Presented at the Second Growing e-Health Expertise, Knowledge and Skills (GEEKS) Program, Department of Disease Control, Ministry of Public Health, Bangkok, Thailand on August 7, 2019
8. 8
“Big data is like teenage sex:
everyone talks about it,
nobody really knows how to do it,
everyone thinks everyone else is doing it,
so everyone claims they are doing it...”
-- Dan Ariely @danariely (2013)
Substitute “Big data” with “AI”, “Blockchain”, “IoT”
of your choice.
-- Nawanan Theera-Ampornpunt (2018)
9. 9
Hype vs. Hope
Jeremy Kemp via http://en.wikipedia.org/wiki/Hype_cycle
http://www.gartner.com/technology/research/methodologies/hype-cycle.jsp
12. 12
A Real-Life Personal Story of
My Failure (as a Doctor and as
a Son) in Misdiagnosing
My Mom
Would AI Help?
13. 13
• Nothing is certain in medicine &
health care
• Large variations exist in patient
presentations, clinical course,
underlying genetic codes, patient &
provider behaviors, biological
responses & social contexts
Why Clinical Judgment Is Still Necessary?
14. 14
• Most diseases are not diagnosed by
diagnostic criteria, but by patterns of
clinical presentation and perceived
likelihood of different diseases given
available information (differential
diagnoses)
• Human is good at pattern
recognition, while machine is good at
logic & computations
Why Clinical Judgment Is Still Necessary?
15. 15
• Machines are (at best) as good as
the input data
–Not everything can be digitized or
digitally acquired
–Not everything digitized is accurate
(“Garbage In, Garbage Out”)
• Experience, context & human touch
matters
Why Clinical Judgment Is Still Necessary?
17. 17
Why Aren’t We Talk About These Words?
http://hcca-act.blogspot.com/2011/07/reflections-on-patient-centred-care.html
18. 18
The Goal of Health Care
The answer is already obvious...
“Health”
“Care”
19. 19
• Safe
• Timely
• Effective
• Patient-Centered
• Efficient
• Equitable
Institute of Medicine, Committee on Quality of Health Care in America. Crossing the quality
chasm: a new health system for the 21st century. Washington, DC: National Academy
Press; 2001. 337 p.
High Quality Care
23. 23
Image Source: (Left) http://docwhisperer.wordpress.com/2007/05/31/sleepy-heads/
(Right) http://graphics8.nytimes.com/images/2008/12/05/health/chen_600.jpg
To Err is Human 1: Attention
24. 24Image Source: Suthan Srisangkaew, Department of Pathology, Facutly of Medicine Ramathibodi Hospital
To Err is Human 2: Memory
25. 25
• Medication Errors
–Drug Allergies
–Drug Interactions
• Ineffective or inappropriate treatment
• Redundant orders
• Failure to follow clinical practice guidelines
Common Errors
27. 27
External Memory
Knowledge Data
Long Term Memory
Knowledge Data
Inference
DECISION
PATIENT
Perception
Attention
Working
Memory
CLINICIAN
Elson, Faughnan & Connelly (1997)
Clinical Decision Making
30. 30
ภาพรวมของงานด้าน Health IT
Intra-Hospital IT
• Electronic Health Records &
Health IT for Quality & Safety
• Digital Transformation
• AI, Data Analytics
• Hospital IT Quality
Improvement (HA-IT)
Inter-Hospital IT
• Health Information
Exchange (HIE)
Extra-Hospital IT
• Patients: Personal
Health Records (PHRs)
• Public Health: Disease
Surveillance & Analytics
Patient
at Home
32. 32
ภาพรวมของงานด้าน Health IT
Intra-Hospital IT
• Electronic Health Records &
Health IT for Quality & Safety
• Digital Transformation
• AI, Data Analytics
• Hospital IT Quality
Improvement (HA-IT)
Inter-Hospital IT
• Health Information
Exchange (HIE)
Extra-Hospital IT
• Patients: Personal
Health Records (PHRs)
• Public Health: Disease
Surveillance & Analytics
Patient
at Home
34. 34
Hospital A Hospital B
Clinic D
Policymakers
Patient at
Home
Hospital C
HIE Platform
Health Information Exchange (HIE)
35. 35
The National Alliance for Health Information Technology
(Report to ONC in 2008)
• HIE: “The electronic movement of health-related
information among organizations according to nationally
recognized standards”
Hersh (2009)
• HIE: “The exchange of health information for patient care
across traditional business boundaries in health care”
Emphasis in the definitions added by the presenter.
Health Information Exchange (HIE)
36. 36
The National Alliance for Health Information
Technology (Report to ONC in 2008)
• PHR: “An electronic record of health-related
information on an individual that conforms to
nationally recognized interoperability standards and
that can be drawn from multiple sources while being
managed, shared, and controlled by the individual”
Emphasis in the definitions added by the presenter.
Personal Health Records (PHRs)
37. 37
Hersh (2009)
• PHR: “Patient-controlled aspect of the health record, which
may or may not be tethered to one or more EHRs from
health care delivery organizations”
Markle Foundation’s Connecting for Health (2003)
• PHR: “An electronic application through which individuals
can access, manage and share their health information, and
that of others for whom they are authorized, in a private,
secure, and confidential environment”
Emphasis in the definitions added by the presenter.
Personal Health Records (PHRs)
40. 40
Electronic Health Records (EHRs) (ระเบียนสุขภาพอิเล็กทรอนิกส์)
Electronic Medical Records (EMRs) (เวชระเบียนอิเล็กทรอนิกส์)
▪ เวชระเบียนที่มีข้อมูลประวัติสุขภาพของผู้ป่วยในรูปแบบอิเล็กทรอนิกส์ ที่
สถานพยาบาลเก็บบันทึกและใช้ในการดูแลผู้ป่วย
Personal Health Records (PHRs) (ระเบียนสุขภาพส่วนบุคคล)
▪ ข้อมูลสุขภาพของผู้ป่วยในรูปแบบอิเล็กทรอนิกส์ ที่ผู้ป่วยเข้าถึงได้ และผู้ป่วย
สามารถควบคุมดูแล จัดการ และแลกเปลี่ยนข้อมูลกับผู้อื่นได้
▪ ไม่ว่าจะมีแหล่งที่มาจากข้อมูลในระบบสารสนเทศ (EHRs) ของสถานพยาบาล
โดยตรง ข้อมูลจากการบันทึกของผู้ป่วยเอง หรือจากแหล่งอื่นก็ตาม
▪ ทั้งนี้ รวมถึงกรณีที่ผู้แทนโดยชอบธรรมเป็นผู้ใช้งานแทนผู้ป่วยด้วย
เสนอความหมายโดย นพ.นวนรรน ธีระอัมพรพันธุ์ เพื่อประโยชน์ในการขับเคลื่อนงานด้านeHealth ของกระทรวงสาธารณสุขในระยะแรกเท่านั้น
ข้อเสนอความหมายของคาต่างๆ
41. 41
Health Information Exchange (HIE)
(การแลกเปลี่ยนข้อมูลสุขภาพระหว่างหน่วยงาน)
▪ การแลกเปลี่ยนข้อมูลสุขภาพของผู้ป่วยระหว่างหน่วยงานในระบบ
สุขภาพ เพื่อการดูแลผู้ป่วยและการจัดการระบบสุขภาพ
เสนอความหมายโดย นพ.นวนรรน ธีระอัมพรพันธุ์ เพื่อประโยชน์ในการขับเคลื่อนงานด้านeHealth ของกระทรวงสาธารณสุขในระยะแรกเท่านั้น
ข้อเสนอความหมายของคาต่างๆ
42. 42
Areas of Health Informatics
Patients &
Consumers
Providers &
Patients
Healthcare
Managers, Policy-
Makers, Payers,
Epidemiologists,
Researchers
Copyright Nawanan Theera-Ampornpunt (2018)
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
43. 43
Incarnations of Health IT
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
HIS/CIS
EHRs
Computerized Physician
Order Entry (CPOE)
Clinical Decision
Support Systems
(CDS) (including AI)
Closed Loop
Medication
PACS/RIS
LIS
Nursing
Apps
Disease Surveillance
(Active/Passive)
Business
Intelligence &
Dashboards
Telemedicine
Real-time Syndromic
Surveillance
mHealth for Public
Health Workers &
Volunteers
PHRs
Health Information
Exchange (HIE)
eReferral
mHealth for
Consumers
Wearable
Devices
Social
Media
Copyright Nawanan Theera-Ampornpunt (2018)
44. 44
Where We Are Today...
Copyright Nawanan Theera-Ampornpunt (2018)
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
Technology that
focuses on the sick,
not the healthy
Silos of data
within hospitalPoor/unstructured
data quality
Lack of health data
outside hospital
Poor data
integration across
hospitals/clinics
Poor data integration
for monitoring &
evaluation
Poor data quality (GIGO)
Finance leads
clinical outcomes
Poor IT change
management
Cybersecurity
& privacy risks
Few real examples
of precision
medicine
Little access
to own
health data
Poor patient
engagement
Poor accuracy
of wearables Lack of evidence
for health values
Health literacy
Information
Behavioral
change
Few standards
Lack of health IT
governance
48. 48
Myths
• We don’t need standards
• Standards are IT people’s jobs
• We should exclude vendors from this
• We need the same software to share data
• We need to always adopt international
standards
• We need to always use local standards
Theera-Ampornpunt (2011)
Myths & Truths about Standards
49. 49
Necessary Standards in Health IT
Functional
Semantic
Syntactic
Technical Standards
(TCP/IP, encryption,
security)
Exchange Standards (HL7 V2,
HL7 V3 Messaging, HL7 CDA,
HL7 FHIR, DICOM)
Vocabularies, Terminologies,
Coding Systems (ICD-10, ICD-9,
CPT, SNOMED CT, LOINC)
Information Models (HL7 V3 RIM,
ASTM CCR, HL7 CCD)
Standard Data Sets
Functional Standards (HL7 EHR
Functional Specifications)
Some may be hybrid: e.g. HL7 V3, HL7 CCD
Unique ID
50. 50
• CDS as a replacement or supplement of
clinicians?
– The demise of the “Greek Oracle” model (Miller & Masarie, 1990)
The “Greek Oracle” Model
The “Fundamental Theorem” Model
Friedman (2009)
Wrong Assumption
Correct Assumption
Clinical Decision Support Systems (CDS)
58. 58
▪ Information risks
▪ Unauthorized access & disclosure of confidential information
▪ Unauthorized addition, deletion, or modification of information
▪ Operational risks
▪ System not functional (Denial of Service - DoS)
▪ System wrongly operated
▪ Personal risks
▪ Identity thefts
▪ Financial losses
▪ Disclosure of information that may affect employment or other personal
aspects (e.g. health information)
▪ Physical/psychological harms
▪ Organizational risks
▪ Financial losses
▪ Damage to reputation & trust
ผลกระทบ/ความเสียหาย
63. 63
▪ Privacy: “The ability of an individual or group to seclude
themselves or information about themselves and thereby
reveal themselves selectively.” (Wikipedia)
▪ Security: “The degree of protection to safeguard ... person
against danger, damage, loss, and crime.” (Wikipedia)
▪ Information Security: “Protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction” (Wikipedia)
Security & Privacy
65. 65
หลักจริยธรรมที่เกี่ยวกับ Privacy
• Autonomy (หลักเอกสิทธิ์/ความเป็นอิสระของผู้ป่วย)
• Beneficence (หลักการรักษาประโยชน์สูงสุดของผู้ป่วย)
• Non-maleficence (หลักการไม่ทาอันตรายต่อผู้ป่วย)
“First, Do No Harm.”
66. 66
Hippocratic Oath
...
What I may see or hear in the course of
treatment or even outside of the treatment
in regard to the life of men, which on no
account one must spread abroad, I will keep
myself holding such things shameful to be
spoken about.
...
http://en.wikipedia.org/wiki/Hippocratic_Oath
74. 74
Alice
Simplified Attack Scenarios
Server Bob
- Physical access to client computer
- Electronic access (password)
- Tricking user into doing something
(malware, phishing & social
engineering)
Eve/Mallory
75. 75
Alice
Simplified Attack Scenarios
Server Bob
- Intercepting (eavesdropping or
“sniffing”) data in transit
- Modifying data (“Man-in-the-middle”
attacks)
- “Replay” attacks
Eve/Mallory
76. 76
Alice
Simplified Attack Scenarios
Server Bob
- Unauthorized access to servers through
- Physical means
- User accounts & privileges
- Attacks through software vulnerabilities
- Attacks using protocol weaknesses
- DoS / DDoS attacks Eve/Mallory
78. 78
Alice
Safeguarding Against Attacks
Server Bob
Administrative Security
- Security & privacy policy
- Governance of security risk management & response
- Uniform enforcement of policy & monitoring
- Disaster recovery planning (DRP) & Business continuity
planning/management (BCP/BCM)
- Legal obligations, requirements & disclaimers
79. 79
Alice
Safeguarding Against Attacks
Server Bob
Physical Security
- Protecting physical access of clients & servers
- Locks & chains, locked rooms, security cameras
- Mobile device security
- Secure storage & secure disposition of storage devices
80. 80
Alice
Safeguarding Against Attacks
Server Bob
User Security
- User account management
- Strong p/w policy (length, complexity, expiry, no meaning)
- Principle of Least Privilege
- “Clear desk, clear screen policy”
- Audit trails
- Education, awareness building & policy enforcement
- Alerts & education about phishing & social engineering
81. 81
Alice
Safeguarding Against Attacks
Server Bob
System Security
- Antivirus, antispyware, personal firewall, intrusion
detection/prevention system (IDS/IPS), log files, monitoring
- Updates, patches, fixes of operating system vulnerabilities &
application vulnerabilities
- Redundancy (avoid “Single Point of Failure”)
- Honeypots
82. 82
Alice
Safeguarding Against Attacks
Server Bob
Software Security
- Software (clients & servers) that is secure by design
- Software testing against failures, bugs, invalid inputs,
performance issues & attacks
- Updates to patch vulnerabilities
83. 83
Alice
Safeguarding Against Attacks
Server Bob
Network Security
- Access control (physical & electronic) to network devices
- Use of secure network protocols if possible
- Data encryption during transit if possible
- Bandwidth monitoring & control
84. 84
Alice
Safeguarding Against Attacks
Server Bob
Database Security
- Access control to databases & storage devices
- Encryption of data stored in databases if necessary
- Secure destruction of data after use
- Access control to queries/reports
- Security features of database management systems (DBMS)
85. 85
User Account Security
So, two informaticians
walk into a bar...
The bouncer says,
"What's the password."
One says, "Password?"
The bouncer lets them
in.
Credits: @RossMartin & AMIA (2012)
86. 86
▪ Access control
▪ Selective restriction of access to the system
▪ Role-based access control
▪ Access control based on the person’s role (rather than
identity)
▪ Audit trails
▪ Logs/records that provide evidence of sequence of
activities
User Security
87. 87
▪ Identification
▪ Identifying who you are
▪ Usually done by user IDs or some other unique codes
▪ Authentication
▪ Confirming that you truly are who you identify
▪ Usually done by keys, PIN, passwords or biometrics
▪ Authorization
▪ Specifying/verifying how much you have access
▪ Determined based on system owner’s policy & system
configurations
▪ “Principle of Least Privilege”
User Security
94. 94
▪ Most common reason for security bugs is invalid
programming assumptions that attackers will look for
▪ Weak input checking
▪ Buffer overflow
▪ Integer overflow
▪ Race condition (Time of Check / Time of Use
vulnerabilities)
▪ Running programs in new environments
Software Security
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
95. 95
▪ Defense in Depth
▪ Multiple layers of security defense are placed throughout
a system to provide redundancy in the event a security
control fails
▪ Secure the weakest link
▪ Promote privacy
▪ Trust no one
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
http://en.wikipedia.org/wiki/Defense_in_depth_(computing)
96. 96
▪ Modular design
▪ Check error conditions on return values
▪ Validate inputs (whitelist vs. blacklist)
▪ Avoid infinite loops, memory leaks
▪ Check for integer overflows
▪ Language/library choices
▪ Development processes
Secure Software Best Practices
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271