GeneRic HeAlth Network Information Technology for the Enterprise (GRHANITE™) : The CONDUIT™ Program : The University of Melbourne

GeneRic HeAlth Network Information Technology for the Enterprise (GRHANITE™)

GRHANITE™ is the technology underpinning CONDUIT™. It is the generic data extraction tool that enables CONDUIT™ to be a secure central personal (but de-identified) information repository.

GRHANITE™

manages security and patient consent in hospitals and general practices.
extracts data from hospital clinics or practices automatically.

Unique feature
NO patient-identifiable information is extracted ie. NO name, NO address, NO Medicare ID. Patients’ records are encrypted (as below) to prevent identification.
```
cDOpy28aFAKyaqDdq5xo+OhmxGlOMGYNTyJ1qf+TSHZhC974lkxaixZSdTNGp5ne8UZPKF2mz0X
gw3QuSWaadwvKlYkKQ7bmFOPnpjnSHkM=
```

uses advanced record linkage techniques to link d-identified data in a deterministic manner for clinical information sharing, or using a mix of deterministic and probabilistic techniques where linkage criteria for research can be more flexible.
builds on the advanced record linkage techniques to enable secure information flow between secondary services (eg. hospital) and primary services (eg. general practice) and vice-versa for clinical, research and audit purposes.

Each clinical site (for example, a hospital or general practice) runs a ‘GRHANITE™ Consent Server’ application that allows authorized users across the clinical site to manage informed consent for their patients from their desktop PCs.

The consent application allows users to set or deny consent for the audit, research and/or clinical use of data.
The consent software supports both opt-in and opt-out consent models.
The software has the potential to interact with clinic databases flagging any consent requirement immediately and automatically when a patient record is opened.

Once consent has been granted, the application will automatically download in a de-identified manner any changes to a patient record to the central GRHANITE™ data repository.

Once the data arrives at the central repository, it is analysed and where appropriate, extracted into anonymised datasets for research.
The data can also be used for clinical information sharing. E.g. If a patient has given consent, their general practice record can be made available on demand to hospital clinics, A&E and vice-versa. See below for further details on how this is secured.

GRHANITE™ technologies have the following key attributes:

Patient Consent

Patient consent is crucial to the ethical use of patient data whether this is for research or clinical purposes. GRHANITE™ complies with all state and national legislation in providing mechanisms for obtaining informed consent. No data leaves a practice or hospital without consent being obtained.

Security

All GRHANITE™ communications are encrypted and secured using digital certification technologies and the latest recommended international encryption techniques. Unique digital computer fingerprints are generated for each computer utilizing GRHANITE™ software preventing access from unauthorized computers. User security and access rights are managed locally either by clinic or organization-wide administrators with overall site access rights controlled centrally.

Confidentiality

The GRHANITE™ software extracts data in a de-identified manner. It uses non-reversible encryption of patient identifiers (SHA256) and techniques to guard against ‘dictionary attack’ to ensure the confidentiality of the patient is inviolate. This de-identification is carried-out before any information leaves the clinical site. Example actual patient identifiers that have been through this de-identification process are shown below:

Patient 1

6njw5VaL973MPpryjdgXFjCsDl8MSKH/wfGxqiR34VzdwF65mqv/vnHGWcOtWnIQ6yd8XB5wEJMKEyAwIdwx7gxBvLYaZk9rcIWW1HUc4Zk=

Patient 2

QOJIbyTCHp61COTLjkhzA/ib/9U0dzXTK7Uya5dzbVBtEufluALPxQWUHW94rAmHtSYLl6DE6eoh7vZIf1nZ1Og7Pcp7tro+KX+30IV4g2E=

Record Linkage

GRHANITE™ uses different combinations of patient identifiers, phonetic matching techniques and frequency distribution tables to carefully analyse the characteristics of individuals and to determine the probability of different records belonging to the same individual. Two levels of certainty are permitted - a highly deterministic match where matching accuracy is imperative, and a more flexible linkage method for the purposes of research. The CONDUIT team are working with BIO21:Molecular Medicine Informatics Model (MMIM) to continually refine the efficacy of the linkage techniques.

Audit

All activities performed by GRHANITE™ users are logged for the purposes of audit.

The following figure shows the architecture of the GRHANITE™ software platform

image of the architecture of GRHANITE software platform

Current GRHANITE™ status, 17 May 2007

The core GRHANITE™ technologies have now been developed with the extraction of data for the purposes of audit and research now at a pilot phase. This pilot involves three general practices using Medical Director V3 and Practix V1.3 and a hospital diabetes clinic. The pilot aims to ensure the robustness of the model to ensure its appropriateness for wide-scale roll-out. A clinical information sharing demonstrator web site supporting diabetes shared care is about to commence development. Strategic partnerships are being developed to ensure we have the capability to quickly expand the programming team, help desk and implementation capabilities on demand. The pilot will be extended across North-East Victoria at the earliest opportunity.