The electronic health record (DMP): services for sharing documents between healthcare professionals
DMP | 19 Jul 2010
The DMP offers a set of services to healthcare professionals who have obtained authorization from the patient, which allows them to share health information about the patient in electronic form, in order to improve the quality of care.The services for document sharing between healthcare professionals are subject to access authorization rules over which the patient has control:
- Informed consent must be obtained from the patient in order for the DMP to be created;
- If granted, the patient's authorization is valid for one year and may be renewed – healthcare professionals are then able to access the patient's DMP, even in the patient's absence;
- However, the patient may prevent a healthcare professional from accessing the DMP either directly, via their web interface, or indirectly through another healthcare professional – usually their general practitioner.
- The DMP can be accessed by healthcare professionals via their "health professional" software package (as soon as it is compatible) or over the Internet via a browser. The first DMP-compatible software packages will be available in November 2010;
- To create, open or close their patient's DMP, supply it with information by adding in documents, or to view it, healthcare professionals are obliged to use their own personal health professional card (CPS) so that they can be identified and authenticated by the system;
- If the healthcare professionals work in a health institution and do not have their own personal CPS, they will still be able to create DMPs and supply them with information by using the authentication certificate of the health institution in which they work. This type of authentication requires the health institution to rigorously manage user identification;
- The DMP may also be created by admissions staff in health institutions when the patient is admitted, if that member of the admissions staff has been identified and authenticated by a health institution professional card (CPE) – otherwise they can use the institution's certificate which requires local identification;
- To create or access their patient's DMP, healthcare professionals must know the patient's national health identifier (INS); initially, this identifier will be calculated directly by the specialist software packages, using identity details extracted from the patient's insurance card (Carte Vitale); it can then be stored in these same software packages and, if necessary, be circulated within the health institution;
- Healthcare professionals may consult the documents contained in their patient's DMP, depending on the rights conferred to them by an authorization matrix. This matrix determines the types of document that can be accessed, according to the user's profession;
- In an emergency situation, any healthcare professional may, after authentication, access the patient's DMP in "break-glass" mode (i.e. without obtaining authorization from the patient). This person then notes the reason for taking this action in the DMP. However, this cannot be done if the patient's INS is unknown, meaning the professional must have access to the patient's Carte Vitale;
- Doctors working in medical dispatch center (emergency phone numbers 15 or 18) may also access the DMPs of the patients they treat; as they do not have access to the Carte Vitale, they have an INS search system which operates on the basis of the patient's identity details;
- However, neither of these access modes are permissible if the patient has previously expressed opposition to them within the DMP, either during its creation or at a later date.
The document sharing functionalities offered by the DMP to healthcare professionals are as follows:
- Creation of the DMP: any healthcare professional may create a DMP if requested to do so by their patient;
- Transfer of documents into the patient's DMP: healthcare professionals select the documents to be transferred using their specialist software package, sign the documents electronically (using their CPS or health institution server certificate) and ensure that they are entered into the DMP; the format of these documents complies with the interoperability framework defined by ASIP Santé; compliance is guaranteed by the use of DMP-compatible "health professional" software packages; some sensitive documents may be given "reserved access" status, which means that the patient will not be able to view those documents until they have had a discussion with the healthcare professional (declaration mechanism);
- Intervening in documents: at the patient's request, and not until the patient has been informed about the associated risks, a doctor may hide a document within the DMP; if documents are "hidden", this means that healthcare professionals (except the general practitioner and the author of the document) will not know that they even exist. In exceptional cases, the doctor may have a document deleted (right to erasure of data) by sending a request to that effect to the doctor authorized to access the data in the local DMP hosting system;
- Archiving documents: patients and healthcare professionals may archive documents that are no longer relevant; the idea is to make it easier to consult the DMP by setting to one side any documents that have become obsolete;
- Consulting the patient's DMP: healthcare professionals may search for, sort, select, consult and import documents that are pertinent to the job they are doing;
- Notification of an event: a healthcare professional may choose to be notified about particular documents when they are entered into the DMP by their colleagues (based on criteria such as the type of document, or by selecting documents relating to a specific patient);
- Ability to trace access and amendments to the patient's DMP: all healthcare professionals may trace their own access history; general practitioners may, at the patient's request, trace all amendments made by other healthcare professionals;
- Closing the DMP: healthcare professionals may close a patient's DMP at any time if asked to do so by that patient. It will then be archived for 10 years, during which time it can be reopened. At the end of this 10-year period, it will be permanently deleted. However, it can be permanently deleted immediately if the patient so wishes. In either case, it is deleted by the doctor authorized to access the data in the DMP hosting system.