Pioneering Secure On-line Patient Records management and collaboration between doctors' clinics and hospital using secure Internet Transmission (The Yingzheng project)

To study the feasibility of sharing medical records and patient information between private doctors' offices and private hospitals through secure Internet connections, the Hong Kong Medical Association and the Canossa Hospital (Caritas) started the YingZheng project in July 2004. The scheme cost 2 million dollars and was partially funded by the Government through the Professional Services Development Assistance Scheme (PSDAS).

The code name 'Yingzheng' referred to the Emperor Chin (Yingzheng), the first emperor in China. YingZheng united China and ended the 'Warring Period'. He built the Long Wall and unified writing and measurements throughout China. He also set up mail expressways with a series of mail stations throughout the country for messengers to transport the mails by horses (the earliest form of information superhighway). It is of interest to note that the Cheung Shan Temple in Fanling was a mail station in the southern end of the Imperial Expressway. We hope that through our project, the medical information can be spread along the Internet (like the Emperor's expressway) using a set of standards common among the medical profession (like Emperor's common writing and measurement).

In this project, doctors will be able to view patient's medical records immediately at their private offices using secure Internet transmission. The project aims at:

  1. Increasing competitiveness of the medical profession by improving the accuracy of medical records and efficient retrieval and usage of medical records.
  2. Enhancing the professional standard of the medical profession by the designing and using of a secure on-line medical record management system.
  3. A user-friendly system design and application with involvement of doctors from the beginning in close collaboration and organized efforts with IT specialists and hospital.

Patient's medical records are very critical for doctors to establish their diagnosis. With detailed and on-hand patient's medical records, doctors can make appropriate medical decision efficiently. However, patients' in-hospital medical records are being kept in hospitals while outpatient records are kept in doctors' clinics. If a private doctor wants to get a patient's hospital record, he needs to request them from the hospital. It may take days to have the patient's medical records being delivered from the hospital to the doctor's hands. In some cases, the information delay may cause problems in the patient management.

In the beginning of the project, a survey was conducted to study how the members of the Hong Kong Medical Association handled patient's medical records and their offices' information & technology level and to enquire their interest in joining the pilot. The survey results showed that 80 doctors shown interest in this project and 19 doctors were selected for the pilot. In addition, a framework was developed for the pilot implementation. Research was conducted on the method of implementation, patient data privacy and technology. After finishing the survey and framework, the pilot was conducted at Canossa Hospital (Caritas). An Internet platform and appropriate information technology system is set up at Canossa Hospital to store and transfer patient's medical records. With reference to the analysis of the survey, the appropriate software was set up at the clinics of those participating doctors.

Since patient medical records are classified as confidential information, security was a critical issue in storing and transferring patient's medical records between hospitals and doctors' offices. In order to address this issue, training was organized to enhance the knowledge of private practice doctors and implementation staff from Canossa Hospital on Internet security, encryption, VPN and technology purchase consideration, etc. As security is concerned, all clients are authenticated with a 2-factor method, namely "Password" and another real-time dynamically generated OTP ("One Time Password") from the SMS server. Users needed to use their mobile phone to receive the OTP. All data were enciphered and transported with a strong 128-bit encryption in a SSL tunnel through the Internet. All data were presented as read-only. Since no data would be uploaded by the clients to the server, the complexity of the security standard of the system was greatly minimized.

The key training during this implementation was the authentication system. It was cost-effective as compared with other high-level authentication system. It was found that the efficiency of this authentication protocol was greatly related to the service level of the telecommunication network too. The system was scalable, secure & robust. By using advanced IT Technology, it is totally feasible to transport patient medical information securely & efficiently through the Internet.

With the Internet platform and system being set up at Canossa Hospital, the information technology staff of Canossa Hospital was responsible to maintain the daily operation of the system. In addition, they installed and set up the system at the offices of private-practice doctors. The information technology staff also conducted regular assessment at doctors' office. In order to equip these information technology staff with the ability and knowledge to achieve the above tasks, training was provided to the information technology staff of Canossa Hospital by the vendor / consultants.

In order to speed up private-practice doctors' access to patients' medical records, ASL was selected and assigned to provide an end-to-end Internet access security solution, which covered system design, implementation and maintenance services. The final set up for the servers are 1 Authentication server, 1 SSL-VPN appliance, 1 database server & 1 Web server. The computer language used is Microsoft ASP.NET. Major application areas are accessing and transferring of Patient's discharge summary, OT records, Progress notes, Lab reports, X-ray reports, and Drug administration records

To enhance the security level of the network system, a SSL VPN appliance was deployed to provide a secure remote access solution which was integrated with iSprint AccessMatrix One-Time-Password (OTP) system to provide second-factor authentication. When clinic doctors accessed the hospital's patient information system, other than the system username and password, they were required to provide an additional one-time-password which was sent by the OTP system to doctors' mobile phone via SMS to complete the authentication. With this secured system, there was no need for the physical delivery of patients' records between clinics and hospital while enhancing the patients' information confidentiality. This enabled doctors to make fast and accurate diagnosis for patients.

The pilot doctor participants (private hospitals) enjoyed the system very much. Current normal login is around 147, emergency login was 8, and a total of 812 records had been accessed from May 2005 to Jan 2006. They did not have to call the Record Office of the hospital and wait for the hospital staff to fax the patient's record any more. They were able to access the patient's data immediately from the desktop PC in their clinics. Only minimal support and training will be needed to use the system. All of the 19 pilot doctors did not have much difficulty in using the system.

This project was successfully concluded in May, 2006. Would like to thank all the participating doctors, all the staff of the Canossa Hospital, the Hong Kong Medical Association Secretariat and the Hong Kong Productivity Council for their support. We are also grateful for the generous financial support from the Government PSDAS.

Dr Ho Chung Ping
Steering Committee

Hospital Workstation

Private Clinic