A Platform for Electronic Health Record Sharing in Environments with Scarce Resource Using Cloud Computing

— One of the main objectives of Electronic Health Record (EHR) is the transferability of patient data from one location to another. Many locations with scarce resources, particularly unreliable internet connectivity, face difficulties in accessing and sharing EHR data. This article presents our proposed design that utilizes Amazon Web Services (AWS) for a sharing mechanism platform among distributed healthcare organizations found in an environment with scarce resources. We proposed the use of database replication mechanism and REST (Representational State Transfer) web service to perform information exchange among health organizations and public health information systems.


Introduction
An emerging development of information technology (IT) has provided benefits for health care institutions to effectively collect and manage vast amount of patients' data in clinical settings including Electronic Health Record (EHR), medical image data, genetics data, and personal daily activities data [1]- [5]. Among all these data, EHR is the most comprehensive and important data source which can explain the patients' condition over time. EHR is the digital format of patients' medical record that can be shared with multiple health care organizations for clinical purposes [6]. One of the main objectives for an EHR implementation is the transferability of patient data from one location to another; this is especially crucial due to the multi-locale nature of data collection within the healthcare service environment. The realization of this objective requires the establishment of a public health information systems at a national level [7]- [9] with an information technology (IT) infrastructure capable of adapting to the unpredictable natures of data demand and computing power [10]- [12]. The IT infrastructure should also possess a support system for researchers performing data analyses, such as data mining and collection [13]- [17].
Cloud computing is a computational model with flexible scalability and a virtual system that can be rapidly managed with minimal effort through the Internet [18]- [21], allowing for cloud computing to provide ubiquitous access to resources relevant to healthcare management [22]- [24]. It also provides fast data management, secure data sharing, work-load reduction, and per-service payment. Cloud computing also has widespread availability due to its 99.95% guaranteed service availability or "uptime" [19]. This virtually ensures constant data and resources availability and accessibility.
Many locations involved in this study have scarce resources with unreliable Internet connectivity, complicating these facilities' need for EHR data access and sharing as well as data contribution towards the national, unified EHR system [25]- [28]. Therefore, the cloud computing technology is suitable in serving as the IT infrastructure for the public health information system. Its implementation can be achieved via database synchronization across different places. Symmetric DS is open-source software for database synchronization across networks within a heterogeneous environment [29]. It utilizes web and database technologies to duplicate tables between relational databases. This study presents a platform sharing mechanism among distributed healthcare organizations found in environments with scarce resource utilizing the Amazon Web Services cloud computing.

Symmetric DS
Symmetric DS is an open-source, multi-master database and file replication software with functionalities, such as filtered synchronization and transformation [29]. It supports the ability to handle a large number of nodes within a network with low-bandwidth connections and to withstand periods of the network outage. Data synchronization works using push or pull data on a regular basis. It uses standard web protocols (HTTP/HTTPS) for data exchange and supports a wide range of database platforms, such as MySQL, Oracle, SQL Server, SQL Server Azure, PostgreSQL, DB2, Informix, Interbase, Firebird, HSQLDB, H2, Apache Derby, Greenplum, and SQLite. This software is ideal for an organization that needs to synchronize many small databases across multiple locations into a single large database at a central location [30]. It can be installed as a standalone service, deployed as a web application, or embedded within a Java application.
In a Symmetric DS environment, each host that performs data synchronization between hosts across a network is referred to as a node. A node has an identity called an engine, which contains information about the node group ID, the external ID, and the database connection. http://www.i-joe.org The Node group ID is used to identify groupings of nodes. The external ID is a userdefined alphanumeric identifier that is used to determine data destination. For example, one node group ID named headquarter represents the headquarter database while another node group named local-office represents branch office databases located in various places; if there are two branch office databases, Symmetric DS can distinguish the two via their external IDs. This example is illustrated in Figure 1. The database connection is a set of configurations for building connections to a database. These configurations comprise a database Uniform Resource Locator (URL) string, a database user, and a database password.

Cloud computing
Cloud computing is a computational model with flexible scalability and a virtualized system that require minimal management effort over the Internet [19]. Google, Amazon, and Microsoft are market leaders in the cloud computing industry [19]. They offer new business models that allow customers to pay only for the services used, eliminating the need to create a large investment in infrastructure. Other benefits of using cloud computing for healthcare organizations is the ability to have an elastic storage and computing resources without the hassle of actively performing server configuration, application installments, and software upgrades [31]- [33]. Healthcare organizations also do not need to actively perform backups since the cloud employs a recovery mechanism from failure or disaster [34]- [36].
Cloud computing has three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The adoption of cloud computing within health care services provides an infrastructure for sharing and analyzing patient data. However, the implementation of EHR system within a cloud computing system poses several important challenges [8], [37], [38]: • Regulatory issue relates to the prevention of unauthorized access, privacy, and data confidentiality • Data jurisdiction issues relate to cloud computing's physical storages in multiple countries including data security, privacy, usage, and intellectual property • Network downtime relates to the need for any health care organization wishing to access data and resources in cloud computing to be online on the internet. Access to a patient's medical record is critical [38], [39], calling for a reliable Internet connection at all times.

Methods
In this study, our network architecture is composed of several clients and a single server. The client is defined as a local system that managed its own database and present in a single location. This local system could be a single computer, various mobile devices, or a small local area network of computers with a single database. A client could be hospitals, clinics, or ministry of health institutions. The server is an entity with its own database, located within the cloud computing system. This entity is defined as the virtual machine managed by the national healthcare organization. The servers would respond to the clients about any request for data synchronization through communications among the health institutions, as bridged by the middleware. Figure 2 depicts this network architecture. All connections from clients to the server must use the Hypertext Transport Protocol Secure (HTTPS) protocol.
In the cloud computing environment, there are two hosted applications. The first application maintains the synchronization between server and client while the second application maintained the EHR data through a web application, allowing users to retrieve data through web services.
The EHR data resided at the local Database Management System (DBMS) of each client and each server. The data were created by clients then synchronized to the server. To enable the import of medical records via a server's web service, each health institution must have an account for the authentication process to ensure that a particular health institution (a 'node') has permission to import a particular medical record. These accounts were generated by the server during the registration process and could request synchronization only with certain nodes.

Result
The methods described were implemented with the Amazon Web Services (AWS) as a public health information system simulation and three clients as hospital simulations. AWS performed as the server and managed incoming data while each client ran the web-based EHR system written in PHP. Symmetric DS was deployed within each client as a service. For data import, the server provided Representational State Transfer (REST) web service written in PHP. MySQL was used for the server and client database.

Cloud deployment architecture
Two applications were hosted within the cloud: Symmetric DS application and EHR web application. The following services were set up within the AWS environment:

Amazon Elastic Compute Cloud (EC2) is a Virtual Machine (VM) provided by
AWS. This service was used as the server running Symmetric DS and EHR web applications. 2. Amazon Simple Storage Service (S3) is highly reliable storage provided by AWS. It has a guaranteed availability rate of 99.9% during any given year. This service was used to store files (such as patient lab records) required in the EHR system. 3. Amazon Relational Database Service (RDS) is a database service provided by AWS. RDS provides relational model databases, such as MySQL, PostgreSQL, Oracle, and Microsoft SQL. One advantage of using RDS was the ability to have AWS perform common database maintenance tasks, such as automatic system backup that eliminates the need for users to perform maintenance. This service was used to store EHR database. 4. Amazon Elastic Load Balancing (ELB) is a load balancing service provided by AWS. ELB distributes incoming connections among the EC2 instances. ELB has the capability to detect unhealthy instances and prevent any distribution of connections towards them. This service was used to distribute the incoming load from health institutions requesting EHR access. In this study, the load balancer contained two parties: one that accepted traffic for SymmetricDS service using port 9090 and one that accepted traffic for EHR web application service using port 443. 5. Auto Scaling is a service that enables automatic scaling of EC2 capacity according to user-defined conditions. With auto scaling, EC2 instances can be replaced with more powerful instances seamlessly during periods of high demand to maintain the performance or with less powerful instances automatically during periods of low demand to minimize cost. This service was used to ensure quality EHR performance and was required for maintaining the EHR information in real time. Figure 3 shows the architecture in which these AWS components were deployed. This method added high availability to the EHR system since more than one EC2 instances were used, allowing for the application to continue its function despite failure in any single EC2.

Data structures
In the EHR, data was stored in a Relational Database Management System (RDBMS). Every patient has a unique identifier in the form of a Medical Record Number (MRN).

Fig. 3. Cloud Deployment Architecture
To avoid duplicate conflict between MRNs generated in different facilities, it was proposed that every MRN generated must start with the Symmetric DS external ID. For example, if a hospital has an external ID of "101", MRNs created at this hospital would fall within the range of "1010000000" to "10199999999". This method prevented not only conflicts between the MRNs at different hospitals but also facilitated the tracking of which hospital generated the first entry for an EHR. To enable patient medical record import by health institutions, each facility had a database table named node security. This database table was used to store the node name and the node password used for authentication processes.

Registration process
There were two types of registrations: the node registration and the data access registration. The node registration regulated which client could send data to the server, as shown in Figure 4.

Fig. 4. Node Registration
The node registration process followed these steps: 1) the client initialized the node registration; 2) the client attempted to register to the server; 3) the server either accepted or rejected client registration; 4) the client downloaded its configuration from the server; 5) the client sent its data from its database to the server via push job.
The data access registration was a process for requesting an account (username and password) used for accessing the web-service application's programming interface (API) for the server. This registration process followed these steps: 1) the client initialized the node registration; 2) the client attempted to register to the server; 3) the server either accepted or rejected client registration; 4) the client downloaded its configuration; 5) the server generated the node name and the node password then inserted the information into its table; 6) the server performed the initialLoads method, retrieving the node name and the node password corresponding to the client; 7) the server sent the data to the client via push job. These steps are summarized in Figure 5.

Patient medical record delivery process
This study utilized a one-way synchronization model between the client and the server. Every time the client performed a DML statement on its database on medical record tables, the changes were captured, and the client sent the changes to the server via push job. The server retrieved the changes from the client then synchronized its database.

Patient medical record importation process
The central database provided an API via the REST web service to provide access of patient medical records to another health institution. The API used to import a patient's medical record to a local database accepted only connections from registered health institutions. The client requested for a patient's medical record to the server by the patients MRN. The healthcare service processes utilized in this paper were based on the study by Pardamean and Rumanda [40]. Prior to medical record access from the server, the client must perform an authentication process. The following items must be provided during the authentication process: 1. Node Name: this is a value from the node name column, which the server uses to retrieve the client's node password. 2. Signature: the message contains a valid Hash-based Message Authentication Code (HMAC) signature. This signature is calculated from patients MRN and node password as the secret key. For this study, the HMAC-SHA256 algorithm was used [41], [42]. 3. Date: this serves as a timestamp record of the request.
These items were included in the request then sent to the server as a part of the access request. The server then retrieved the request from the client then searched for the node password based on the node name included in the request. The server generated a signature from the requested patients MRN and the node password using the HMACSHA265 algorithm. If the signature generated by the server matched the one sent by the client sent in the request, the server would generate the information of the requested patient in JavaScript Object Notation (JSON) format. The client would then parse the information for import into its own database.

Discussion
In recent years, several EHR sharing systems based on cloud computing have been proposed [43]- [52]. The first three aforementioned studies demonstrate an EHR sharing mechanism built by the medical record information application on a cloud computing system [43]- [45]. This approach simplifies data sharing between healthcare organizations since every healthcare organization uses one application for all of its health care service processes. Vinutha, Raju, and Siddappa propose the addition of a Virtual Private Network (VPN) connection for access to the medical record information system because it provides an additional layer of security during the information exchange process between client and server [46]. It also eases the process of a multi-platform implementation, such as Android OS. The Ligne de Vie project by Haras et al. proposes data synchronization among distributed healthcare organizations through the implementation of Sync ML using Extensible Markup Language (XML) with the aim of simplifying operations across multiple applications [53].
Consideration of security and privacy are essential for the implementation of a cloudbased EHR sharing system. In our approach, the database of local node and server contains sensitive data in the form of patient information. Database security must be addressed with regards to these data protection. Bracci, Corradi, and Foschini [54] demonstrate database security through data encryption within the database. Sachdeva, Mchome, and Bhalla [55] examine the security requirement for web services implementation within the context of EHR sharing and describing strategies to protect these data. A form of patient approval mechanism is required within a proposed system to ensure the EHR data security and consent-based sharing status; this is particularly important with regards to inter-institution data sharing. Pardamean and Rumanda [40] propose to have a patients EHR be downloadable through the server to enable patient mobility from one hospital or health care institute to another, thereby having the patient's medical records follow the patient rather than tethered to one facility.
Health Level Seven (HL7) message format could be an alternative to the JSON message format. The use of HL7 appears to ease the translation and interpretation of existing health-related applications within the client. However, since we imported the EHR data from the server and stored it in a local database, using HL7 message format was not necessary. Nonetheless, unique identification of nodes (the external ID) and MRN could follow the HL7 OID convention.

Conclusion
In this study, we proposed a platform-sharing mechanism among distributed healthcare organizations utilizing the cloud computing system of Amazon Web Services. Primary concerns included the scarcity of Internet connection in environments that required patient data sharing as well as the need for timely retrieval of medical records for continuing medical services. We proposed the database replication mechanism using Symmetric DS application and REST web service. With Symmetric DS application, the healthcare organizations were able to send their patient data set to a centralized, cloud-based public health information system. These organizations also had the ability to share their data with one another. The information exchange utilized the REST web service standard then transported the data using HTTPS protocol. To obtain a specific medical record, the healthcare organizations had to go through an authentication process by sending an access request to the centralized, cloud-based public health information system via the REST API system. We also proposed an HMACauthentication mechanism to ensure only organizations with proper access rights could request and gain access to the medical records. The integration of our method was simplified by the deployment of Symmetric DS as a service within the existing EHR system.

Authors
Muhamad Fitra Kacamarga is a faculty member of Computer Science Department, School of Computer Science, Bina Nusantara University. He is also a lead data scientist at Eureka.ai. Email: fitra.kacamarga@binus.ac.id