thus allowing the exchange of information among the connected systems. Furthermore, this layer functions as an interface which enables it to transform the exchanged messages into a common standardised format, thus ensuring syntactic interoperability. Thirdly, the interoperability layer calls the terminology registry which maps the terminologies contained in the exchanged messages to a common terminology, thereby enabling semantic interoperability. Additionally, the interoperability layer supports the integration of archetypes with terminologies. Hence, the proposed system architecture addresses interoperability challenges in South Africa by ensuring all three levels of interoperability. This enables HIE, which allows disparate EMR systems to interpret the exchanged messages, thus resulting in the realisation of an interoperable South African national EHR system.

The proposed system architecture, which is the contribution of this study, makes a number of improvements over other national EHR system architectures in the literature. Firstly, the proposed system architecture provides an alternative illustration of the way disparate EMRs are aggregated to form the national EHR. It also presents the concept of tiered EHRs and differentiates between two types of EHRs: the first-tier and second-tier EHR. Thirdly, it represents the relationship between governance, standards and interoperability which indicates how governance and standards are required to ensure interoperability. Previous system architectures from the examined literature (Canada Health Infoway, 2006; CSIR and RSA Department of Health, 2014; Deloitte, 2015; House of Commons Committee of Public Accounts, 2006; Sell-berg & Eltes, 2017) do not illustrate the relationship involving governance, which is a key component that is required to ensure interoperability in a national EHR system. Lastly, the PoPI Act component was included in the proposed system architecture and was covered in terms of the way this regulation protects the EHR using access control. The conclusion of this paper is covered next as well as the limitations of the study and future research.

 

8 CONCLUSION

Countries including South Africa have embarked on implementing national EHR systems in order to improve the delivery of healthcare. However, a lack of interoperability between South Africa's health information systems has led to a number of disparate systems which cannot communicate with one another. This paper proposed a system architecture that can assist by addressing the interoperability challenges faced by South Africa. The proposed system architecture was informed by the results of a content analysis. The results of the content analysis were used as themes which were included in the proposed system architecture in the form of components. The relationship between these components were discussed in terms ofhowthese components can be used together to address South Africa's interoperability challenges. Next, interoperability was discussed in terms of its three levels. In addition, the use of healthcare interoperability standards, clinical models and initiatives was examined to ensure interoperability. The manner in which the proposed system architecture addresses foundational, syntactic and semantic interoperability was also covered. An expert review was used to evaluate the proposed system architecture and was based on Weber's evaluation framework (2012). The contribution of this study is relevant as South Africa is looking to implement a national EHR system and the proposed system architecture can be used to guide it.

While this study focused on the way interoperability between disparate systems can be ensured, a limitation is that some systems such as paper-based systems and legacy systems used by health facilities may not be interoperable. Data contained in legacy systems, such as patient information, would thus need to be migrated to systems that can support interoperability. However, this will require funding. Moreover, bandwidth requirements are a prerequisite for the implementation of a national EHR system and would also need to be addressed. Future research could focus on developing a prototype of the proposed system architecture in order to test how it would perform in the real world by demonstrating how interoperability can be ensured between disparate systems. This would assist South Africa in realising an interoperable national EHR system.

 

ACKNOWLEDGEMENTS

The authors would like to thank Professor Sabine Koch from the Karolinska Institute, Sweden, for her invaluable feedback which contributed to this paper.

 

References

Aliakbarpoor, Y., Comai, S. & Pozzi, G. (2017). Designing a HL7 compatible personal health record for mobile devices. 2017 IEEE 3rd International Forum on Research and Technologies for Society and Industry (RTSI), 1-6. https://doi.org/10.1109/RTSI.2017.8065881

AlJarullah, A. & El-Masri, S. (2013). A novel system architecture for the national integration of electronic health records: A semi-centralized approach. Journal of Medical Systems, 37(4), 9953. https://doi.org/10.1007/s10916-013-9953-4        [ Links ]

Alverson, D. C. (2021). Telemedicine and health information exchange: An opportunity for integration. In R. Latifi, C. R. Doarn & R. C. Merrell (Eds.), Telemedicine, telehealth and telepresence (pp. 63-76). Springer.

Ando, H., Cousins, R. & Young, C. (2014). Achieving saturation in thematic analysis: Development and refinement of a codebook. Comprehensive Psychology, 3,1-7. https://doi.org/10.2466/03.CP.3.4        [ Links ]

Angkananon, K., Wald, M. & Gilbert, L. (2013). Findings of expert validation and review of the technology enhanced interaction framework [Last accessed 12 Jun 2021]. The 13th International Conference on Software Engineering Research and Practice, Las Vegas, United States. 21-24 Jul 2013. https://eprints.soton.ac.uk/355649/

Aziz, S. U. A., Askari, M. & Shah, S. N. (2020). Standards for digital health. In D. C. Klonoff, D. Kerr & S. A. Mulvaney (Eds.), Diabetes digital health (pp. 231-242). Elsevier.

Bakker, A. R. (2007). The need to know the history of the use of digital patient data, in particular the EHR. International Journal of Medical Informatics, 76(5-6), 438-441. https://doi.org/10.1016/j.ijmedinf.2006.09.009        [ Links ]

Becker, M. Y. (2007). Information governance in NHS's NPfIT: A case for policy specification. International Journal of Medical Informatics, 76(5-6), 432-437. https://doi.org/10.1016/j.ijmedinf.2006.09.008        [ Links ]

Beimel, D. & Peleg, M. (2011). Using OWL and SWRL to represent and reason with situation-based access control policies. Data and Knowledge Engineering, 70(6), 596-615. https://doi.org/10.1016/j.datak.2011.03.006        [ Links ]

Ben-Assuli, O. (2015). Electronic health records, adoption, quality of care, legal and privacy issues and their implementation in emergency departments. Health Policy, 119(3), 287297. https://doi.org/10.1016/j.healthpol.2014.11.014        [ Links ]

Benson, T. (2012). Principles of health interoperability HL7 and SNOMED. Springer.

Benson, T. & Grieve, G. (2021). Principles of health interoperability: FHIR, HL7 and SNOMED CT. Springer.

Bittins, S., Kober, G., Margheri, A., Masi, M., Miladi, A. & Sassone, V. (2021). Healthcare data management by using blockchain technology. In S. Namasudra & G. C. Deka (Eds.), Applications ofblockchain in healthcare. Studies in big data (pp. 1-27). Springer.

Blobel, B. G. M. E. & Pharow, P. (2007). A model driven approach for the German health telematics architectural framework and security infrastructure. International Journal of Medical Informatics, 78(2-3), 169-175. https://doi.org/10.1016/j.ijmedinf.2006.05.044        [ Links ]

Blobel, B. (2007). Comparing approaches for advanced e-health security infrastructures. International Journal of Medical Informatics, 76(5-6), 454-459. https://doi.org/10.1016/j.ijmedinf.2006.09.012        [ Links ]

Botha, J., Grobler, M. M., Hahn, J. & Eloff, M. (2017). A high-level comparison between the South African Protection of Personal Information Act and international data protection laws. Proceedings of the 12th International Conference on Cyber Warfare and Security, 57-66.

Bourgeois, F. C., Taylor, P. L., Emans, S. J., Nigrin, D. J. & Mandl, K. D. (2008). Whose personal control? Creating private, personally controlled health records for pediatric and adolescent patients. Journal of the American Medical Informatics Association, 15(6), 737-743. https://doi.org/10.1197/jamia.M2865        [ Links ]

Braunstein, M. (2018). Health informatics on FHIR: How HL7's new API is transforming healthcare. Springer.

Broyles, D., Dixon, B. E., Crichton, R., Biondich, P. & Grannis, S. J. (2016). The evolving health information infrastructure. In B. E. Dixon (Ed.), Health information exchange: Navigating and managing a network of health information systems (pp. 107-122). Elsevier.

Cabitza, F., Simone, C. & Michelis, G. D. (2015). User-driven prioritization of features for a prospective InterPersonal Health Record: Perceptions from the Italian context. Computers in Biology and Medicine, 59, 202-210. https://doi.org/10.1016/j.compbiomed.2014.03.009        [ Links ]

Canada Health Infoway. (2006). EHRS blueprint: An interoperable EHR framework-Version 2 [Last accessed 12 June 2021]. https://www.infoway-inforoute.ca/en/component/edocman/resources/technical-documents/391-ehrs-blueprint-v2-full

Coleman, A. (2013). An integrated model to share patient health records in public and private hospitals in South Africa. Studies on Ethno-Medicine, 7(2), 87-93. https://doi.org/10.1080/09735070.2013.11886448        [ Links ]

CSIR and RSA Department of Health. (2014). National health normative standards framework for interoperability in eHealth in South Africa: Version 2.0 [Last accessed 12 Jun 2021]. http://www.samed.org.za/Filemanager/userfiles/hnsf-complete-version.pdf.

De Moor, G., Sundgren, M., Kalra, D., Schmidt, A., Dugas, M., Claerhout, B., Karakoyun, T., Ohmann, C., Lastic, P.-Y., Ammour, N., Kush, R., Dupont, D., Cuggia, M., Daniel, C., Thienpont, G. & Coorevits, P. (2015). Using electronic health records for clinical research: The case of the EHR4CR project. Journal of Biomedical Informatics, 53,162-173. https://doi.org/10.1016/jjbi.2014.10.006        [ Links ]

Dekker, M. A. C. & Etalle, S. (2007). Audit-based access control for electronic health records [vol. 168]. Electronic notes in theoretical computer science (pp. 221-236). https://doi.org/10.1016/j.entcs.2006.08.028

Deloitte. (2015). Independent review of New Zealand's electronic health records strategy [Last accessed 11 Jun 2021]. http://www.health.govt.nz/publication/independent-review-new-zealands-electronic-health-record-strategy

Dolin, R. H. & Alschuler, L. (2011). Approaching semantic interoperability in Health Level Seven. Journal of the American Medical Informatics Association, 18(1), 99-103. https://doi.org/10.1136/jamia.2010.007864        [ Links ]

Duftschmid, G., Rinner, C., Kohler, M., Huebner-Bloder, G., Saboor, S. & Ammenwerth, E. (2013). The EHR-ARCHE project: Satisfying clinical information needs in a shared electronic health record system based on IHE XDS and archetypes. International Journal of Medical Informatics, 82(12), 1195-1207. https://doi.org/10.1016/j.ijmedinf.2013.08.002        [ Links ]

Fernández-Alemán, J. L., Senor, I. C., Lozoya, P. Á. O. & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. https://doi.org/10.1016/jjbi.2012.12.003        [ Links ]

Furnell, S. M., Katsikas, S., Lopez, J. & Patel, A. (2008). Securing information and communications systems: Principles, technologies, and applications. Artech House.

Genitsaridi, I., Kondylakis, H., Koumakis, L., Marias, K. & Tsiknakis, M. (2013). Towards intelligent personal health record systems: Review, criteria and extensions. Procedia Computer Science, 21, 327-334. https://doi.org/10.1016/j.procs.2013.09.043        [ Links ]

Gkoulalas-Divanis, A., Loukides, G. & Sun, J. (2014). Publishing data from electronic health records while preserving privacy: A survey of algorithms. Journal of Biomedical Informatics, 50, 4-19. https://doi.org/10.1016/jjbi.2014.06.002        [ Links ]

Gregg, M. (2017). CISSP exam cram [4th ed.]. Pearson.

Hammami, R., Bellaaj, H. & Kacem, A. H. (2014). Interoperability for medical information systems: An overview. Health and Technology, 4(3), 261-272. https://doi.org/10.1007/s12553-014-0085-8        [ Links ]

Heymans, S., McKennirey, M. & Phillips, J. (2011). Semantic validation of the use of SNOMED CT in HL7 clinical documents. Journal of Biomedical Semantics, 2(2), 1-16. https://doi.org/10.1186/2041-1480-2-2        [ Links ]

HL7 International. (2019). FHIR overview-Architects [Last accessed 12 Jun 2021]. https://www.hl7.org/fhir/overview-arch.html

Hosseini, M. & Dixon, B. E. (2016). Syntactic interoperability and the role of standards. Elsevier.

House of Commons Committee of Public Accounts. (2006). Department of Health: The National Programme for IT in the NHS [Last accessed 12 June 2021]. https://publications.parliament.uk/pa/cm200607/cmselect/cmpubacc/390/390.pdf

International Committee for Information Technology Standards. (2012). INCITS 494-2012[R2017]: Information technology - Role based access control - Policy enhanced [Last accessed 12 Jun 2021]. https://standards.incits.org/apps/group_public/project/details.php?project_id=1891

Iroju, O., Soriyan, A., Gambo, I. & Olaleke, J. (2013). Interoperability in healthcare: Benefits, challenges and resolutions. InternationalJournal of Innovation and Applied Studies, 3(1), 262-270.         [ Links ]

Joshi, R., Negi, S. & Sachdeva, S. (2021). Cloud based interoperability in healthcare [Advances in intelligent systems and computing, vol. 1227]. In V. Singh, V. K. Asari, S. Kumar & R. B. Patel (Eds.), Computational methods and data engineering (pp. 599-611). Springer.

Kierkegaard, P. (2011). Electronic health record: Wiring Europe's healthcare. Computer Law & Security Review, 27(5), 503-515. https://doi.org/10.1016/j.clsr.2011.07.013        [ Links ]

Kubicek, H., Cimander, R. & Scholl, H. J. (2011). Organizational interoperability in e-government: Lessons from 77 European good-practice cases. Springer.

Kush, R. D. (2012). Data sharing: Electronic health records and research interoperability. Springer.

Kushniruk, A. W., Bates, D. W., Bainbridge, M., Househ, M. S. & Borycki, E. M. (2013). National efforts to improve health information system safety in Canada, the United States of America and England. International Journal of Medical Informatics, 82(5), e149-e160. https://doi.org/10.1016/j.ijmedinf.2012.12.006        [ Links ]

Lopez, D. M. & Blobel, B. G. M. E. (2009). A development framework for semantically interoperable health information systems. International Journal ofMedical Informatics, 78(2), 83-103. https://doi.org/10.1016/j.ijmedinf.2008.05.009        [ Links ]

Macia, I. (2014). Towards a semantic interoperability environment. 2014 IEEE 16th International Conference on e-Health Networking, Applications and Services, Healthcom 2014 (pp. 543-548). https://10.1109/HealthCom.2014.7001900

Malin, B., Nyemba, S. & Paulett, J. (2011). Learning relational policies from electronic health record access logs. Journal of Biomedical Informatics, 44(2), 333-342. https://doi.org/10.1016/j.jbi.2011.01.007        [ Links ]

Moher, D., Liberati, A., Tetzlaff, J., Altman, D. G. & The PRISMA Group. (2009). Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Public Library of Science Medicine, 6(7), 1-6. https://doi.org/10.1371/journal.pmed.1000097        [ Links ]

Moreno-Conde, A., Moner, D., da Cruz, W. D., Santos, M. R., Maldonado, J. A., Robles, M. & Kalra, D. (2015). Clinical information modeling processes for semantic interoperability of electronic health records: Systematic review and inductive analysis. Journal ofthe American Medical Informatics Association, 22(4), 925-934. https://doi.org/10.1093/jamia/ocv008        [ Links ]

Ohuabunwa, E. C., Sun, J., Jubanyik, K. J. & Wallis, L. A. (2016). Electronic medical records in low to middle income countries: The case of Khayelitsha Hospital, South Africa. African Journal of Emergency Medicine, 6(1), 38-43. https://doi.org/10.1016/j.afjem.2015.06.003        [ Links ]

Pedersen, R., Granja, C. & Ruiz, L. M. (2016). The value of clinical information models and terminology for sharing clinical information. eTELEMED 2016: The Eighth International Conference on eHealth, Telemedicine, and Social Medicine (with DIGITAL HEALTHY LIVING 2016 / MATH 2016), 153-159.

Peleg, M., Beimel, D., Dori, D. & Denekamp, Y. (2008). Situation-based access control: Privacy management via modeling of patient data access scenarios. Journal ofBiomedical Informatics, 41(6), 1028-1040. https://doi.org/10.1016/jjbi.2008.03.014        [ Links ]

RSA Department of Health. (2012). eHealth strategy South Africa [Last accessed 12 Jun 2021]. https://www.health-e.org.za/wp-content/uploads/2014/08/South-Africa-eHealth-Strategy-2012-2017.pdf

RSA Government Gazette. (2013). Protection of Personal Information Act [Last accessed 12 Jun 2021]. https://www.gov.za/documents/protection-personal-information-act

Ryan, A. & Eklund, P. (2010). The health service bus: An architecture and case study in achieving interoperability in healthcare. Studies in Health Technology and Informatics, 160, 922926. https://doi.org/10.3233/978-1-60750-588-4-922        [ Links ]

Santos, A., Macedo, J., Costa, A. & Nicolau, M. J. (2014). Internet of things and smart objects for m-health monitoring and control. Procedia Technology, 16, 1351-1360. https://doi.org/10.1016/j.protcy.2014.10.152        [ Links ]

Saripalle, R. K. (2020). Leveraging FHIR to integrate activity data with electronic health record. Health and Technology, 10(1), 341-352. https://doi.org/10.1007/s12553-019-00316-5        [ Links ]

Sellberg, N. & Eltes, J. (2017). The Swedish patient portal and its relation to the national reference architecture and the overall eHealth infrastructure. In M. Aanestad, M. Grisot, O. Hanseth & P. Vassilakopoulou (Eds.), Information infrastructures within European health care (pp. 225-244). Springer.

Silva, R. J., Sloane, E. B. & Cooper, T. (2020). Application of HL7 FHIR for device and health information system interoperability [2nd ed.]. In E. Iadanza (Ed.), Clinical engineering handbook (pp. 611-615). Elsevier.

Sucurovic, S. (2007). Implementing security in a distributed web-based EHCR. International Journal of Medical Informatics, 76(5-6), 491-496. https://doi.org/10.1016/j.ijmedinf.2006.09.017        [ Links ]

Tsiknakis, M. & Kouroubali, A. (2009). Organizational factors affecting successful adoption of innovative eHealth services: A case study employing the FITT framework. International Journal of Medical Informatics, 78(1), 39-52. https://doi.org/10.1016/j.ijmedinf.2008.07.001        [ Links ]

van der Linden, H., Kalra, D., Hasman, A. & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International Journal of Medical Informatics, 78(3), 141-160. https://doi.org/10.1016/j.ijmedinf.2008.06.013        [ Links ]

Wahyuni, D. (2012). The research design maze: Understanding paradigms, cases, methods and methodologies. Journal of Applied Management Accounting Research, 10(1), 69-80.         [ Links ]

Weber, R. (2012). Evaluating and developing theories in the information systems discipline. Journal of the Association for Information Systems, 13(1), 1-30. https://doi.org/10.17705/1jais.00284        [ Links ]

Weeks, R. (2014). The implementation of an electronic patient healthcare record system: A South African case study. Journal of Contemporary Management, 11, 101-119.         [ Links ]

Whitman, M. E. & Mattord, H. J. (2016). Principles of information security [5th ed.]. Cengage Learning.

Wright, G., O'Mahony, D. & Cilliers, L. (2017). Electronic health information systems for public health care in South Africa: A review of current operational systems. Journal of Health Informatics in Africa, 4(1), 51-57. https://doi.org/10.12856/JHIA-2017-v4-i1-164        [ Links ]

Yoo, S., Kim, S., Lee, S., Lee, K.-H., Baek, R.-M. & Hwang, H. (2013). A study of user requests regarding the fully electronic health record system at Seoul National University Bundang Hospital: Challenges for future electronic health record systems. International Journal of Medical Informatics, 82(5), 387-397. https://doi.org/10.1016/j.ijmedinf.2012.08.004        [ Links ]

A APPENDIX: CONTENT ANALYSIS

Abouelmehdi, K., Beni-Hessane, A. & Khaloufi, H. (2018). Big healthcare data: Preserving security and privacy. Journal of Big Data, 5(1), 1-18. https://doi.org/10.1186/s40537-017-0110-7        [ Links ]

Alkeem, E. A., Shehada, D., Yeun, C. Y., Zemerly, M. J. & Hu, J. (2017). New secure healthcare system using cloud of things. Cluster Computing, 20(3), 2211-2229. https://doi.org/10.1007/s10586-017-0872-x        [ Links ]

Bakker, A. R. (2007). The need to know the history of the use of digital patient data, in particular the EHR. International Journal of Medical Informatics, 76(5-6), 438-441. https://doi.org/10.1016/j.ijmedinf.2006.09.009        [ Links ]

Becker, M. Y. (2007). Information governance in NHS's NPfIT: A case for policy specification. International Journal of Medical Informatics, 76(5-6), 432-437. https://doi.org/10.1016/j.ijmedinf.2006.09.008        [ Links ]

Beimel, D. & Peleg, M. (2011). Using OWL and SWRL to represent and reason with situation-based access control policies. Data and Knowledge Engineering, 70(6), 596-615. https://doi.org/10.1016/j.datak.2011.03.006        [ Links ]

Ben-Assuli, O. (2015). Electronic health records, adoption, quality of care, legal and privacy issues and their implementation in emergency departments. Health Policy, 119(3), 287297. https://doi.org/10.1016/j.healthpol.2014.11.014        [ Links ]

Blobel, B. (2007). Comparing approaches for advanced e-health security infrastructures. International Journal of Medical Informatics, 76(5-6), 454-459. https://doi.org/10.1016/j.ijmedinf.2006.09.012        [ Links ]

Blobel, B. G. M. E. & Pharow, P. (2007). A model driven approach for the German health telematics architectural framework and security infrastructure. International Journal of Medical Informatics, 78(2-3), 169-175. https://doi.org/10.1016/j.ijmedinf.2006.05.044        [ Links ]

Bourgeois, F. C., Taylor, P. L., Emans, S. J., Nigrin, D. J. & Mandl, K. D. (2008). Whose personal control? Creating private, personally controlled health records for pediatric and adolescent patients. Journal of the American Medical Informatics Association, 15(6), 737-743. https://doi.org/10.1197/jamia.M2865        [ Links ]

Cabitza, F., Simone, C. & Michelis, G. D. (2015). User-driven prioritization of features for a prospective InterPersonal Health Record: Perceptions from the Italian context. Computers in Biology and Medicine, 59, 202-210. https://doi.org/10.1016/j.compbiomed.2014.03.009        [ Links ]

Casanovas, P., Mendelson, D. & Poblet, M. (2017). A linked democracy approach for regulating public health data. Health and Technology, 7(4), 519-537. https://doi.org/10.1007/s12553-017-0191-5        [ Links ]

De Moor, G., Sundgren, M., Kalra, D., Schmidt, A., Dugas, M., Claerhout, B., Karakoyun, T., Ohmann, C., Lastic, P.-Y., Ammour, N., Kush, R., Dupont, D., Cuggia, M., Daniel, C., Thienpont, G. & Coorevits, P. (2015). Using electronic health records for clinical research: The case of the EHR4CR project. Journal ofBiomedical Informatics, 53, 162173. https://doi.org/10.1016/j.jbi.2014.10.006        [ Links ]

Dekker, M. A. C. & Etalle, S. (2007). Audit-based access control for electronic health records [vol. 168]. Electronic notes in theoretical computer science (pp. 221-236). https://doi.org/10.1016/j.entcs.2006.08.028

Duftschmid, G., Rinner, C., Kohler, M., Huebner-Bloder, G., Saboor, S. & Ammenwerth, E. (2013). The EHR-ARCHE project: Satisfying clinical information needs in a shared electronic health record system based on IHE XDS and archetypes. International Journal of Medical Informatics, 82(12), 1195-1207. https://doi.org/10.1016/j.ijmedinf.2013.08.002        [ Links ]

Fernández-Alemán, J. L., Senor, I. C., Lozoya, P. Á. O. & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal ofBiomedical Informatics, 46(3), 541-562. https://doi.org/10.1016/j.jbi.2012.12.003        [ Links ]

Genitsaridi, I., Kondylakis, H., Koumakis, L., Marias, K. & Tsiknakis, M. (2013). Towards intelligent personal health record systems: Review, criteria and extensions. Procedia Computer Science, 21, 327-334. https://doi.org/10.1016/j.procs.2013.09.043        [ Links ]

Gkoulalas-Divanis, A., Loukides, G. & Sun, J. (2014). Publishing data from electronic health records while preserving privacy: A survey of algorithms. Journal of Biomedical Informatics, 50, 4-19. https://doi.org/10.1016/j.jbi.2014.06.002        [ Links ]

Hussien, H. M., Yasin, S. M., Udzir, S. N., Zaidan, A. A. & Zaidan, B. B. (2019). A systematic review for enabling of develop a blockchain technology in healthcare application: Taxonomy, substantially analysis, motivations, challenges, recommendations and future direction. Journal of Medical Systems, 43(10), 1-35. https://doi.org/10.1007/s10916-019-1445-8        [ Links ]

Kierkegaard, P. (2011). Electronic health record: Wiring Europe's healthcare. Computer Law & SecurityReview, 27(5), 503-515. https://doi.org/10.1016/j.clsr.2011.07.013        [ Links ]

Kushniruk, A. W., Bates, D. W., Bainbridge, M., Househ, M. S. & Borycki, E. M. (2013). National efforts to improve health information system safety in Canada, the United States of America and England. International Journal ofMedical Informatics, 82(5), e149-e160. https://doi.org/10.1016/j.ijmedinf.2012.12.006        [ Links ]

Lopez, D. M. & Blobel, B. G. M. E. (2009). A development framework for semantically interoperable health information systems. International Journal ofMedical Informatics, 78(2), 83-103. https://doi.org/10.1016/j.ijmedinf.2008.05.009        [ Links ]

Malin, B., Nyemba, S. & Paulett, J. (2011). Learning relational policies from electronic health record access logs. Journal ofBiomedical Informatics, 44(2), 333-342. https://doi.org/10.1016/j.jbi.2011.01.007        [ Links ]

Mohsin, A. H., Zaidan, A. A., Zaidan, B. B., bin Ariffin, S. A., Albahri, O. S., Albahri, A. S., Alsalem, M. A., Mohammed, K. I. & Hashim, M. (2018). Real-time medical systems based on human biometric steganography: A systematic review. Journal ofMedical Systems, 42(12), 1-20. 10.1007/s10916-018-1103-6        [ Links ]

Parrend, P., Mazzucotelli, T., Colin, F., Collet, P. & Mandel, J.-L. (2018). Cerberus, an access control scheme for enforcing least privilege in patient cohort study platforms. Journal of Medical Systems, 42(1), 1-19. https://doi.org/10.1007/s10916-017-0844-y        [ Links ]

Peleg, M., Beimel, D., Dori, D. & Denekamp, Y. (2008). Situation-based access control: Privacy management via modeling of patient data access scenarios. Journal ofBiomedical Informatics, 41(6), 1028-1040. https://doi.org/10.1016/jjbi.2008.03.014        [ Links ]

Riaz, M., King, J., Slankas, J., Williams, L., Massacci, F., Quesada-López, C. & Jenkins, M. (2017). Identifying the implied: Findings from three differentiated replications on the use of security requirements templates. Empirical Software Engineering, 22(4), 2127-2178. https://doi.org/10.1007/s10664-016-9481-1        [ Links ]

Santos, A., Macedo, J., Costa, A. & Nicolau, M. J. (2014). Internet of things and smart objects for m-health monitoring and control. Procedia Technology, 16, 1351-1360. https://doi.org/10.1016/j.protcy.2014.10.152        [ Links ]

Sucurovic, S. (2007). Implementing security in a distributed web-based EHCR. International Journal ofMedical Informatics, 76(5-6), 491-496. https://doi.org/10.1016/j.ijmedinf.2006.09.017        [ Links ]

Tipton, S. J., Forkey, S. & Choi, Y. B. (2016). Toward proper authentication methods in electronic medical record access compliant to HIPAA and C.I.A. triangle. Journal of Medical Systems, 40(4), 1-8. https://doi.org/10.1007/s10916-016-0465-x        [ Links ]

Tsiknakis, M. & Kouroubali, A. (2009). Organizational factors affecting successful adoption of innovative eHealth services: A case study employing the FITT framework. International Journal of Medical Informatics, 78(1), 39-52. https://doi.org/10.1016/j.ijmedinf.2008.07.001        [ Links ]

van der Linden, H., Kalra, D., Hasman, A. & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International Journal of Medical Informatics, 78(3), 141-160. https://doi.org/10.1016/j.ijmedinf.2008.06.013        [ Links ]

Vithanwattana, N., Mapp, G. & George, C. (2017). Developing a comprehensive information security framework for mHealth: A detailed analysis. Journal ofReliable Intelligent Environments, 3(1), 21-39. https://doi.org/10.1007/s40860-017-0038-x        [ Links ]

Yoo, S., Kim, S., Lee, S., Lee, K.-H., Baek, R.-M. & Hwang, H. (2013). A study of user requests regarding the fully electronic health record system at Seoul National University Bundang Hospital: Challenges for future electronic health record systems. International Journal of Medical Informatics, 82(5), 387-397. https://doi.org/10.1016/j.ijmedinf.2012.08.004        [ Links ]

Zemmoudj, S., Bermad, N. & Omar, M. (2019). Context-aware pseudonymization and authorization model for IoT-based smart hospitals. Journal of Ambient Intelligence and Humanized Computing, 10(11), 4473-4490. https://doi.org/10.1007/s12652-018-1129-0        [ Links ]

 

 

Received: 17 May 2020
Accepted: 13 April 2021
Available online: 12 July 2021