Estonian Central Health Information System and Patient Portal
The Central Health Information System EHR is a patient-oriented system where patient summaries about every case are collected. Data are visible to all clinicians who treat patients and patients can see their own data and see who have accessed their data.
@Photo from Pixabay.
The Central Health Information System (so called Personal Digital History www.digilugu.ee – as EHR service) started in Estonia in 2008. The central system is a patient-oriented system (based on the personal ID–code). In the EHR central system, epicrises about every case (short overview about visits, anamnesis, diagnoses, treatment, examinations and recommendations) have been collected, which are visible to all clinicians who treat patients. The doctors` access to the central database is allowed only via the personal ID-card for security reasons. All accesses will be logged and are allowed only to licensed health care providers. In addition to this database all the collected epicrises are linked to the Medical Images Bank, the Prescription Centre and health care providers systems via the X - road.
The Estonian EHR has a specific service portal for patients – the Patient Portal. Every person has access to the portal via her/his ID-card and can have a look at his/her personal data. A patient can also look up information about his/her children (up to 18 years) or others if specifically permitted. There are several services possible for a patient:
• to see their own data from various service providers in one place
• make declarations (allow donation, distribution of the rights for the family to open or to close the data, data closure for doctors) all over Estonia
• look at their treatment bills, prescriptions, and the loggings (who has accessed their data)
|Start date||1 Jan 2008|
|Nature and status of project||Rolled Out|
|Is the OOP case/enabler mandatory?|
Enabling assets or components
Estonian data exchange layer for information systems (X-Road)
Estonian Public Key Infrastructure
Estonian Catalogue of Public Sector Information (RIHA)
Estonian three-level IT baseline security system ISKE
Health Services Organisation Act, https://www.riigiteataja.ee/en/eli/513032017001/consolide
Especially Chapter 51 HEALTH INFORMATION SYSTEM (adopted on 2008)
National Health Information System Regulation, https://www.riigiteataja.ee/akt/106122016011
Personal Data Protection Act, https://www.riigiteataja.ee/akt/12805972?leiaKehtiv
Public Information Act, https://www.riigiteataja.ee/en/eli/518012016001/consolide
Population Register Act, https://www.riigiteataja.ee/en/eli/523032017001/consolide
Socio-cultural influence factors
Legal and organizational interoperability: legislation approved by stakeholders
All registers must linked by use commonly accepted keys:
• personal code for citizens,
• code of institution,
• standardized address presentation.
Secure data exchange layer X-Road (https://www.ria.ee/en/x-road.html) is used for gathering data from different registers. X-Road is a technological and organizational environment enabling a secure Internet-based data exchange between information systems. All registers and Statistics Estonia must be a member of X-Road
Information regarding the X-Road members and the services they provide is available via the Administration System for the State Information System (RIHA). RIHA (https://www.ria.ee/en/administration-system-of-the-state-information-system.html ) serves as a catalogue for the state’s information system. At the same time RIHA is a procedural and administrative environment via which the comprehensive and balanced development of the state’s information system has ensured. RIHA guarantees the transparency of the administration of the state’s information system and helps to plan the state’s information management.
PKI or the public key infrastructure (https://www.ria.ee/en/public-key-infrastructure.html ) enables secure digital authentication and signing. The infrastructure also allows forwarding data by using an encrypting key pair: a public encryption key and a private decryption key. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID). All members of X-Road are using Digital seal certificates for signing messages. Citizens and officials are using electronic identity tokens.
All participants must be implemented three-level IT baseline security system ISKE (https://www.ria.ee/en/iske-en.html). The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level achieved by implementing the standard organisational, infrastructural/physical and technical security measures.
Data guidelines of Estonian Data Protection Inspectorate (http://www.aki.ee/et/juhised) must followed.
Data handling / data exchange
|Stakeholder name||Stakeholder type||Stakeholder role||Kind of data|
Health Information System (TEHIK)
|Government||Database owner||Health data|
|Population Register||Government||Database provider||Personal data|
|Business Register||Government||Database provider||Business|
|Universities, Scientists||Citizen||Data consumer||Health data|
|Address Data System||Government||Database provider||Adress data|
|Health Care providers (GP, Hospital, Emergency service, Dentists IS)||Business||Data recorder||Health data|
|Medicines Coding Centre (State Agensy of Medicine)||Government||Database provider||Semantic data|
|Registre of Handlers of medicines – Licences of Pharmacies and pharmasists (State Agency of Medicine)||Government||Database provider||Licences data|
|Health Insurance Status Register (Health Insurance Foundation)||Government||Database provider||Insurance data|
|Health care providers Register (Health care Board)||Government||Database provider||Providers data|
|Health professionals Register (Health care Board)||Government||Data consumer||Data about professionals|
|Statistics Portal||Government||Data consumer||Statistics data|
|HIS X-Road MISP – Portal for GP||Business||Data recorder||Health data|
|HIS X-Road MISP – portal for Emergency Mobile Stations||Government||Data consumer||Health data|
|Prescription Centre (Health Insurance Foundation)||Government||Database owner||Health data|
|Medical Images Repository||Government||Database provider||Health data|
|Patient Portal||Citizen||Data consumer||Health data|
|Road Administration Board||Government||Data consumer||Health data|
|Social Security Board||Government||Data consumer||Health data|
|Health Insurance Foundation||Government||Data consumer||Health data|
|Medical Registries (Cancer Register) – National Health Development Institute||Government||Data consumer||Health data|
|Medical Registries (Infection Diseases register) – Health Care Board||Government||Data consumer||Health data|
|State Information Board (X-road, eID, Mobile-ID, ID-card)||Government||Data supervisor||Governance data|
|Citizen as Patient (via www.eesti.ee or www.digilugu.ee )||Citizen||Data consumer||Health data|
Medical documents: Health care providers (hospitals, doctors, etc)
National registry (National Health Information System):
Processor: Health and Welfare Information Systems Centre (former Estonian eHealth Foundation)
- Each family doctor is able to view the data on patients in their practice list to see which specialist doctors they have visited or whether they have been hospitalised or received emergency care (irrespective of geographic location)
- Each attending doctor is able to see which prescriptions (both historical and current) a patient has from other doctors in order to assess pharmaceutical interactions
- Each attending doctor is able to see a patient’s tests or visits associated with the same case (this is particularly important in case of chronic diagnoses or chronic patients, as well as patients under monitoring)
- Each attending doctor is able to see whether ordered test results are in, even if the tests were made by another provider
- Reduced number of duplicate tests for the same case
- A brief general overview of patient’s critical data is available without any tests in emergency situations
- Collected data can be used to develop various new services
- Persons can view their prescriptions, summary reports, test results (except images) and the details of their children, and they can also see who else has viewed their data in the systems; they can make their data accessible or inaccessible, issue expressions of will (regarding organ donations, powers of attorney) and order electronic medical certificates
- For the patient is available to ask a second opinion
- Various public agencies can order aggregate and anonymised statistics
- Scientists can conduct research based on different linked databases, subject to a permission of the ethics committee
• Legal, organizational, technical, social-cultural, fiscal and professional interoperability (see conclusions for detailed description)
• Secure data exchange layer for confidential and legally binding data needed. In case of Estonia the X-Road is used, The use of X-Road ensures complete security of the exchange of data
• The unique personal identification code provides opportunity to merge personal data from different registers.
• The unique company commercial registry code provides opportunity to merge business data from different registers.
• eID and PKI infrastructure needed. Citizen, Doctors and nurses can use for login IDcard, mobileID or digiID
• Central eHealth system meets very high security requirements for trust reasons (Baseline security system ISKE)
• All e-health classificatories are regulated by government act and published at publishing center https://pub.e-tervis.ee/ and identified by OID register
• All health care providers have a contract with the TEHIK (former E-health Foundation, processor of the HIS)
• The Data security guidelines of Estonian Data Protection Inspectorate (http://www.aki.ee/et/juhised) must be followed by all counterparts.
• Harmonized and agreed working flows, standard, classificatory and data models among the health professionals
Motivation is needed for stakeholders
High development costs (health care providers infosystem development - hardware and software, implementation and training, harmonizing the work flow processes and data models among different health care providers, implementing the international standards and indicators )
High standardization cost (medical terminology and international standards adaptation. Example SNOMED and others)
Changing paradigms between global market, entrepreneurs, patient awareness, technological possibilities and insurance market – lack of clear vision (where to invest)
Disclaimer: Please note that this article is a result of the SCOOP4C Pilot Project, not an application of a CEF Building Block.
This page has no comments.