This is why it must be possible to verify the tolerability of medicines or approve requested cost reimbursements within a few seconds. Other technical applications, such as a reporting system for logging diagnoses, must be offered as services and be made available to all market players. To prevent the theft, abuse or manipulation of personal data, secure data storage conforming to privacy regulations must be assured in all operational phases and compliance with the various industry standards and regulatory requirements must be ensured. In addition, national legislation stipulates that sensitive data may only be processed and stored within the boundaries of the seven emirates (Abu Dhabi, Dubai and five others). The applications for processing, delivery and local storage of health data inside and outside the country, some of which date back for years, must now be consolidated with centralized processing and raised to a new level of maturity by a professionally structured operating organization. It goes without saying that the current IT service providers will be involved in fashioning the inHealth platform.
A Joint Venture as Platform Owner
This major challenge is being met by a phased definition and implementation process for the inHealth platform. The decisive market players in the UAE healthcare sector, consisting of the regulatory body (Health Authority of Abu Dhabi) on the one hand and the largest health insurance company (National Health Insurance Company – Daman) and a partner on the other, along with other suppliers and the operational service providers (such as hospitals, doctors, pharmacies, home care organizations, etc.), are fully behind the project. They play a key role in the organization of the legal form and operational implementation, or they define supervisory requirements and monitor governance and data security.
To assure relative independence and autonomy, a new company in the form of a joint venture of Daman and a leading TPA company is being formed. The sole purpose of this new company is to build, operate and further develop the inHealth platform. The regulatory body monitors and controls the process in accordance with the defined governance, data security and data access provisions, and demands corresponding reporting and audit privileges. The basic funding is provided by a one-time deposit by the industry partners. Operational expenses and further development will be financed by the company itself in stages over the years by means of a competitive and accepted range of services (basic lump sum and transaction-based service fees).
Technical Implementation and Company Organization
How will the inHealth platform be implemented and operated? As a starting point, an approach that allows the platform and its services to grow further in line with demand and needs has been chosen. Specifically, this means that in the first phase applications will be selected that provide high benefits and meet an urgent need for consolidated and standardized operation. The IT performance attributes of these applications, their known and forecast IT resources consumption for managing access, request processing cycles and system data, their data storage needs (such as short-term and long-term dynamic data) and the general service planning of the platform owner have a decisive impact on the dimensioning, procurement and configuration of the necessary servers, database components, storage components and backup/restore hardware components. The system architecture is based on a virtualization concept. It is designed to be data center independent in terms of physical structure and internet connection, and database synchronization is designed for high availability. Based on operational, security or political-related factors, among others, other locations in the UAE may be integrated into the system architecture according to demand in the later stages of the platform’s development.
Implementation of the security and data privacy requirements is a particularly challenging task. They must be strictly observed for the platform as well as for the applications and the company organization. Careful planning of the greenfield approach, which means building and introducing the entire platform from the ground up, and strict guidelines for the IT operators and the individual application providers ensure compliance with and implementation of the business and IT-related requirements of the regulatory body and the various industry standards (e.g. ISO 27001) and best practices (ITIL). A potential consequence of this is that an application presently running independently may no longer fulfill the inHealth security and compliance requirements and must be reworked by the supplier so that it can be approved and released for operation on the platform.
The agreed security concept encompasses not only the platform-related aspects, such as physical environment security, access security and others, but also the necessary operating staff’s tasks and the requirements on the platform operator’s office environment.
The platform operator implements the interests of the owner from an operational perspective. For example, the platform operator advises the application suppliers on the delivery and commissioning of new services. By strict application of the defined onboarding processes (integration, pre-production, production with acceptance milestones), the platform operator ensures the stabile and secure operation of the platform by means of suitable verification and test measures. In addition, proper reporting enables timely invoicing of the provided services by the platform owner. The business and legal responsibilities are assumed by the owner, for example by means of service level agreements. This ensures that the platform’s governance and quality assurance are implemented consistently at the platform level.
Evaluation and Outlook
The e-Government architecture distinguishes between production and distribution. The described example shows how industrial parties (market players, IT service providers) can be integrated into the production and distribution of e-Government services. On the one hand, the existence of the platform is indispensable for the commercial availability of standardized services (distribution). On the other hand, the regulatory body can enforce its interests by using the generated data for its own purposes and in turn using processed data as a basis for other services or healthcare activities (production). This is how, for example, the current national campaigns to combat diabetes or cardiovascular diseases were initiated.
Many goal achievement principles which are already defined in the Swiss e-Government strategy are confirmed in the UAE, such as performance and business process orientation, achieving savings from multiple use, universal access, focusing on prioritization, and supporting decision-makers. Transparency and engagement are important aspects which, over the long term, send an important message to the market and set standards. Since the initiative for the procurement of the inHealth platform comes from the Emirate of Abu Dhabi, the "innovation by federalism" principle will only be realized when services are supplied by the other emirates or the services are used jointly.
There are numerous ideas for developing this processing platform in the healthcare sector. For example, it could be linked to the Emirates ID card (carried by all persons residing in the UAE) or a personal electronic healthcare card or electronic patient file system. Other market players have also expressed interest in offering supplementary services on the platform. The level of interest and the expectations are both high. The owner and the regulatory body have already reached a clear agreement to focus on the key activities of data collection and processing, rather than succumbing to the temptations of a purely commercially oriented market platform.
The United Arab Emirates’ inHealth platform will be launched during the summer of 2014, after which it will be available for general use.