Next Article in Journal
A Novel Single Tube Semi-Active Tuned Liquid Gas Damper for Suppressing Horizontal Vibrations of Tower-like Structures
Next Article in Special Issue
MedicalForms: Integrated Management of Semantics for Electronic Health Record Systems and Research Platforms
Previous Article in Journal
A Current Sharing State Estimation Method of Redundant Switched-Mode Power Supply Based on LSTM Neural Network
Previous Article in Special Issue
Toward a Symbolic AI Approach to the WHO/ACSM Physical Activity & Sedentary Behavior Guidelines
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 12
Issue 7
10.3390/app12073304
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Ensuring the Long-Term Preservation of and Access to the Italian Federated Electronic Health Record

by
Maria Teresa Guaglianone
*,
Giovanna Aracri
,
Maria Teresa Chiaravalloti
,
Elena Cardillo
,
Camillo Francesco Arena
,
Elisa Sorrentino
and
Anna Federica Spagnuolo
Institute of Informatics and Telematics, National Research Council, 87036 Rende, Italy
*
Author to whom correspondence should be addressed.
Appl. Sci. 2022, 12(7), 3304; https://doi.org/10.3390/app12073304
Submission received: 5 February 2022 / Revised: 10 March 2022 / Accepted: 22 March 2022 / Published: 24 March 2022
(This article belongs to the Special Issue Semantic Interoperability and Applications in Healthcare)
Browse Figures
Versions Notes

Abstract

:

Featured Application

The results of this work will be included in a Technical Annex to the Agency for Digital Italy’s Guidelines for the creation, management and preservation of digital documents, which will include management and long-term preservation conditions, specifically focused on the Italian Federated EHR (called the FSE) and its documents.

Abstract

The Italian Electronic Health Record (called the FSE) is based on a federated architectural model and involves various types of health data and documents deriving from public and private health stakeholders. Clinical documents are stored in repositories and indexed in a central regional index (registry) according to a defined metadata schema. The FSE repositories can be distributed in the regional network or centralized at the regional level, or regions can use subsidiarity services offered by the National Infrastructure for the regional FSEs Interoperability. In this scenario, this study addresses the open issue of the FSE documents’ long-term preservation and access over time, since the responsibility of their preservation is distributed among different stakeholders. As a consequence, the process traceability is necessary to ensure that a document indexed in an FSE is accessible over time, regardless of the document local discard policies applied for legal fulfilments. The results of this study show that the enhancement of metadata use could support the management and long-term preservation of the FSE documents. Addressing this issue is, finally, fundamental to guarantee the correct tracing and access to the clinical path of a patient and to ensure the efficiency of the entire care setting.

1. Introduction

The Italian federated Electronic Health Record, called the Fascicolo Sanitario Elettronico (hereafter FSE), is a pillar within the initiatives relevant to the accomplishment of Digital Health [1]. It provides a consistent information base that is useful for the entire healthcare pathway to improve the cooperation among different healthcare professionals. Patients also have the possibility to access, trace, and consult their healthcare history and to share it, anytime and anywhere all over the country, with healthcare professionals, who have constant access to a clear and complete view of the patient’s health conditions and can, therefore, ensure an effective and efficient care service, especially in emergency situations.
The first Italian regulations for the FSE were the guidelines issued by the Italian Data Protection Authority in 2009 [2], which mainly addressed the management of patient data privacy. Subsequently, in 2012, the Legislative Decree n. 179 urged Italian regions and autonomous provinces to establish and implement regional FSE systems, highlighting the need to ensure interregional interoperability services. In 2015, the Prime Minister Decree n. 178 intervened specifically on the matter by regulating the FSE legislation with an annex focused on the technical requirements, i.e., document formats, clinical coding systems usage, etc. Recently, the Decree Law n. 34/2020 [3] enhanced the FSE functions and scope, in relation to the clinical data and document types and the plethora of healthcare subjects who can feed it, as well as introducing the patient’s explicit consensus for FSE activation and indexing of medical records produced before the Decree itself.
In this context, the Agency for Digital Italy (AgID) and the Italian National Research Council (CNR), cooperating with expertise from the Ministry of Health and the Ministry of Economics and Finance, defined a series of technical specification documents to address interoperability services [4].
The national federated and interoperable infrastructure applied to FSE [5,6,7], as mentioned, aims to facilitate access to healthcare data and documents for both healthcare providers and patients and so to improve diagnostic and therapeutic care pathways. It is built to allow the management and sharing of clinical documents among the different regional FSE systems through the National Infrastructure for the regional FSE Interoperability (INI). Its architecture is based on a network of registries, one per region, and repositories, which can be centralized or distributed within a region (e.g., located in the healthcare facilities or hospitals). FSE registries index metadata of the clinical documents in order to be an assured reference for finding and retrieving them; FSE repositories physically collect documents that are available for access and consultation.
All the advantages that FSE offers are feasible if the documents, and the information they contain, are updated, accessible and available over time. Moreover, it is fundamental for the FSE system to ensure access to legally valid, reliable documents, which are also enforceable towards third parties, guaranteed by the application of the reference legislation. Within the Italian normative framework, all these requirements can be achieved if the document is inserted in a long-term preservation system, arranged by document producers in compliance with the principles of the Italian national guidelines for the creation, management and preservation of digital documents, edited by AgID (hereafter Guidelines) [8]. The producers ensure that no modifications have been made to the original document during the custodianship, and for them digital preservation is both a practical necessity and a legal obligation [9]. Long-term preservation represents the final step of the document management process and it is closely influenced by the accuracy of the prior steps regarding document creation and management. The document migration, in a preservation system according to the Guidelines, ensures its immutability and integrity by means of specific metadata as well as its authenticity, reliability, readability and availability, regardless of how it was created. Metadata is the key element to achieve these objectives, describing the document and its content and supporting interoperability between document management and preservation systems.
The FSE gathers copies and/or duplicates with different probative value against the original documents, which are instead preserved by healthcare facilities that produce them [10]. Considering this, it is necessary to organize processes and implement strategies for maintaining long-term access to legally valid FSE documents and timely information retrieval.
The goal is to underline the importance of reinforcing the use of metadata to improve document description. Its main task regards document formal correctness and consistency, guarantee of authenticity, together with efficient information retrieval. In this way, documents provided by producers will be compliant to the Integrating Healthcare Enterprise (IHE) recommendations and to the national regulatory framework. Therefore, this work proposes a method to ensure the long-term preservation of and access to the FSE and its documents which mainly focuses on the enhanced use of the current metadata schema provided by the Affinity Domain (AD) Italy [11], in order to maintain the validity of FSE documents throughout their lifecycle.
The paper is organized as follows. Section 2 provides a background on the FSE infrastructure and describes the literature related to clinical document long-term preservation. Section 3 reports materials and methods of the work, firstly highlighting the importance of metadata for document management and long-term preservation throughout the workflow processes along the document lifecycle, analyzing the Italian normative framework and the specific needs to address the issue of long-term preservation of FSE; subsequently, proposing the enhanced use of metadata schema for FSE document long-term preservation and access, paying particular attention to registry preservation; finally, particular attention is paid to registry preservation. The results are presented in Section 4 by evidencing how proper use of metadata schema has positive implications on the long-term preservation of and access to legally valid FSE documents. Finally, in Section 5, discussions and conclusions are provided, highlighting the advantages and weaknesses deriving from the application of proposed method, and explaining a working hypothesis about future research directions.

2. Background

The approach presented in this paper is quite different from other existing works about long-term preservation of electronic health records, since it does not deal only with technological aspects such as in [12], but it addresses normative requirements that make documents valid over time, trying to meet the FSE infrastructure characteristics and requirements. For this reason, in the following paragraphs, we present a detailed description of the FSE infrastructure and a literature review about long-term preservation of clinical documents.

2.1. The FSE Infrastructure

The need to create a national federated EHR infrastructure in Italy derives from the autonomy in healthcare matters that Italian regions have, which has allowed them, over time, to create their own EHR systems, which need to be maintained (considering the effort for their implementation and their consolidated use at a regional level) and to make them interoperable. The FSE architecture is based on a federated model, which focuses on the cooperation of local nodes. Specifically, it is based on a system of systems approach, where each regional system has to expose a set of specific services, which provide all the functionalities needed to manage, search, and consult data and documents regarding the patient and produced by different healthcare facilities. This national architectural model aims at enabling interoperability among different regional systems and allowing the exchange of clinical data and documents among them, thanks to the already mentioned INI (Figure 1). In this scenario, the first need is permitting users to locate clinical information that can be distributed on all national territory, i.e., patients’ clinical documents and data can be archived in different information systems of different regions. This makes the retrieval task quite problematic. The simplest solution would have been to query all the regional registries, but it would lead to an all-time high in search, which could be fatal for the whole system. Therefore, the chosen approach for FSE lies in the identification, in each regional domain, of a node in charge of managing all the meta-information about a patient. Specifically, the region in which the patient resides (RDA) is liable to manage meta-information associated with his/her clinical documents, even if they are produced in another regional domain. Thus, in order to consult a document located outside a regional domain, it is first necessary to identify such a region and then to interrogate its regional system for locating the specific healthcare facility in which the document is stored.
This solution is peculiar to the Italian context so its success could be determined only if evaluated in that frame; nonetheless, it could be also considered in the light of the recent study by Fennelly et al. [13] which reviews EHR implementations across different healthcare contexts, by evidencing key factors which impact on their success.

2.2. State of the Art about Clinical Document Long-Term Preservation

Data and information long-term preservation is a critical issue in the healthcare and clinical research domains. Even though long-term preservation is not usually perceived as associated with interoperability [14], its accomplishment also requires the application of suitable solutions able to achieve both technical and semantic interoperability over time. To improve information sharing and communication, several advanced standards such as XML-based data encoding rules, Health level 7 (HL7) and Digital Imaging and Communications in Medicine (DICOM) have been developed. In this section, we are going to refer to some initiatives that deal with how clinical data and information should be preserved, considering that in FSE, the objects to be preserved are mainly documents rather than data, although recently this trend is gradually inverting. The European project ENSURE (Enabling kNowledge Sustainability, Usability and Recovery for Economic Value) (https://cordis.europa.eu/project/id/270000, accessed on 9 March 2022) presents a semantic approach to data long-term accessibility and integrity of health care, clinical trial and financial data [15], by exploiting the advantages deriving from the combination of the conceptual framework of the Open Archival Information System (OAIS) (http://www.oais.info/, accessed on 9 March 2022) model and of the ontology modeling. Indeed, guaranteeing long-term access and preservation is one of the strands of this project. The aim is to enhance workflow management and, therefore, long-term preservation, by considering regulatory compliance and obsolescence factors. The methodology proposed by ENSURE represents a valid reference for our work because, as in FSE, it leverages metadata description to ensure authenticity and integrity over time. In ref. [16] is also underlined the role of OAIS, since it allows us to define responsibilities and functions typical of a system aimed at the data preservation, retrieval and access. In this study, the focus is on the lifecycle of biomedical data generated from research, potentially useful for further and future needs. Therefore, a relevant implicit constraint is on which data need to be preserved and for how long. The importance of following a data-driven approach by focusing on data type, on the responsibility and on the fragmented technical systems adopted, is recalled by [17]. This perspective is partially feasible for FSE, because it mainly collects documents about a patient’s clinical history; so far, it has been treated as a document collection (except for the registry) with limited opportunities for data processing and information extraction presently.
Similarly to FSE, other initiatives favored the use of standardized EHRs to achieve semantic interoperability, but differently from our approach, adopted the openEHR standard for experimentation purposes. This standard gives consistent indications regarding data storage and archetype-based patient information retrieval, but its application to the FSE setting and thus for its long-term preservation has not been considered since, as stated above, FSE mainly contains clinical documents and their aggregation, which, in addition to being retrieved, need to maintain their authenticity in the long-term. See Sachdeva et al. [18] and Frade et al. [19] for storage implementation of standard-based EHR data and a survey of openEHR storage implementation, respectively.
It is important to distinguish between digital preservation, which consists of the policies, actions and strategies performed on content over time to ensure accurate rendering despite media failures and technological change [20], and long-term preservation intended, for the purpose of this paper and according to the Italian Digital Administration Code (CAD), as the capacity to ensure quality, consistency and protection of the document probative value over time. Actually, the existence of a long-term preservation regulation in Italy (specifically by articles 44 and 45 of the CAD) is itself the guarantee of the authenticity of the preserved documents. This prevents the need to use to solutions such as a Cumulatively Notarized Signature, as illustrated by Lekkas and Gritzalis [21,22,23] for the secure validation of an EHR for long periods. Our work is also focused on the important role played by metadata in managing the long-term preservation of clinical documents, considered both as single items and as aggregated in the EHR. Similarly, Kiefer et al. [14] presented an ontology-driven approach to digital preservation and related metadata management, which ensures flexibility in future data retrieval needs by exploiting the full expressive power of the ontologies. Specifically, the data objects in their metadata model are represented in terms of an integrated set of formal ontologies.

3. Materials and Methods

Management and preservation systems’ functionalities rely on metadata to work and to be achieved [24]. The high-quality use of metadata allows for meeting this need and can ensure long-term preservation of and access [25] over time to the FSE documents, by fostering communication between the regional FSE and producers’ management and preservation systems. The systematic metadata registration during the entire document lifecycle, together with the correct workflow execution, guarantees that documents maintain integrity and authenticity [20], since it ensures the content is not corrupted over time. Therefore, information management and preservation systems are built and founded on metadata, whose correct use is critical to maintain and preserve electronic healthcare records [26]. Different metadata types support different aspects of digital preservation and allow for performing many repository tasks that are considered key functions of trusted repositories (e.g., document integrity and authenticity tasks, preservation tasks, etc.). Each task relates to a particular repository function supported by more than one kind of metadata.
Analyzing the current framework for long-term preservation of and access to the FSE document and stakeholders’ roles in document management and preservation allows one to focus on the main issues of the entire process and so to propose a method to enhance the use of the FSE document metadata. Particular attention is paid to registry preservation, whereby a specific reflection is dedicated to this topic in the last part of this section.

3.1. Framework for Long-Term Preservation of and Access to the FSE Documents

Regardless of the type of FSE architectural model chosen among those possible [27], the document producer is expected to send the document high-level metadata to the FSE system of the RDA, in order to facilitate their indexing in the regional registry and their subsequent retrieval in the repositories where documents are stored. The registry is able to give the view of the document aggregation given by the FSE and is, therefore, a key element as it contains the metadata associated with all the indexed documents, regardless of where they are stored (RDA; region in which the patient receives health services—RDE; region which contains the patient’s clinical document—RCD). Metadata include information about where the document can be retrieved and the attributes that allow its classification and application of filter rules during the document search. This process is also valid in the scenario in which the regions are in a subsidiarity regime [28] (pp. 10–12).
Considering the articulated distribution of roles and responsibilities within the architectural model of the FSE, it is necessary to think about its preservation, given the need to keep the data and documents therein indexed accessible and visible over time.
As mentioned, original documents are created and stored by the health facility that produced them, in accordance with law provisions, while their duplicates, which are considered “working copies” [29] (p. 4), are sent to the FSE repository of the RDA or RDE, depending, respectively, on whether the health facility is located in the patient’s region of assistance or in another region, where they are available for consultation and retrieval via INI [30]. This means that the FSE system has as a reference for its duplicates the original documents preserved according to law, guaranteeing all the mentioned characteristics of authenticity, integrity, reliability, readability, and availability [30]. Nonetheless, it also implies that this interdependence is subjected to the selection and discard policies applied by the producer, which retains the responsibility for its document long-term preservation [27]. In this context, the FSE is likewise responsible for keeping track of the patient’s clinical history for the entire duration of his or her life and for a specific post-mortem period, not yet defined by regulations. So the availability of both the original documents and their duplicates should be ensured in accordance with the FSE activity period. This perspective makes the FSE case more specific than the general long-term preservation of administrative documents as defined by the CAD [30]. Therefore, specific guidelines are needed in order to regulate the metadata usage and the operational procedures for long-term preservation from both sides, document producers and the FSE repositories, because of their interdependence, aiming at ensuring quality, consistency and protection of the document probative value. In this regard, Rothenberg [31] discusses and states the importance of considering authenticity as a prerequisite to define what it is called “meaningful preservation”, which implies the usability of the preserved resource, arising from the maintenance of its authenticity and validity, since the aim of preservation is realized if it continues to allow retrieval of and access to authentic and valid digital materials. Without maintaining these characteristics, it means a resource has not been preserved at all. As mentioned, preserving authentic information is also the exigency related to the access to the FSE documents, discussed in this paper, since authenticity impacts on preservation in terms of their usability, intended as the capability to serve the same purpose as the original. Therefore, the focus is not only on the possibility to preserve and access to FSE’s documents over time, but also on the capability to consent the access to documents whose authenticity and reliability are ensured by their faithful correspondence to an original digitally preserved by producers in their own preservation systems. Several works address the issue of authenticity management in long-time preservation of information systems, evaluating and proposing solutions in different environments and fields of application [22,32,33].

3.2. Enhanced Use of Metadata Schema for FSE Document Long-Term Preservation and Access

In this subsection, a conceptual and methodological description of the enhanced use of metadata to support the FSE long-term preservation process is presented, by highlighting its interaction with the FSE document management phase, since the two moments cannot be subordinated to each other. Regarding this, Xie et al. state that “digital preservation needs to be ongoing with activities integrated into all phases of creating, managing, and storing information” and “digital objects are inherently more vulnerable than analog materials and require immediate attention from the point of creation” [34].
Currently, each clinical document indexed in the FSE is furnished with a set of metadata, both mandatory and optional, as required by the aforementioned Guidelines (e.g., IdDoc, Document Type, Object, Role, FormatID, DocVersion, Preservation Time, etc.). In this context, metadata plays a fundamental role as it can give evidence of the link between the duplicated document indexed in the FSE and its original preserved by the healthcare facility who produced it. Because of this, the original document needs to be persistent thus guaranteeing its visibility and accessibility, as well as its probative value, over the FSE active period (and for a certain number of years after the patient’s death). This means it cannot undergo the conventional discard policies established by the health facility’s long-term preservation service, but it needs to be in some way connected to the FSE validity. The information about the document indexing in the FSE registry is reported through a specific indexing metadata provided by the AD Italy [11], which is the unique identifier of the document instance within the RDA registry and which must be assigned by the RDA during the document indexing. Therefore, in this process, the healthcare facility establishes, on one hand, which of its documents, in relation to their function, can be discarded over time, in compliance with the legislation that protects cultural heritage, and, on the other hand, which of them require unlimited preservation. The documents which have their duplicate indexed in the FSE need to be flagged as such, through the use of a specific metadata, and preserved as long as the patient’s FSE is active. Correspondingly, when the duplicate is sent to the FSE repository, the preservation metadata [11] should be assigned, in order to certify that the duplicate corresponds to an original document preserved according to the law by the healthcare facility that produced it. From this point of view, to assign a value to this metadata is of fundamental importance as it allows us to consider the document indexed in the FSE legally valid even if the validity of the digital signature certificates have expired, since the existence of the original document in the producer’s long-term preservation system also guarantees the validity of its duplicate [28]. The value assignment of this metadata should take place after the original document submission to the long-term preservation system, to ensure an accurate and consistent transmission and/or updating of the indexing metadata. The use of the preservation metadata is crucial to face the long-term preservation of and access to FSE documents. It is already part of the metadata schema defined in the AD Italy, but in fact its usage is infrequent and consequently its importance is largely underestimated, since it contributes to guarantee the original document preservation; the authenticity of digital resources over time; the document relationships between original documents and duplicates; and the decision-making in the preservation process [35] (e.g., decisions about the time of preservation of each document).
The processes of assigning a value to metadata, concerning document indexing in RDA registry and document submission to healthcare facility long-term preservation systems, fall within the scope of the metadata communication flows envisaged by the FSE infrastructure [28]. They refer to the communication flows of new metadata, in the case of creation of a new document, and of document updating, in the case of updating metadata of an already indexed document. In Section 4, the flow charts describing these processes are presented as results.

3.3. Registry Preservation

Since the registry plays a central role within the FSE system, as it constitutes evidence of the virtual document aggregation, its preservation is fundamental to certifying the content of the patient’s FSE and the RDA is responsible for it. As regards the preservation, it could be assimilated for analogous purposes to the protocol register, which is sent daily to the preservation system, in accordance with the Guidelines [8] (p. 21).
However, in order to not make this process too burdensome for the RDA, we assume that the registry could be transmitted to the preservation system periodically with a frequency to be defined on the basis of assessments of its sustainability. This solution aims to mediate between the need for economic and infrastructural sustainability and the exigency to preserve this key element of the FSE in compliance with all legal requirements, benefiting from all the resulting guarantees. Regarding the format in which the registry can be preserved, since it is a dynamic object, it is possible to evaluate solutions such as the eXtensible Markup Language (XML) format rendered in human-readable format (e.g., PDF) or the creation of CSV packages of atomic data, in accordance with the indications set out in Annex 2 of the Guidelines, “File formats and transfer”.
In the scenario in which the regions make use of the subsidiarity services provided by INI, similarly to what happens in Italy for the management of vaccinations against SARS-CoV-2 through the national platform, the region or autonomous province, as the controller of the FSE management and preservation processes, maintain the ownership, while INI, managing all the functions of the FSE registry and repository as well as the security measures, is the Data Processor pursuant to art. 28 of Regulation (EU) 2016/679. Therefore, INI, in carrying out functions in place of the region in subsidiarity, should also be responsible for the long-term preservation of the registry and any documents produced at the FSE regional level. Nonetheless, if a scenario in which INI is demanded to centralize the long-term preservation were to be created, it would imply that INI would have both the role of controller and processor of this task.

4. Results

The main result of the present study coincides with the formalization of the efficient and enhanced use of the indexing and preservation metadata in the FSE registry, which allows for guaranteeing the correct document workflows and long-term access to reliable resources, even if different stakeholders are involved. The two proposed flows relate to the metadata communication: (i) in case of creation of a new document, and (ii) in case of metadata updating of an already indexed document. They can further differ depending on whether the document is about a patient in its RDA or in RDE. These flow charts, regarding the description and modeling of activities and related areas of expertise, are a simplified version of the metadata communication flows, which are part of the services offered by the INI [28].
In the following flow charts, the process step in which the registration of indexing and preservation metadata should be performed to correctly play its role is highlighted. In particular, the metadata communication process regarding the creation of a new document for a patient of the RDA (Figure 2), involves the RDA, the INI and the National Register of Assisted (hereafter ANA), and it starts with the request by a health professional, through the regional system, sent to INI, which carries out the validation of the patient. In this case, in addition to the indexing metadata, the preservation metadata can also be registered during the metadata communication about a new document task, if the document submission to the preservation system of the healthcare facility and its indexing in the FSE registry are contextually performed, whereas if the submission of the document to the preservation system is subsequent to its indexing in the FSE, the preservation metadata registration should be performed within the metadata communication regarding document updating for the patients in the RDA (Figure 3).
In the case of a patient in the RDE, within the metadata communication process on the creation of a new document, the RDE communicates to the RDA, through the INI, the metadata to index the document in the RDA registry (Figure 4). It starts with a request sent by the RDE to the INI, which requests the ANA to validate the patient and to identify his/her RDA. The INI communicates the new document metadata to be included in the registry to the RDA. Finally, the RDA returns to the INI the outcome of the insertion of the metadata of the new document in the FSE of the patient, which is notified to the RDE.
As in the process in the RDA, in the metadata communication process regarding a new document for a patient of the RDE, in addition to the indexing metadata, the preservation metadata is registered during the metadata communication regarding the new document task, if the document submission to the preservation system of the healthcare facility and its indexing in the FSE registry are performed in the same step. Conversely, if the document submission to the preservation system is performed after its indexing in the FSE, the preservation metadata is registered during the metadata communication regarding document updating for a patient in the RDE process (Figure 5).
The flows could be further integrated or revised after a survey with the stakeholders, which will be the next step of the study.
At the current stage of the research, the following outcomes can be highlighted: (i) the possibility of guaranteeing authenticity, integrity, reliability, readability, availability of the FSE documents over time, as required by the Guidelines; (ii) a non-impacting solution on the current FSE regional systems. This also means avoiding an additional effort for the regions in terms of investment of professional and economic resources.

5. Discussion and Conclusions

Within the present study, the methodological approach to long-term preservation provided by the Guidelines is maintained. They, in fact, have a legally binding nature and erga omnes validity, they provide the strategy for developing the management and preservation framework and, at the same time, they allow for making an enriched and enhanced use of metadata. The Guidelines clearly identify which are the requirements to be satisfied for guaranteeing the effective preservation process, in order to be sustainable for the National Health System and for all the actors involved in the entire document management process, from the creation to the long-term preservation.
This study intends to bridge the gap between the substantial legislation on digital preservation and the lack of operational guidance showing a proper use of metadata. As seen, it allows for achieving long-term preservation for and access to the FSE, guaranteeing the coherent and consistent information retrieval of reliable documents which are part of the FSE.
The proper use of the analyzed metadata, for expressing if the document belongs to a specific FSE and for attesting its storage in a long-term preservation system, can guarantee: (i) the persistence of the accessibility of the FSE; (ii) the maintenance of the probative value of the documents accessible through the FSE systems, thanks to the long-term preservation of the corresponding original documents; (iii) the validity of the document accessible through the FSE systems beyond the time limits of validity of the digital signature, since its storage in the producer’s long-term preservation systems and the presence of the related metadata within the registry, ensure that the duplicate accessible via FSE continues to be a valid document; and (iv) the improvement of interoperability between FSE repositories and producer preservation systems. Regarding the latter, it is well recognized that the use of standards, in general (and the standard metadata application), are an opportunity to specifically ensure the semantic interoperability accomplishment.
Finally, the added value of the proposed solution is to (i) ensure the access to legally valid, reliable and as well as enforceable towards third parties documents; (ii) exploit the existing metadata schema, by not involving further technical and economic efforts for the FSE systems; and (iii) not require the duplication of the long-term preservation of the FSE documents, in compliance with the current regulation on the subject, which states that the FSE must be established by preferring solutions that do not generate a duplication of health information in a new database [2].
An interesting subject to address in the future concerns the analysis of possible solutions about what happens to the FSE preservation and access after the patient’s death, for which a normative reference is still under discussion. In this case, it is possible to fundamentally hypothesize three implementation scenarios for the management and preservation of the FSE registry and repository:
  • Patient’s data and documents remain online in both registry and repository: this solution allows them to be accessed promptly, even if the need for emergency access is no longer necessary. In the long-term this solution becomes onerous for FSE systems;
  • Only the patient’s data in the registry remain online: this allows us to promptly identify the documents of interest, but it will take time for the recovery of the document stored by the producer. This solution is less burdensome for the FSE system, which can remove the duplicated documents of the deceased patient from the regional FSE repository/ies, as the main reference becomes the original document preserved by the healthcare facility that produced it;
  • Patient’s data and documents are no longer available online: this means that in order to identify the documents of interest, one can consult the latest version preserved in the registry before the patient’s death, in order to recover the document references necessary for its retrieval in the producer’s preservation system.
Regardless of what the law will establish regarding the scenario after the patient’s death, the access policies to FSE should remain the same as defined through the consent.
A further topic which deserves a separate discussion is properly referable to documents expressing the patient’s consent to consult and access their documents. In fact, with regard to these documents, the responsibility of their preservation lies with INI, which manages these data and documents in the FSE and their storage. Therefore, INI should have the responsibility for the long-term preservation of consent and opposition documents, following the same.
The proposed method follows a top-down approach. This aspect is a strength of the study, since it is based on a consistent regulatory framework and technical specifications, which intend to harmonize the heterogeneous realities of implementation and use of the FSE in Italy. However, the results of the survey that will be carried out with the stakeholders may require changes and/or updates to the proposed method.

Author Contributions

Conceptualization, M.T.G., G.A., M.T.C., E.C., C.F.A., E.S. and A.F.S.; methodology, M.T.G. and G.A.; investigation, M.T.G., E.S. and G.A.; writing—original draft, M.T.G. and G.A.; writing—review and editing, M.T.G., G.A., M.T.C. and E.C. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by the Agency of Digital Italy-National Research Council Agreement, Grant Agreement number 0008729, of the 27/04/2018. The APC was funded by the Institute of Informatics and Telematics of the National Research Council.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Conflicts of Interest

The authors declare that they have no competing interests.

References

  1. The Electronic Health Record (EHR). Available online: https://www.fascicolosanitario.gov.it/en/the-electronic-health-record-EHR (accessed on 4 February 2022).
  2. Italian Data Protection Authority. Guidelines on the Electronic Health Record and the Health File—16 July 2009. Available online: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1672821 (accessed on 4 February 2022).
  3. Decree-Law n. 34, 19 May 2020. Misure Urgenti in Materia di Salute, Sostegno al Lavoro e All’economia, Nonchè di Politiche Sociali Connesse All’emergenza Epidemiologica da COVID-19. Available online: https://www.gazzettaufficiale.it/eli/id/2020/05/19/20G00052/sg (accessed on 4 February 2022).
  4. EHR’s Interoperability. Available online: https://www.fascicolosanitario.gov.it/en/EHRs-Interoperability (accessed on 4 February 2022).
  5. De Pietro, G.; Ciampi, M. L’interoperabilta del Fse:il progetto OpeinFSE. E Health Care Innov. E Tecnol. Sanità Elettron. 2011, 3, 8–14. [Google Scholar]
  6. Ciampi, M.; De Pietro, G.; Esposito, C.; Sicuranza, M.; Donzelli, P. On federating Health Information Systems. In Proceedings of the International Conference on Green and Ubiquitous Technology, Bandung, Indonesia, 30 June–1 July 2012; pp. 139–143. [Google Scholar] [CrossRef]
  7. Chiaravalloti, M.T.; Ciampi, M.; Pasceri, E.; Sicuranza, M.; De Pietro, G.; Guarasci, R. A model for realizing interoperable EHR systems in Italy. In Proceedings of the 15th International HL7 Interoperability Conference, Prague, Czech Republic, 9–11 February 2015; pp. 13–22. [Google Scholar]
  8. Agency for Digital Italy, Linee Guida Sulla Formazione, Gestione e Conservazione dei Documenti Informatici. Available online: https://www.agid.gov.it/sites/default/files/repository_files/linee_guida_sul_documento_informatico.pdf (accessed on 4 February 2022).
  9. Pigliapoco, S. La conservazione digitale in Italia. Riflessioni su modelli, criteri e soluzioni. JLIS. It 2019, 10, 1–11. [Google Scholar] [CrossRef]
  10. De Giovanni, E.; Flesca, S.; Folino, A.; Guarasci, R.; Sorrentino, E. Digital document copies and duplicates. In Proceedings of the Fifth International Conference on Digital Information Processing and Communications, Sierre, Switzerland, 7–9 October 2015; pp. 282–287. [Google Scholar] [CrossRef]
  11. Specifiche Tecniche per L’interoperabilità tra i Sistemi Regionali di FSE: Affinity Domain Italia v.2.2. Available online: https://www.fascicolosanitario.gov.it/it/Affinity_Domain_Italia (accessed on 4 February 2022).
  12. France, F.H.; Beguin, C.; van Breugel, R.; Piret, C. Long term preservation of electronic health records. Recommendations in a large teaching hospital in Belgium. Stud. Health Technol. Inform. 2000, 77, 632–636. [Google Scholar] [CrossRef] [PubMed]
  13. Fennelly, O.; Cunningham, C.; Grogan, L.; Cronin, H.; O’Shea, C.; Roche, M.; Lawlor, F.; O’Hare, N. Successfully implementing a national electronic health record: A rapid umbrella review. Int. J. Med. Inform. 2020, 144, 1–17. [Google Scholar] [CrossRef]
  14. Kiefer, S.; Schäfer, M.; Rauch, J. A semantic approach for digital long-term preservation of electronic health documents. Stud. Health Technol. Inform. 2012, 180, 265–269. [Google Scholar] [PubMed]
  15. Braud, M.; Edelstein, O.; Rauch, J.; Rabinovici-Cohen, S.; Voets, D.; Sanya, I.; Randers, F.; Droppert, A.; Klecha, M. ENSURE: Long term digital preservation of Health Care, Clinical Trial and Financial data. In Proceedings of the 10th International Conference on Preservation of Digital Objects (iPRES), Lisbon, Portugal, 3−5 September 2013; pp. 118–127. Available online: https://phaidra.univie.ac.at/open/o:378037 (accessed on 4 February 2022).
  16. Navale, V.; McAuliffe, M. Long-term preservation of biomedical research data. F1000Research 2018, 7, 1353. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  17. Corn, M. Archiving the phenome: Clinical records deserve long-term preservation. J. Am. Med. Inform. Assoc. 2009, 16, 1–6. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  18. Sachdeva, S.; Batra, D.; Batra, S. Storage Efficient Implementation of Standardized Electronic Health Records Data. In Proceedings of the IEEE International Conference on Bioinformatics and Biomedicine (BIBM), 16–19 December 2020; pp. 2062–2065. [Google Scholar] [CrossRef]
  19. Frade, S.; Freire, S.M.; Sundvall, E.; Patriarca-Almeida, J.H.; Cruz-Correia, R. Survey of openEHR storage implementations. In Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, Porto, Portugal, 20–22 June 2013; pp. 303–307. [Google Scholar] [CrossRef]
  20. Delaney, B.; de Jong, A. Media archives and digital preservation: Overcoming cultural barriers. New Rev. Inf. Netw. 2015, 20, 73–89. [Google Scholar] [CrossRef]
  21. Lekkas, D.; Gritzalis, D. Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 2007, 76, 442–448. [Google Scholar] [CrossRef] [PubMed]
  22. Vigil, M.; Cabarcas, D.; Buchmann, J.; Huang, J. Assessing trust in the long-term protection of documents. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Split, Croatia, 7–10 July 2013; pp. 185–191. [Google Scholar] [CrossRef]
  23. Custódio, R.F.; Vigil, M.A.G.; Romani, J.; Pereira, F.C.; da Silva Fraga, J. Optimized certificates—A new proposal for efficient electronic document signature validation. In Proceedings of the European Public Key Infrastructure, Trondheim, Norway, 16–17 June 2008; pp. 49–59. [Google Scholar]
  24. Riley, J. Understanding Metadata: What is Metadata, and What is it For? 3rd ed.; National Information Standards Organization (NISO): Baltimore, MD, USA, 2017; Available online: https://digital.library.unt.edu/ark:/67531/metadc990983/m2/1/high_res_d/understanding_metadata.pdf (accessed on 4 February 2022).
  25. Woodyard, D. Metadata and preservation. Inf. Serv. Use 2002, 22, 121–125. [Google Scholar]
  26. American Health Information Management Association, Rules for Handling and Maintaining Metadata in the HER. J. AHIMA 2013, 84, 50–54. Available online: https://library.ahima.org/doc?oid=106378#.Yfz0c-rMK5d (accessed on 4 February 2022).
  27. Agency for Digital Italy, Linee Guida per la Presentazione dei Piani di Progetto Regionali per il FSE. Available online: https://www.fascicolosanitario.gov.it/it/Linee-guida-per-la-presentazione-dei-piani-di-progetto-regionali-per-il-FSE (accessed on 4 February 2022).
  28. Agency for Digital Italy. Circolare AgID n. 4/2017 del 1° agosto 2017 “Documento di progetto dell’Infrastruttura Nazionale per l’Interoperabilità dei Fascicoli Sanitari Elettronici (art. 12—comma 15-ter—D.L. 179/2012). Available online: https://www.agid.gov.it/sites/default/files/repository_files/circolari/04_-_agid_circ_n._04_-_01_ago_2017.pdf (accessed on 4 February 2022).
  29. Sorrentino, E.; Guaglianone, M.T.; Cardillo, E.; Chiaravalloti, M.T.; Spagnuolo, A.F.; Cavarretta, G.A. La conservazione dei documenti che alimentano il Fascicolo Sanitario Elettronico. Riv. Ital. Inform. Dirit. 2020, 2, 35–42. [Google Scholar] [CrossRef]
  30. Legislative Decree n. 82, 7 March 2005. Digital Administration Code (CAD); President of the Italian Republic: Rome, Italy, 2005.
  31. Rothenberg, J. Preserving Authentic Digital Information. Available online: https://www.clir.org/pubs/reports/pub92/rothenberg/ (accessed on 4 February 2022).
  32. Doyle, J.; Viktor, H.L.; Paquet, E. Long Term Digital Preservation—Preserving Authenticity and Usability of 3D Data. Int. J. Digit. Libr. 2008, 10, 33–47. [Google Scholar] [CrossRef]
  33. Factor, M.; Henis, E.; Naor, D.; Rabinovici-Cohen, S.; Reshef, P.; Ronen, S.; Michetti, G.; Guercio, M. Authenticity and Provenance in Long Term Digital Preservation: Modeling and Implementation in Preservation Aware Storage. In Proceedings of the First workshop on on Theory and practice of provenance, San Francisco, CA, USA, 23 February 2009; pp. 1–10. [Google Scholar]
  34. Xie, I.; Matusiak, K. Digital preservation. In Discover Digital Libraries; Elsevier: Amsterdam, The Netherlands, 2015; pp. 264–279. Available online: https://www.yumpu.com/en/document/read/59884137/iris-xie-krystyna-matusiak-discover-digital-libraries-theory-and-practice-elsevier-2016/264 (accessed on 4 February 2022).
  35. Otto, J.J. Administrative metadata for long-term preservation and management of resources. Libr. Resour. Tech. Serv. 2014, 58, 4–32. [Google Scholar] [CrossRef] [Green Version]
Applsci 12 03304 g001 550
Figure 1. FSE architectural framework and interoperability services.
Figure 1. FSE architectural framework and interoperability services.
Applsci 12 03304 g001
Applsci 12 03304 g002 550
Figure 2. Metadata communication process about the creation of a new document for a patient in the RDA.
Figure 2. Metadata communication process about the creation of a new document for a patient in the RDA.
Applsci 12 03304 g002
Applsci 12 03304 g003 550
Figure 3. Metadata communication about document updating for a patient in the RDA.
Figure 3. Metadata communication about document updating for a patient in the RDA.
Applsci 12 03304 g003
Applsci 12 03304 g004 550
Figure 4. Metadata communication process on the creation of a new document for a patient in the RDE.
Figure 4. Metadata communication process on the creation of a new document for a patient in the RDE.
Applsci 12 03304 g004
Applsci 12 03304 g005 550
Figure 5. Metadata communication about document updating for a patient in the RDE.
Figure 5. Metadata communication about document updating for a patient in the RDE.
Applsci 12 03304 g005
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Guaglianone, M.T.; Aracri, G.; Chiaravalloti, M.T.; Cardillo, E.; Arena, C.F.; Sorrentino, E.; Spagnuolo, A.F. Ensuring the Long-Term Preservation of and Access to the Italian Federated Electronic Health Record. Appl. Sci. 2022, 12, 3304. https://doi.org/10.3390/app12073304

AMA Style

Guaglianone MT, Aracri G, Chiaravalloti MT, Cardillo E, Arena CF, Sorrentino E, Spagnuolo AF. Ensuring the Long-Term Preservation of and Access to the Italian Federated Electronic Health Record. Applied Sciences. 2022; 12(7):3304. https://doi.org/10.3390/app12073304

Chicago/Turabian Style

Guaglianone, Maria Teresa, Giovanna Aracri, Maria Teresa Chiaravalloti, Elena Cardillo, Camillo Francesco Arena, Elisa Sorrentino, and Anna Federica Spagnuolo. 2022. "Ensuring the Long-Term Preservation of and Access to the Italian Federated Electronic Health Record" Applied Sciences 12, no. 7: 3304. https://doi.org/10.3390/app12073304

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop