In the UK, the National Specification for an Integrated Care Record Service proposes a major change to the way in which information systems are utilized within the health service. This change is

It should not be presumed that in order to achieve this vision that there is a requirement to remove those applications that currently reside within healthcare organizations and return to the unpopular HISS solutions of 90's.

It seems logical to look at the world of e-commerce that successfully carries out large complex electronic transactions in large volumes for possible solutions. In the world of banking, the majority of high street banks (and those with no high street presence) offer their customers a wide range of services electronically. Is this to say that they have thrown away the older applications and replaced them with new state of the art ones? Not at all! Indeed in many cases the information systems used within the banks and building societies remain the same. What they have done is to offer new ways in which the data and the functions that already exists can be accessed and used. It should also be noted that within such organizations they faced similar problems to the NHS in that they had implemented many different applications, which performed disparate functions.

We believe it is possible to provide this integrated view as a separate application layer that sits above existing applications within the healthcare arena, integrating both the data and functionality that these existing applications provide through a new combined user interface.
Similar ideas have been tried before, involving data repositories and integration engines. The model we use does neither. The tool that makes this possible by combining functionality in real-time from multiple disparate systems, is Web Services.

There are many definitions of what a Web Services is.
Gartner describes Web Services as

Forrester Research describe them as

A more comprehensive definition might be

Although Web Services use common, proven Internet standards and protocols (I.e. TCP/IP, HTTP, XML) this does NOT mean that confidential information will be broadcast unencrypted across the Internet.

Web Services are ideally suited to linking multiple disparate systems that are distributed over a potentially large geographical area. The use of web services within Health has already been proven within applications such as ESI (Express Systems Integration) Information from different data sources is being offered to the user in a single user interface. This offers significant benefit over other methods.
Firstly the data remains within the data source from which it was created. The security of that data is therefore managed within the source application and no duplication of data is required. No complicated and difficult to maintain interface is needed. The data is available in real time and the clinician can be sure it is the latest version of the data they are viewing. The data provider can be sure that they completely control access to the data as the source remains within their application.

By using this technology it has been proven that a single view of data not only from disparate applications but also from disparate organizations, is possible. By providing the data in this way it may also be possible to provide transactional updates across multiple systems regardless of the technologies underpinning the underlying applications.

Similar technology can be utilized which would allow the functionality that exists within the existing applications to be driven from another application. This means that it is possible to provide a comprehensive, context sensitive user interface layer on top of multiple applications that may be deployed across several organizations.
Consider a GP wishing to make Outpatient bookings from the surgery. Web services can be employed to enable the GP to search for clinics across multiple organizations and then to book an appointment in a selected clinic. Because the web services are exposing the actual business logic of the organization’s appointment booking system, these existing systems remain in control of the data and business rules. The host (E.g. hospital) remains in full control, managing who has access to what and when (although the ‘how’ is via a web service). Data integrity and confidentiality are not compromised as there are no other repositories to populate or ‘copies’ taken.

Security is one area of consideration that is often overlooked during integration. It should be noted that it is often employees rather than external ‘hackers’ who are responsible for the majority of security breaches in organisations.

Using industry standard technology much of which has already been pioneered in the financial sector, it is possible to ensure: -

1. User authentication using unique passwords or biometric devices (finger-print identification, retinal scans)
2. Possible Single Sign-on using tokens to pass session information between servers.
3. All data sent over the network is encrypted and can only be decrypted by the intended recipient using a Secure Sockets Layer (SSL)
4. Re-validation of users when committing/reading sensitive information - as required.
5. Very high levels of security with the implementation of a Public Key Infrastructure (PKI)

The following layered model shows the interaction between the client workstation and existing departmental/clinical systems using web services to communicate and software components (adaptors) to interface.