The e-health system in Estonia, called the Estonian nationwide Health Information System (EHIS) has been operational since the end of 2008. The main success factors for the e-health system in Estonia are clear governance, legal clarity, a mature ecosystem, agreement about access rights, and standardization of medical data and data exchange rules. We present a short history, outline the general business and technical architecture and discuss the lessons learned.
There are 1.3 million citizens in Estonia and every citizen and every resident has a unique ID-number. In Estonia, 88% of households have a broadband connection (2015), 82% of households use a mobile Internet connection (2016), 96% of income tax declarations are made via the e-tax board (2016), 32% of votes were cast over the Internet (2017), and 99% of bank transfers are carried out electronically. The NATO Cooperative Cyber Defense Centre is in Estonia and Skype, Transferwise and Taxify have been developed there.
The healthcare system in Estonia is based on health insurance, paid by employers. Healthcare providers in Estonia can be private, municipal or governmental. Most hospitals are publicly owned, and most general practitioners are private entrepreneurs. Healthcare costs make up to 6% of the GDP (9.5% in the OECD area). The e-health system in Estonia, called Estonian nationwide Health Information System (EHIS), has been operational since the end of 2008. EHIS, by containing the health data of every Estonian resident virtually from birth to death, integrates di erent healthcare databases and services and makes it possible to access medical data, prescriptions and medical images online in a secure and trusted way. The goal of the Estonian e-health system is to develop patient-friendly, e cient and high-quality healthcare services. In addition, it aims to make time-critical medical information accessible for physicians and to decrease the level of bureaucracy in the daily routine of physicians.
The three main layers of the EHIS are the data layer, the data transfer layer and the application layer. The data layer consists of the data repositories for storing the medical documents and images. The data transfer layer provides a secure Internet-based infrastructure for data exchange both for citizens and healthcare providers. The developing and open-ended application layer is to provide services for di erent parties (citizens, healthcare providers, government authorities, policy makers, etc.) according to their demands now and in the future. Ten years of experience has shown that both the citizens and healthcare professionals, as well as politicians and government authorities, have accepted the e-health system.
In Sect. 2, we present a short history of the e-health system in Estonia. Next, in Sect. 3, we describe the services and the architecture of the Estonian e-health system. In Sect. 4 we present the e-state infrastructure, including the security and legal infrastructure, that is used in the e-health system. Finally, in Sect. 5 we conclude by discussing some lessons learned from the Estonian e-health system operation. 2
The story of the Estonian e-health system states back to the rst years of independence of Estonia and is closely related to the activities and in uence of the rst Prime Minister, Mr. Mart Laar, and his team. Mr. Laar served as Prime Minister of Estonia from 1992-1994 and 1999-2002. In those years, information technology was seen as an opportunity to develop the economy and politics in Estonia { a small and developing country. Firm foundations were built for many of the initiatives that today form the e-state of Estonia3, including e-banking, e-health, e-documents [1{4], e-school, e-taxation, e-voting, etc.
As Estonia lacked legacy software at that time, and information technology was underdeveloped in the Soviet period, the utilization and deployment of information technology began to evolve rapidly during the rst years of independence. Society believed in information technology and started using information technology in all domains, including healthcare. Fig. 1 illustrates the history of the e-health system in Estonia. Between 1990 and 2000, hospitals, general practitioners and other health providers started developing their own information systems and introducing the use of electronic health records. Several small and medium sized software companies, focusing on the development of healthcare systems, were founded at that time. In the same decade, the informal planning and the rst ideas of the development of a nationwide e-health system were initiated.
The active preparation of the Estonian e-health project by the government authorities and proponents of e-health system took place between 2003 and 2005, however some important events took place earlier. In 2001, the digital invoicing
preparation (2003-2005) eHealth
2008
HIS 2000 2003 2006 2010 2015
system for electronic transfer of reimbursement claims, called Estonian Health Insurance Fund (EHIF), was launched. In 2002, all pharmacies were obliged by law to transmit the prescription information for reimbursement to the EHIF electronically. Over 75% of healthcare providers and 45% of all pharmacies had signed data transmission contracts. In 2005 all the reimbursement claims and prescription data in Estonia were submitted electronically.
The foundation for EHIS was established in 2005, when the Ministry of Social A airs launched a concept for the e-health system. This concept postulated four main projects, i.e., electronic health records, digital images, digital registration and digital prescription. Soon after that, the o cial body for the development of EHIS, called the e-Health Foundation, was established. The e-Health Foundation was responsible for the development, nancing and management of the the system. EHIS was funded by the EU (e 1,196,206) and Estonia (e 398,735) and was launched at the end of 2008.
EHIS continues to develop and add new functionalities and services. Eprescription, digital stamps, a driver's license health certi cate application, drugdrug interaction services and e-registration are examples of such e-services. Today, EHIS is operated and developed by TEHIK4, a government-owned private company. The system contains the health records of all the residents in Estonia and more than 10,000 healthcare professionals use the system on a daily basis5. In September 2017, the actual number of medical documents in the system was more than 30 million.
Although Estonia has about 1.32 million citizens, EHIS contains health information for 1.54 million people. Overall, 14 di erent medical document types are in use, covering more than 17 million out-patient case summaries, around 2 million stationary case summaries, and more than 8 million di erent medical
5 https://e-estonia.com/e-health-estonian-digital-solutions-for-europe/ Patient queries per month
Healthcare professional queries per month
Documents per month
2500000
2000000
1500000
1000000
500000
0
diagnostic examination reports, including radiology reports and laboratory
results [
EHIS is not a big centralized database but a federated system of mutually
independent yet integrated healthcare-related software services [
The most widely implemented e-health project in Estonia is a nationwide health information exchange platform, which is called the nationwide Electronic Health Record (EHR) system. The EHR platform, which is based on widely accepted international standards such HL7 CDA (HL7 Clinical Document Architecture)6, DICOM (Digital Imaging and Communications in Medicine)7, LOINC (Logical Observation Identi ers Names and Codes)8, etc., enables exchange of digital health documents in a standardized way. The EHR project began the ongoing standardization of digital health data artifacts in Estonia. By the beginning of 2017, a number of 1,163 healthcare institutions were sending and
retrieving medical data using the EHR platform. The average number of queries was close to 50,000 queries per day. It is important to note that all medical data entered is digitally signed either by the physicians or healthcare institutions. Digital signing is also discussed in Sect. 4.
The other widely used healthcare service provided by EHIS is e-prescription.
Physicians upload prescriptions, in electronic form, to the prescription center
database, from where any pharmacist can request currently valid or previously
dispensed prescriptions. The e-prescription system, that has been launched at
the beginning of 2010, was very quickly accepted by all parties and today
approximately 99% of medical prescriptions in Estonia are issued electronically.
For more information about the e-prescription experience in Estonia, see [
The Picture Archiving and Communication System (PACS) is for sharing medical images between health institutions. Today all radiology facilities in Estonia have the duty to send, achieve and retrieve radiology images using the central PACS. Radiologists and all referring physicians have web-based access to PACS once they have signed the necessary contract with the Estonian Health Image Archive Foundation, the responsible authority of PACS.
S E IICN sceend FEDM treen ii YCNO igdnoC frsenom EAG -C ld TEA -aH T S
LTEECRRBAAADHHO li-trrrscvaaeeehpdoH lilf-trsssaaeehpnooH iii-tsssscgeenpnhDm . n o itc .SR ifrn .c
a IILSTTYEERAG il.rcyaadoM il.trsscEeubo UQ I.rVH Tu cen a C
R E T S I G E R N O I LTP A U O P
R E T S I G E R S S E N I S U
B DRIVING LICENCE HEALTH CERTIFICATE
APPLICATION 2015 PATIENT PORTAL 2009
S L ISTPAO 2009 H
S R O T LYCDO 2090 I M A F
ISC rya RAAM Ja0un PH 201
SSER reb
m UN te
p L e O S O 0 SCH 201
E C I V R LEC S A I YEDM 1420 C N E G R E M
E
SFINX
Drug-drug Interaction database
2016 PRESCRIPTION
CENTRE 2010 January Secure data exchange layer provided by the state
X-Road, ID-card, mobile-ID, State IS Service Register
X-ROAD GATEWAY
SERVICE 2009 PHARMACIES AND FAMILY DOCTORS 2009
NATION-WIDE
HEALTH
INFORMATION EXCHANGE PLATFORM 2008 December
EHIS also hosts many central registers and databases such as of hospitals, family doctors (general practitioners), pharmacies, school nurses, medicine interactions, and di erent quality registers (cancer, HIV, tuberculosis, etc.). Furthermore, it utilizes several nationwide registers such as the population and the business register.
One of the crucial parts of EHIS is the patient portal [8{11]. Using the patient portal, the user can: log in with ID card or mobile ID; view and update personal data and add contact data of close relatives; view his/her medical data from healthcare providers; view electronic referral letters and electronic prescriptions; add representatives for him/herself for actions such as collecting e-prescriptions; make declarations of intent (e.g. donation of organs); access health insurance data; hide sensitive health data from doctors and representatives; complete a health declaration form before an appointment; view the log of who has accessed his/her data.
Feedback from the healthcare providers' and the Estonian e-Health Foundation's helpdesks shows that, when patients do not have access to their health data (for example during system upgrade), they immediately contact the helpdesk. They are periodically interested in their data and want to view their test results before appointments. This information supports the idea that making health data easily accessible to patients will encourage them to take a more active role in monitoring their health. 4
EHIS is not a separate system but an integrated part of the Estonian e-state
system used by the public and the private sector. The e-state system, by
secure data exchange and authentication methods, provides a mature ecosystem
for the e-services in Estonia. E-banking, e-school, e-taxation, e-voting and other
e-services are all using this ecosystem. The most important parts of this
ecosystem are the X-Road [12{14] (governmental service bus) and the e-identity [
Since 2002, in Estonia, every resident has had a digital identity. This identity is based on the unique identi er (personal ID number), digital certi cation organizations (police, certi cation center), and physical security devices like smart card (ID card), mobile SIM card (mobile ID) and smart ID. The digital identity has two functions: authentication and digital signature. The digital signature is available also for companies in the form of digital stamping.
Besides X-Road and e-identity, the important infrastructure for e-health is a legal environment initiated by the Estonian government and implemented by the Parliament. The rst idea was to create separate legislation for the e-health system. However, due to the natural relationship between the e-health system and the healthcare system, and also due to the desire to direct healthcare professionals to accept and to use the e-health system, the relevant legislation was made part of the healthcare legislation.
The Health Services Organization Act, which regulates the healthcare service provision, was extended by a new chapter for EHIS. This chapter lays down the responsibilities of patients, health service providers, and provides requirements for document standards, etc. For example, all healthcare providers must send certain health data to EHIS. The set of documents is de ned by the law. The Act also states that access to patient data is available only to licensed medical professionals, legal representatives or patients trustees. In the Estonian e-health system, the concept of the attending doctor has been introduced. This means that the physician or a nurse must prove the treatment relation to the patient, when accessing the patient's data in EHIS. The Act also states (and this is realized in the patient portal), that the patient has the right to hide their data so that healthcare professionals are no longer able to view them. This could be done either by hiding a single document or by hiding all their personal data in EHIS. All attempts to view healthcare data in EHIS are monitored by the government authorities and reported to the patients in the patient portal. In case of suspicions of unlawful access to the data, necessary actions are taken immediately. According to the Act, the ethical committee was created to lead the discussions on patients rights and to select the proper system for the EHIS. Citizens can access their own data, declare intentions and preferences, and monitor logs. 5
The Estonian e-health system is unique as it is nationwide, integrates de ned healthcare data of all healthcare providers and provides an overview of the health condition of every resident from birth to death. Such a comprehensive data system requires a robust security system. The security of the Estonian e-health system is ensured by the following six techniques:
A secure authentication and authorization of all users with ID card, mobile ID or smart ID; Digital signing (by individuals) or digital stamping (by institutions) of all medical documents; Accountability and transparency provided by an untamperable and unremovable secure log (audit trail) containing all actions; Coding of personal data ensures separation of personal data from medical data; Encrypted database records allow a minimal con dentiality risk from the technical administrators of the system; Monitoring of all actions together with the corresponding countermeasures (both organizational and technical) allows identi cation of fraud and misuse quickly and de nitely.
Huge change management issues that digitalization brings to healthcare is always a challenge. The observations and di culties that were related to the Estonian e-health system were (and are) as follows:
Physicians and other professionals must change the way they ll out medical les to some extent { the trend is towards more uniform language; Semantic interoperability of medical data is hard to achieve; Data quality and secondary usage of data is still challenging; General acceptance of hospital personnel to share medical data in patient portal with patient is problematic; Much attention must be paid to the security and electronic authentication of the users; User interface development must not be underestimated; Medical data is not what people are looking for { they are interested in services.
As an example, related to the last claim in the list above, e-health
services that are crossing institutional and/or sectoral borders such as e-referral,
e-consultation, e-prescription or lling in health declarations for a driving
license application are the most popular services among the users. These types of
services make healthcare processes more e ective and save time for both
healthcare professionals and individuals. The exchange of data and digital documents
between institutions also puts high demands for data quality [
The aim of the Estonian e-health system was to develop a platform for health information exchange. However the solution had to provide some tangible services as well. During the rst phase of the system, the scope to provide certain standardization and applications for most valuable documents and data was set, including outpatient summary notes, inpatient discharge letters, demographics, time-critical health data reports, and diagnostic image references.
Even though Estonia is considered an IT-mature society, it is important to understand that, similar to other European countries, Estonian society has members whose computer skills do not allow them to use e-services comfortably. This means that the digital society ecosystem should be accompanied by activities to educate society members and to decrease the digital divide. New e-services must not replace ordinary services but should complement them to make processes more e cient and a ordable for the whole society. This is the leading concept in the implementation of EHIS in Estonia, meaning that patients still have the right and the opportunity to receive services in conventional ways.