*By Adilson Cavati
Opening the doors to the Open world was only possible thanks to interoperability, which is nothing more than the ability of a system to communicate transparently with other systems. Currently, the safest and most efficient way to ensure this integration is through APIs (programming interfaces responsible for allowing this exchange of information to occur securely).
Until companies in the banking sector adapted to Open Banking, there were many challenges in relation to the LGPD (General Law for the Protection of Personal Data), but, with the advancement of technologies and with the experience gained in the process, organizations were able to correctly follow the regulations. and ensure the security of user information. In order to ensure the protection of its patients' health data and prevent problems such as data leakage, Open Health will also have its activities guided by the LGPD.
Personal data, whether financial or health, will be secure and can only be shared with the consent of the client or patient. The main pillar of the Open concept is to give the user autonomy in relation to their personal information, leaving only the patient to decide with whom he wants to share his data, also having the option and the right to interrupt the sharing whenever he wants.
Open Health security and regulation
The construction of the Open Health journey is still under development and, unlike the banking sector, which has Bacen (Central Bank) as the only regulatory body, in the health chain there are several actors who make decisions about the progress of regulations, such as the Ministry of Health, ANVISA, ANS, among others. To ensure that all data present in the open health ecosystem is protected, the bodies involved in the process are aligning themselves to plan security measures and protocols that health companies must follow to participate in the ecosystem, as is happening with Open Finance .
It is also worth mentioning that there are storage platforms, such as blockchain, that help in this process of interoperating data. In blockchain, for example, information transactions are validated by the data owner through a consensus mechanism, preventing data modification without prior authorization through smart contracts. Storage methods using blockchain technology allow patients to access their comprehensive and immutable health records without major complications, which minimizes the risk of data leakage and ensures the confidentiality of sharing between patients and healthcare institutions. health.
In addition to the health actors who take this process forward, the country's socioeconomic and political situation also influence decision-making. To ensure the proper functioning of Open Health and the safety of patients, it is necessary to carefully study the scenario and implement the concept little by little. Putting open data into practice is challenging for the health area, mainly because information in this sector is extremely fragmented. The same patient has his data “spread out” across different systems, whether public or private.
One of Open Health's proposals to improve the situation of data fragmentation is the creation of a single electronic medical record for the patient. All of the user's health information will be available in it, from the first vaccines at the beginning of life to the most recent consultations and exams, all duly protected. With this medical record, the patient will have access to all data in an organized manner and doctors will be able to follow up on their entire health history.
Some countries already use electronic medical records models and work with the sharing of some data, but nothing as complete as the Open Health project. In Australia there is an electronic health record, known as “My Health Record” (MHR), which contains, in short, the clinical information of Australians who agreed to participate in the program, as the data is in the user's domain and can only be used with his consent. The MHR can be accessed for secondary use (research and randomized studies, clinical outcomes, planning, etc.) by organizations in the health chain, with the exception of insurance companies.
The United Kingdom also has a national database, called “the Spine”, which gathers the records of British patients and generates the “Summary Care Records” (SCR), a record that, like an Australian one, allows patients to have access to a summary of your health data. In the SCR, the user can also allow or not that the companies of the sector at the national level also access it for diagnostic decision support and other types of secondary research.
There is a government digitalization plan called Plano de Saúde Digital do Brasil 2020-2028, based on the use of the RNDS (National Health Data Network), which can be understood as a database managed by the Ministry of Health and by DATASUS ( technology arm of the Ministry of Health). The initial scope of the RNDS was that, immediately, all the health data of Brazilian citizens were in this database, regardless of whether they were public or private, but, due to the Brazilian health system being complex and one of the largest on the planet, the process of unification of this information becomes increasingly difficult.
The COVID-19 pandemic completely changed the scope of the RNDS, which required that the health data contained in it be specifically related to COVID-19 (exams, tests, vaccines, etc.). As the SUS is the body responsible for administering vaccines, most of the data in it are from the public system. It was from the RNDS that Brazilian citizens had access to the Conecta-SUS application, where COVID vaccination data are stored, integrated into the RNDS system.
The Professional Connect-SUS system, launched by the Ministry of Health on 07/01/2021, is an electronic medical record similar to that of Australia and the United Kingdom. It stores the patient's health data (medicines, hospitalizations, allergies, among others) and medical diagnoses, as well as the digital vaccination card. The information can be accessed using the user's CPF, which will receive a notification from the Conecta-SUS Cidadão application every time a professional accesses or uses their data. The National Health Data Network is the embryo of Open Health and it is expected that, in the coming years, all health data will be there.
Despite having its mandatory scope only for the public sector, the RNDS can also be used by private companies that want to put their data in it, it is already possible to see health operators, laboratories and pharmacies putting their information in this database. Even if some private institutions use the RNDS, this is still not a reality for the entire segment. Many organizations are still going through the process of restructuring their systems to get interoperability working within their own homes. When this reality is tangible for everyone, the integration with the public system will also be.
The API management systems are precisely related to the question of integration, from the moment that the data are operating in the same system, storing them in a single bank becomes a much easier task. For the time being, there is still no regulation that obliges all healthcare companies to place their data in the RNDS, but, as regulations advance, organizations will have to be prepared to participate in this ecosystem.
The opening of data is already a reality and will bring many benefits for both companies and patients, and organizations that realize the importance of this sharing and already start preparing for this change in the scenario will stand out in the market and be part of a secure and well-planned ecosystem that will completely revolutionize people's lives and the way health data is handled.
* Adilson Cavati is sales director at Sensedia
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
