A Model for the Governance of Federated Healthcare Information Systems

Modern healthcare is characterized by the increasing tendency for the health care records of a single patient to be dispersed throughout a complex network of health care providers. And some, or all, of such records, pertaining to a given patient, may have to be transfered to a provider to facilitate the treatment of this patient. Such transfer needs to be done quickly, because delays may adversely impacts the quality and cost of healthcare; and may, in some cases be a matter of life or death. But fast electronic transfer presents serious danger to the privacy and integrity of these records. This raises the need for governance, that is, for the formulation and enforcement of the societal policies and laws pertaining to the exchange of electronic healthcare records between the members of the often large and heterogeneous networks of healthcare providers. This paper introduces a reference model for such governance, which has the following characteristics, among others: (a) decentralized, and thus scalable, enforcement mechanism; (b) seamless and secure interoperation between health care providers operating under different policies, and under different administrative domains; (c) support for the naturally hierarchical organization of the policies that govern the exchange of health care records; (d) the ability to change policies while the system governed by them continues to operate.