International Conference On Current Situation and Challenges of Health Database in Each Country

International Conference on Current Situation
and Challenges of Health Database in Each Country

-Security, Protection of Personal Data and Utilizing of Data-
REPORT
1pm-5pm, May 13th, 2017
JMA Auditorium, Tokyo, Japan
Japan Medical Association

CONTENTS
Program
� � � � � � � � � � � � � �� 3
Message ……………………………………………………………………………………………………………………………………… 5
Yoshitake Yokokura
President, Japan Medical Association
President-Elect, World Medical Association
Keynote Address
“Current Situation regarding Health Database Utilization and Related Legislative
Systems in Japan”
� � � � � � � � � � � � � �� 6
Ryuichi Yamamoto
Chief Director, Medical Information System Development Center
Invited Professor, Jichi Medical University
Lecture 1
“Improving Health with Databases and Biobanks: Promise and Pitfalls” �� 16
Robert Wah
Former President, American Medical Association
Lecture 2
“Personal and Private Big Data: Genomes and Health Records” �� 23 Ju
Han Kim
Professor, Seoul National University College of Medicine
Lecture 3
“Development of the Taiwan Health Information Network and Health Cloud” � 31 Heng-
Shuen Chen
Assistant Professor, School of Medicine, National Taiwan University
Lecture 4
“Health Data: Its Protection and Better Use for the Public and Patients” � � � � 39 Norio
Higuchi
Professor of Law, Musashino University Faculty of Law
Comment
“Health Database: Are we ready to step forward?” �� 47
Dong-Chun Shin
Professor, Yonsei University College of Medicine
PROGRAM
Moderator: Mari Michinaga, Executive Board Member, JMA
13：00 Opening
Welcome Address: Yoshitake Yokokura, President, Japan Medical Association

Lectures Co-Chairs: Hiromi Ishikawa, Executive Board Member, JMA

Hanako Jimi, Member of the House of Councilors
13：05 - 13：50 Keynote Address “Current Situation regarding Health Database Utilization
and Related Legislative Systems in Japan”
Ryuichi Yamamoto
Chief Director, Medical Information System Development Center
Invited Professor, Jichi Medical University
13：50 - 14：20 Lecture 1 “Improving Health with Databases and Biobanks: Promise and
Pitfalls”
Robert Wah
Former President, American Medical Association
14：20 - 14：30 Q&A
14：30 - 15：00 Lecture 2 “Personal and Private Big Data: Genomes and Health Records”
Ju Han Kim
15：00 - 15：10 Q&A
15：10 - 15：20 Break
15：20 - 15：50 Lecture 3 “Development of the Taiwan Health Information Network and
Health Cloud”
Heng-Shuen Chen
Assistant Professor, School of Medicine, National Taiwan University
15：50 - 16：00 Q&A
16：00 - 16：30 Lecture 4 “Health Data: Its Protection and Better Use for the Public and Patients”
Norio Higuchi
16：30 - 16：40 Q&A
16：40 - 17：00 Comment “Health Database: Are we ready to step forward?”
Dong-Chun Shin
17：00 Closing Remarks: Kenji Matsubara, Vice-President, Japan Medical Association
3
Message
Yoshitake Yokokura
President, Japan Medical Association
The World Medical Association (WMA) adopted the Declaration of

Taipei on Ethical Considerations Regarding Health Databases and Bio-
banks during the General Assembly held in Taipei last October. It was
the revision of the Declaration of Helsinki (DoH) that prompted the WMA to address this issue. Adopted
in 1964, the DoH is a set of ethical principles for medical research involving human subjects, including
identifiable material and data of human origin, and it is one of the most highly regarded declarations of
the WMA along with the Declaration of Geneva on medical ethics.
As the establishment of large databases increased, the WMA addressed the issues of health databases
and biobanks during the 2013 revision of the DoH, and the Japan Medical Association (JMA) took part
in the working group, joining in a series of discussions. The aim of the working group was to develop a
doc-ument consistent with the DoH, that can be accepted by, and will widely influence, the world.
The super-aged society will soon arrive in Japan, and the government, with the collaboration of the JMA
and prefectural medical associations, has established a national database on healthcare to help deliver prop-er
healthcare. The JMA also announced new IT guidelines called the “JMA 2016 Declaration of IT Devel-
opment” proposing to extend healthy life expectancy by centralizing the management of health check-up
services using ID numbers. We are making efforts to support national health by maintaining the universal
health insurance program and improving national health standards from the aspect of digital health.
Meanwhile, developments in the area of innovative technology can lead to securing medical care and
preventive medicine and extending healthy life in an aged society, and it can eventually contribute to the
establishment of a sound healthcare delivery system. However, as we face challenges, now is perhaps the
most important time to re-evaluate where we stand from the viewpoint of medical ethics. The environment
surrounding healthcare has many issues, and it is time that healthcare professionals, including physicians,
seriously discuss the ethics, responsibility, and ideal approach to patients and consider how we can over-come
various newly emerging problems. Based on such ideas, the purpose of the conference today is to provide a
platform for discussions and examine the current status of health databases and their accompa-nying
challenges in different countries, by inviting experts from the US, Korea, Taiwan, and Japan.
The WMA always closely watches the impact of its policy documents brought to each national medical
association. As the President-Elect of the WMA, I wish to ensure that the WMAʼs policy documents
func-tion as a driving force to broadly lead healthcare in the world in the right direction, and I am
hopeful that I can bring a fruitful report to the WMA to contribute to future discussions.
5
◉ Keynote Address ◉
Current Situation regarding Health
Database Utilization and Related
Legislative Systems in Japan
Ryuichi Yamamoto
Chief Director, Medical Information System Development
Center Invited Professor, Jichi Medical University
I believe that my task is to first explain the （Slide 1）

situ-ation in Japan. So, I will begin with a brief
ᵦᶃᵿᶊᶒᶆᴾᵧᵡᵲᴾᶇᶌᴾᵨᵿᶎᵿᶌ
review of the history on health databases in
Medical Information System Development Center
Japan, de-scribe the progress of information and 1960 1970 1980 1990 2000 2010
communi-cation technology (ICT) in healthcare,

and intro-duce health databases in Japan Insurance Claim Claim on line
including some for biobanks.

Paperwork supporting system
Brief History of Healthcare ICT Devel- Helping medical staff

opment in JAPAN
Patient centered care
The development of healthcare ICT in Japan was
in fact quite advanced in the world until around the Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
year 2000 (Slide 1). With the introduc-tion of ing that the introduction of computers must have
insurance claim processing software which began considerably reduced the amount of labor imposed
in the 1960s, the use of ICT relatively quickly on healthcare institutions. Because saving labor
became popular among healthcare institu-tions directly produces profit, ICT in healthcare rapidly
within the following decades. progressed in this area in those years.
As you all know, the governmentʼs universal In the 1980s, soaring national healthcare expen-
healthcare program, when it first started, was ditures arose as a problem, and the optimization of
mostly based on the fee-for-service system— the healthcare costs without sacrificing the quality
namely, the reimbursement was based on the sum of care became a social challenge. This facilitated
of all services provided, so a healthcare the streamlining of certain tasks, mainly in the area
institution had to endlessly repeat an extremely of administrative works that do not directly involve
large number of simple calculations to produce the delivery of care and the carrying of hard-copy
medical fee bill-ing statements. This posed a papers between places. Furthermore, large hospitals
considerable burden on the institutions. started to adopt a paperwork streamlining system—
Computers in the 1960s were quite incompe- the so-called “order entry system” or Ordering
tent—they were no match for the smartphones that System (R)—in the 1980s. So, an economic motive
everyone now has or even calculators of decent was behind this change, and the certain degree of
quality. Still, the task of repeating simple calcula- success had prompted larger hospitals to adopt such
tions over and over is easy for computers but ex- systems quickly.
tremely difficult and tiresome for humans, mean- The paperwork streamlining system was char-
6
◉ Keynote Address ◉ Current Situation regarding Health Database Utilization and Related Legislative Systems in Japan
（Slide 2）（Slide 3）
Brief History of Healthcare ICT in JAPAN Action Plan 2006 (Health field)
Medical Information System Development Center Medical Information System Development Center
1970sComputerized financial systems

Make New Grand Design for Healthcare ITC



 1980sOrder Entry systems of large scale hospitals

 MHLW announced first draft and
1999Government determined requirements for paperless EMR.
emphasizing constructing Japanese EHR



2001“Grand Design for Healthcare ICT in Japan”
Common Infrastructure

 

 2005Enforcement Personal Information Personal Act  Healthcare PKI ,Secure Network, and Healthcare

 2006“New IT Reform Strategy” smart card

 2010“A New Strategy in ICT”  ITC Based Healthcare Network

 2014“Japan revival strategy”  Regional and inter-regional healthcare network
 2017Enforcement of Amended Personal Information  Gathering nation-wide heath data and analysis.

Protection Act  Developing healthcare terminology and ontology
2017Act for Authorized Provider of Deidentified Health Data
Full Online Handling of Insurance Claims


(Health Infrastructure for Next Generation Act )
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
acterized by data entry at the point-of-origin,

but since 2005, it has been changing to how elec-
namely, entry is made to a computer system where
tronic/IT information can be utilized better.
the information was created. This meant that com-
The first movement was the Personal Informa-
puters were brought onto the scene of medical
tion Protection Act (PIPA), enacted in 2005, and
practice. Having computers available at the sites of
the New IT Reform Strategy, released in 2006. A
medical practice not only streamlined the ad-
new strategy in ICT was announced in 2010, and
ministrative processing but also led to the devel-
the Amended PIPA, the original version of which
opment of the electric medical records (EMR) sys-
was said to be somewhat insufficient, was
tem, which was intended to assist healthcare
enacted on May 30 of this year. At the same time,
workers and patient-oriented medical practice.
a new law aiming to promote the positive use of
However, the EMR system offers less incentive
health data passed the National Diet during the
compared to the previous two ICT developments.
last days of this past April.
For this reason, the EMR system has been intro-
The 2006 New IT Reform Strategy listed the
duced at the healthcare institutions—and has had
structural reform of healthcare by making IT the
real benefits—rather gradually instead of rapidly
first priority. To be more specific, the intended
spreading. Nonetheless, most large hospitals have
plans included creating a grand design; preparing a
already adopted an EMR system, and most newly
common platform; developing healthcare public
opened clinics are also using this system. So, I be-
key infrastructure (Healthcare-PKI or HPKI) for the
lieve it will continue to spread gradually.
license authentication of physicians; building a
Along with these developments, the govern-
secured network for healthcare use, which the JMA
ment has taken various measures (Slide 2). In
is currently working on as a main facilitator; and
1999, when the EMR system was still in the
developing a Healthcare Smartcard for pa-tients that
exper-imental development stage, the Ministry of
differ from the personal ID card (“My Number
Health, Labour and Welfare (MHLW) made an
Card”) issued by the government (Slide 3). As for the
announce-ment that healthcare institutions could
health database issue, a proposed goal was to promote
operate the EMR system without producing any
evidence-based healthcare policy development and
printouts at all. The government has continuously
evidence-based practice of medicine by collecting data
promoted ICT introduction by creating the
across the nation and through securing peopleʼs
“Grand Design for Healthcare ICT in Japan” as
privacy.
well as imple-menting various policies, but there
However, the i-Japan 2015, which was formu-
has been a change in its direction since 2005.
lated in 2010, lived for only a very short time be-
The main theme until 2005 was how computers
cause the ruling party of the government changed
could be introduced into healthcare institutions,
only a month after it was announced, after which
7
National Claims and specific screening information
Data Oriented Projects in Japan database system of Japan (NDB)
Medical Information System Development Center Health plan Medical institutes MHLW
 National Insurance Claim and Health Check-up DB (NDB) Check-up data Claim data
 2nd Pseudonymization and


Mid-Net Project （PMDA & MHLW) Health insurance claims review and store to NDB
reimbursement service


KDB 1st Pseudonymization
 Nursing care evaluation DB Sending data (Claim data: 1/month, Prefixed

Check-up data: 1/year) Analysis


Nursing care insurance claim DB


National Cancer Registration Federation of National Health
Insurance organizations
 National Clinical DB On demand Analysing System
 1st Pseudonymization
 ・・・・・・・ Sending data (Claim data: 1/month,
 Check-up data: 1/year) NDB is defined in “Elderly Persons’
 Medical Genome Center Biobank (National Center for G & G) Health Care Act” for creating

Check-up data Claim data adequate health care insurance
 Tohoku Medical Megabank Organization
Health plan Medical Institutes policy.
（Slide 6）
biobank, called the Medical Genome Center
Insurance Claim data
Date of birth (only month and year values)
(MGC) Biobank, for over 10 years now, but com-
Diagnosis
Data of beginning of care and number of days for paratively few specimens have been collected
care Health institute ID
Kind of visit
Existence of educational guidance
yet. The Tohoku Medical Megabank was created
Prescriptions with drug code, Injections with drug code Codes
of medical procedures, Codes of Surgical Operations with the intention of making the Tohoku Region
Codes of laboratory, physiological and radiological examination (without results)
Codes of Imaging diagnosis
Total costs
a top healthcare developed area after the Great
Double hashed value of Insurance claim ID, birth date and
gender Double hashed value of Name, birth date and gender
East Ja-pan Earthquake.
Health check-up data for life style related diseases Slide 5
Date of check-up or educational guidance shows how the insurance claim data and specific health check-up and guidance data are collected by the NDB, the first and
largest health database in Japan. The process of pseudonymiza-tion is repeated twice to ensure irreversible ano-nymization. The MHLWʼs database is shown
Code of Health plan on the right. The same process for anonymization ap-plies to the specific health check-up and guidance data. This database was constructed in response to
Code of examination institute the Act on Assurance of Medical Care for Elderly People.
Gender and postal code

Results of examinations and educational guidance
Level of educational guidance
Double hashed value of Insurance claim ID, birth date and gender
Double hashed value of Name, birth date and gender
the i-Japan 2015 died out. Nevertheless, the full

utilization of anonymized data was one of its tar-
gets.
Health Databases in Japan

After these events, the development of health
databases in Japan finally began at around 2005
(Slide 4). The National Database of Health Insur-
ance Claims and Health Checkups of Japan (NDB) Contained in this database are the data shown
is a database of the MHLW that contains all insur- in Slide 6. All identifiable information within the
ance claims (called “receipts”) and all cases of in-surance claim data, such as the policy type code,
specific health check-ups. The MID-NET is a da- policy number, date of birth, gender, and name, is
tabase created for drug safety. Furthermore, a da- blocked out by replacing them with hash marks,
tabase containing all EMR data, including lab test while the other data remain in the database. One
results—not insurance claim data—from 10 hos- thing that stands out here is that the ID numbers of
pital groups of 23 hospitals in total across the healthcare institutions remain intact. The same is
country has been created and is now operational. true for the specific health check-up and guidance
Many other databases have also been created. data: the identifiable information for these indi-
These two at the bottom of slide 4 are biobanks, viduals is carefully hashed and removed, while the
not health databases. The National Center for ID number of the individuals and institutions that
Geriatrics and Gerontology has been operating its performed their health check-ups remain.
In terms of anonymization, generally identifi-able
data are so carefully removed that it is impos-
8
sible to identify a person using the normal data, （Slide 7）

for both the insurance claim data and the specific Usage of NDB
health check-up data. However, the ID numbers Usage under “Elderly Person’s Usage for other purposes
Health Care Act” (without any legislation support)
of the healthcare institutions that submitted insur- Health Insurance
Prefectural Governments
Other bureaus of MHLW, Other Research Institutes
bureau of MHLW Ministries, local basic governments
ance claims or health check-up data remain. In
Evidence based policy Researches for
Analysis for creating adequate for improvement of making adequate
that sense, it is technically possible to perform an health insurance policy medical or other health policy
services
analysis on a particular clinic, for example a clinic Analysis by MHLW To evaluate the For example: Researches for
Survey for infectious diseases public good
health insurance Survey for the balanced medical
run by a private practitioner, without compromis- policy of MHLW care and nursing care
Publication
ing patient privacy. The possibility of identifying Analysis by
Prefectural Judgment by Assessment Committee
exact individuals is thus still not zero when the care Governments evaluating the necessity of using NDB data
evaluating the public goodness of the survey or the rese
provided was extremely rare or when ex-tremely Advise to Minister of MHLW Decision by
Minister of
MHLW
rare drugs were used, even without their Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
names or dates of birth. As for the procedure regarding data delivery,

It is also possible to link data that belong to the this database was created according to a law, as I
same person because the hashed value will be the mentioned earlier. Therefore, the pieces of data
same. Thus, it is technically possible for someone that are regulated under the law must follow the
familiar with a certain patient to identify the source provisions of the law. However, other pieces of
of the information from medical history or health data not stipulated in the law are available for
check-up record data over a very extensive period. study because this database is intended to
For this reason, the NDB data are regarded as nor- strongly serve the public interest. Various
mally un-identifiable, but not fully anonymized. researchers and organizations affiliated with
As for the volume of data accumulated, there municipal govern-ments and the national
are approximately 12 billion pieces of insurance government are currently making use of the NDB
claim data and 200 million pieces of health in the interests of public good and safety (Slide 7).
check-up data. All of them exist as individual The availability of data for such use is not stip-
data, and there are also sample datasets available ulated in the law, so guidelines had to be devel-
besides these individual data. A sample dataset oped first. Applications for use of these data are
can be cre-ated by sampling the 1% of outpatient accepted if they meet the bare minimum prerequi-
data and 10% of inpatient data of a given month, sites of securing the public benefit and ensuring
and re-placing unique data such as that for very non-disruption of the patients as well as the health-
rare dis-eases, medical procedures, and drugs care institutions, checkup facilities and insurers that
with dummy data. submitted insurance claims for medical fees and
The other type of sample datasets is called a specific health check-ups and guidance.
ba-sic dataset. This dataset also contains 5% of The Board of Experts, which consists of experts
the data of a given month, and is available such and representatives from the JMA, the Japan Den-
that the data from the same patients can be linked tal Association, and the Japan Pharmaceutical As-
to-gether. It has been debated recently that this sociation, in which I serve as a chairperson, exam-
data-set might be more useful with some ines each application submitted, ensures that “this
additional in-formation, such as the zip codes to project will contribute to society” and that “it will
indicate the areas of residences. not cause trouble for the patients and healthcare
So far, about 140 research projects have re- institutions.” We then advise the Minister of Health,
ceived sets of individual data, sample datasets, Labour and Welfare to provide the re-quested data.
and basic datasets. From these projects, over 100 Upon receiving our advice, the Min-ister of Health,
peer-reviewed scientific articles have been pub- Labour and Welfare then provides the dataset. This
lished already—all from the NDB database. system of data delivery has been
9
National Center for Geriatrics and Gerontology
Japanese Sentinel Project (Mid- Medical Genome Center Biobank
net project)
Medical Information System Development Center
 Based on distributed database model, with

common data set and standardized query
process model.

 Common data model consists of SS-MIX and

other international standards.
SS-MIX:
Standardized Structured Medical record Information eXchange
Based on HL7 version 2.5 messages, CDA R2, and DICOM Over
800 hospitals already implemented SS-MIX standardized
Storage system.
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
operational for about 8 years now. each hospital. After the data extraction system and
Now, I would like to explain another health da- the removal of the ID information, the data under-
tabase, the MID-NET (Slide 8). This database was go statistical processing and extraction to provide
created under the Japanese Sentinel Project, which answers in the common language. The resulting
was inspired by the Sentinel Project proposed by files produced at multiple healthcare institutions
the US-FDA. Unlike other commonly created from this process are then integrated and analyzed,
health databases, this is a distributed database— to possibly reveal rare adverse effects or enable
namely, data are physically located at individual early detection. This project is operated mainly by
health institutions after being converted into com- the Pharmaceuticals and Medical Devices Agency
mon data models. (PMDA), which is equivalent to the US-FDA.
In this project, the hospital databases based on However, one drawback to the MID-NET is that
a common data model are given a standardized only the data from major hospitals are available.
que-ry (search/extract) language and somewhat Therefore, this project might not function well for a
stan-dardized statistical processing language, and disease for which patients do not commonly seek
the databases then return their results. Therefore, care at major hospitals or a drug that is not com-
the data never really leave the hospitals. monly used at major hospitals. There is a vision to
The SS-MIX2 standard, which is a MHLW gather data from nearby clinics at each major hos-
standard, is used as the common data model. Its pital, but nothing about this has yet been done.
contents are a combination of globally accepted Although they are all major hospitals at present,
basic standards such as HL7 and DICOM, and a 23 hospitals across the country are participating in
Standardized Storage System is housed in each this MID-NET project, including NTT Group hos-
hospital so that all hospitals can receive a shared pitals; university hospitals at Tohoku University,
inquiry and each hospital can answer it. the University of Tokyo, Chiba University, Hama-
For example, the accumulated data can amount to matsu University, Kitasato University, and Saga
10 million persons in 5 years, so even a drug that University; and Tokushukai Group hospitals.
only one in every 100,000 people uses will be used
by roughly 100 persons. In this project, which Biobanks in Japan
became operational this year, data collected from As a very brief introduction of a Japanese bio-
different hospitals are used to study the adverse bank, I would like to mention the Medical Ge-
effects of different drugs or to examine the effect of nome Center Biobank, which the National Center
countermeasures against certain side effects. for Geriatrics and Gerontology in Osaka has been
For example, in an EMR database of the MID- operating for over 10 years (Slide 9). Its scope of
NET Project, a standardized storage is created in operation is not very extensive, so the number of
10
（Slide 10）
tions. So, this project has already succeeded in
Tohoku Medical Megabank Organization (ToMMo) identifying new SNP variations
Rules of Operation and Security

The operation of biobanks and health databases
is debated by the stakeholders each time a new
biobank or database is planned, and they also dis-
cuss how to ensure the trust of the public or pa-
tients. However, the need to standardize the rules
has been voiced for a long time.
The protection of privacy is a priority; this can
never be infringed. Having informed consent is
specimens is not too great—still, it is a biobank optimal for privacy when possible, but it is not al-
that has been available for a long time. ways possible to identify all possible purposes of
Slide 10 shows the homepage of the Tohoku use when collecting data for a health database.
Medical Megabank. As for how much progress it Rather, points that should be investigated often
has made, they are in the process of building what later develop, and it is impossible to know ahead
they call “local community cohorts,” in which as of time if a patient will develop an adverse effect
many individuals as possible within each commu- for a drug, although that should be investigated
nity, mainly along the coastline, are asked to par- thoroughly when it occurs. So, health databases
ticipate. Reportedly, the Megabank has already and biobanks are an area where it is extremely
obtained consent from about 80,000 people. dif-ficult to obtain solid informed consent
Another cohort they are working on is the 3-gen- because all purposes of use cannot be identified
eration cohort, which is a tracking survey of three at the time of consent.
generations. Consent is often obtained at the time of Even without solid informed consent, there are
childbirth, and so far, 70,000 people have given several methods that can ensure the protection of
their consent. Some participants overlap between patient rights or that will not put an unfair disad-
these studies, so the total number of participants vantage on a specific healthcare institution. One is
amounts to about 140,000. As for the outcome, having a well-maintained legal system as well as
which is still at this point very limited, they are ethical codes that are widely accepted by people in
trying to create a whole genome reference panel for many different sectors, including the research
the Japanese people. The whole genome anal-ysis community, data users, and data providers. The
of 2,049 people has been completed thus far. WMA Taipei Declaration that President Yokokura
In following the exact same methodology and described earlier is definitely a candidate.
being conducted at the exact same lab by the exact Combining these methods will likely ensure
same people, this is an extremely high-quality ref- the correct and fair use of these data among data
erence panel. In the past, the data of only 80 peo- users and data providers; however, another
ple or so were available, but now 2,049 peopleʼs important thing is information security. When
data have been added to the reference panel of the data are sto-len, no one can control what will
Tohoku Medical Megabank. Investigations of these happen after-wards. The law and ethical codes
data have already revealed 27,997,593 sin-gle are sufficient when things are under control, but
nucleotide polymorphism (SNP) variations, or they are quite useless when such control is lost—
single gene mutations, in total. Of these, 9,671,410 so it is import-ant to make sure the data do not
were already known, which means that 18,326,183, get stolen. There-fore, information security will
or 65.46%, were newly found single gene muta- play a very import-ant role.
11
“Database” includes: Personal Information Protection Act (PIPA), 2005

> gathering data from various
institutes Medical Information System Development Center
> indexing or preprocessing native
data
> send subset to various analysts 
 Chapter 1. General Provisions (Articles 1 to 3)
> …..  Chapter 2. Responsibilities of the State and Local Public Bodies, etc.

(Articles 4 to 6)
There are so many attack points!  Chapter 3. Measures for the Protection of Personal Information, etc.

Health database
 Chapter 4. Duties of Entities Handling Personal Information, etc.
Deep Freezer is so heavy and
easily locked. 
It seems to be more secure than 

 Chapter 5. Miscellaneous Provisions (Articles 50 to 55)
information database  Chapter 6. Penal Provisions (Articles 56 to 59)

But….  Supplementary Provisions

Biobank is further worthful with
health database!
Biobank Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
A health database will not function if it simply exist for diabetic patients, for example, should be
consists of a computer with data discs and a data- investigated—in fact, such a study is already un-
base inside (Slide 11). First, data must be collected. derway. Naturally, a similar study should be car-
Second, the collected data must be used. Risks ex- ried out on other diseases, but a database has to
ist in each process. Now, there are some points to be considerably large to study a rare disease.
attack. These attack points have to be clearly iden- Therefore, privacy protection as well as infor-
tified and managed. This is quite a tough task, and I mation protection are very important for the safe
believe that security is truly an eternal challenge. operation of biobanks, too. Collecting clinical in-
Just recently, the NHS of the UK was reportedly formation when these security aspects are insuffi-
hacked, and it seems there is no end no matter how cient poses an extremely high risk. A biobank con-
much you try. Still, we have to continue working tains materials that allow one to analyze all known
on it. In short, this is an area for the risk has to be genes if one wants, and a health database contains
reduced to an acceptable level. all clinical information; exploitation of both as a set
As for biobanks, their collections are biological can be extremely problematic. Therefore, I be-lieve
specimens, so they are generally stored in deep a database for a biobank should be under more strict
freezers. A deep freezer is extremely heavy and has management than a regular database.
quite a strong door, and it is not difficult to block
the access. Basically, it is relatively not dif-ficult to Japanese Legislative System on Priva-cy
prevent the stealing of specimens from a deep Protection
freezer—it is far easier than is ensuring in- Next in Slide 12, I would like to briefly intro-
formation security. However, biobanks alone are duce the content of the Personal Information Pro-
not much useful. A biobank with tissues and cells tection Act of Japan (PIPA), which was
to extract genes, for example, is not very useful complete-ly renewed in 2005. This law, which
without the information on what kind of patient the laid the foundation for privacy protection
cells are obtained from. legislation, is characterized by a major feature—
Therefore, a biobank is naturally accompanied by that is, a differ-ent system was in place for each
a health database of this sort. A biobank and a sector. Another way of saying this is that a
health database together, with additional informa- different set of rules exists for administrative
tion such as clinical findings, can be significantly agencies, independent administrative
meaningful. The outcome of the Tohoku Medical corporations, and municipal gov-ernments. The
Megabank so far was the result of a sample analy- rules themselves are not so differ-ent, but the
sis; it did not require clinical findings. In the next primarily responsible person is differ-ent because
step of the study, the types of SNP variance that these organizations belong to different systems.
12
Security Guidelines for Health Information Systems Security Guidelines for Health Information Systems
MHLW 2005 - 2017 MHLW 2005 - 2017
Medical Information System Development Center Medical Information System Development Center

 1. Introduction Chapter 6: Basic Security Management of Health Information Systems

 2. How to Interpret the Guidelines  6.1 Policy and Disclosure


 3. Scope  6.2 Identify the Data and Risk Analysis


 4. Responsibility for Handling Electronic Health Information  6.3 Organizational Security


 5. Interoperability and Standardizations  6.4 Physical and Environmental Security


 6. Basic Security Management of Health Information Systems  6.5 Technical Security


 7. Requirements for full digital systems  6.6 Human Security


 8. Requirements for Outsourcing of Data Storage  6.7 Discard of Health Data


 9. Scanning or Digitizing of Analog Data.  6.8 System Development and Maintenance


 10. Operation Managements  6.9 Taking out Information and Information Equipment


 Appendix 1. Sample of rules for Basic Security Measurements  6.10 Emergency Action in Disasters or Other Incidents 


 Appendix 2. Sample of rules for Full Digital Systems  6.11 Security for Information Exchange with Networks

 Appendix 3. Sample of rules for Outsourcing of Data Storage  6.12 Electronic Signature
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
In the case of healthcare, there are hospitals run years once a rule is established. Every new tech-
by municipal or prefectural governments, hospi-tals nology requires new guidelines to match, so the
run by independent administrative corpora-tions, MHLWʼs guidelines are revised very often.
and a few healthcare institutions run by the national I want to draw your attention to Item 6 on basic
government, while most other healthcare security (Slide 14); these guidelines advise on de-
institutions, including long-term care institutions, veloping a policy and making it available to the
are run privately. Therefore, the primarily respon- public and performing a risk analysis, and talks
sible persons under the law would differ among about security in terms of organizational,
these institutions. To be specific, the Minister of physical, technical, and human-resource
Health, Labour and Welfare is responsible for pri- perspectives and the destruction of health data.
vately-owned healthcare institutions; the Minister Healthcare delivery is continuous, but IT systems
of Internal Affairs and Communications is respon- do not last as long. Every 5 or 6 years, hardware
sible for institutions run by the national govern- must be modified, and such maintenance issues
ment; a chairperson of an independent administra- are also dealt with in the rules.
tive corporation or the Minister of Internal Affairs There are other situations to consider, such as
and Communications is responsible for institu-tions when a physician is making a house call or
run by an independent administrative corpo-ration; provid-ing home care and information has to be
and the head of a local autonomy, mayor, or taken out-side, when a large-scale earthquake or
governor is responsible for institutions run by a disaster occurs, or when is system is under attack
municipal/prefectural government. by a hacker. What needs to be done then? The
This means that the input of many different guide-lines provide all the above, describing how
peo-ple responsible for privacy protection needs to ex-change medical/health information via
to be collected before sharing health data among network, and introducing a guideline for
these institutions. Reportedly, this is one factor electronic signa-ture at the end.
that is negatively influencing health data sharing The rules of operation of every health database,
in real-ity. This is a major shortcoming. including the NDB and MID-NET, all refer to the
Slide 13 shows the MHLWʼs security guidelines MHLW guidelines, which must be adhered to.
for information management, which are based on So, this part is more or less the standard point-of-
the above-mentioned PIPA. These guidelines are ref-erence in terms of the security of health
revised almost every year, and the 5th edition will databases in Japan at present. Naturally, any
be published soon. Security needs to change in ac- flaws, loop-holes, or overlooked items are a
cordance with the changing technology; it is not serious problem, so every caution should be taken
something that remains acceptable for 5 or 10 in the repeated revisions.
13
The revision of the PIPA has been in progress Identifying Code. A whole genome is naturally
for 3 to 4 years now. First, the Act of 2005 pro- an identifiable code; however, it is yet not
vides rules, but they are very reserved and ex- defined in detail as to how small the genome
tremely loose when it comes to penalty. The unit information should be to be no longer considered
of enforcement was an organization, and the personal in-formation. The Personal Information
rules were insufficient to control and deter those Protection Committee has issued a set of
who have truly ill intentions. standards for the time being, but more
Another issue was the usefulness of the Act. deliberation is believed to be necessary.
Personal information can help develop society as Another thing to consider is the “weight” or
a whole through its positive use. The Act was sensitivity of the personal information—some in-
estab-lished to set rules for not causing any formation is heavy or highly confidential, whereas
inconve-nience to individuals and to avoid some is light or not so sensitive. For example, a
violation of their rights; however, as the name of point card is used when shopping at a grocery store.
the law im-plies, the operation of the law tended It creates data on who bought what at how much at
to focus too much on “protection.” a store, and this is considered personal
Additionally, the Act did not define what information—the same applies to a medical record
consti-tuted personal information—namely, it did at a hospital. Prior to the revision of the Act, both
not clearly lay down the standards as to how far shopping history data and medical record data were
iden-tifiability had to be reduced for personal equally considered personal information.
informa-tion to no longer be considered personal. In the revised Act that has adopted the concept
There-fore, one person might think that erasing of sensitive data, however, shopping data and
names and dates of birth from personal medical record data are treated differently.
information is enough to use the information Almost all health data are designated as sensitive
freely without con-sent on the one hand, while on data. Once classified as sensitive data—
the other hand, someone else might think that technically called “personal information with due
erasing names and dates of birth is not enough consider-ation” in Japan—the data cannot be
because the source can still be identifiable obtained with-out the consent of the source
through street addresses or shopping history. individuals. Sensitive data cannot be offered to a
Such extremes in opinions fed peopleʼs anxiety. third parity without consent, and the purposes of
Understandably, this anxiety made both the use cannot be changed. For other types of data,
user side and the source side feel unsure. So, the there is an option of “opting out”—that is, the
law was revised to ensure how “this sort of intent to offer data to a third party is made widely
informa-tion can be used” and “we will never known to the public, and the data can be made
inconve-nience you because we have de- available upon notifying the Personal Information
identified your information this much.” Protection Committee if rejection is not received
I will now list some characteristics of the re- from the individuals. However, this “opt out” is
vised Act, which came into effect on May 30th. not allowed for sensi-tive data under the law.
One that is relevant to both health databases and With this revision, healthcare institutions in
biobanks is the creation of Identifying Codes general such as hospitals, clinics, long-term care
(i.e., personal identification codes). This is facilities, or health check-up centers cannot offer
information that alone allows us to identify the patient data to anyone without first obtaining the
exact individu-al. For example, a passport individual patientʼs consent. In this sense, a genet-ic
number is unique, so a passport number alone analysis for a commercial purpose might be per-
can allow one to identify the exact individual. formed with his/her consent, but the risk of his/her
A genome sequence is also considered a type of materials being used for other intentions has been
14
greatly reduced. In a way, the revised Act proba- （Slide 15）

Public Research Commercial Open Data
bly is a more reassuring piece of legislation for Insititutes Business
people.
Assessment Committee
On the other hand, medical and health informa- PPDM
High
performan Laboratory Center
Small Hospitals
ce
tion is not just used for individuals—in fact, Authorized
De-identifying
statistical
process Reconfirmation Cloud ORCA
Small Hospital
Organization of consent for use + MI -CAN

De-identified DB
med-ical knowledge contained in medical school De-Identify Sharing
PHR Backup PHR providor Small Hsopital
text-books are produced entirely based on patient Identifiable Health DB
serivice
SS-MIX2（ISO27931）
Standardized Storage
data. In this sense, medical students and Linkage Service

PHR Providor （+ Claim data + DPC files)
Sharing with opt-out
consent
professionals utilize knowledge obtained from a Sharing Collaboration

De-identified data
Custom-made statics
Custom-made statics
considerable body of personal information to (Open data with some latency)
serve patients in return. If personal information

15 National University Hospitals Large scale Hospitals National Hospital Organization
can be used only for the recovery or maintenance Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
of oneʼs own health, this also means that the is not good enough; a patient has to be instructed
information is not available for future medicine to read the notice on a bulletin board, and if the
as well. This is one area in which the revised Act patient does not refuse, and only then can the in-
has created some concern. formation be collected.
An effort is currently underway under a law to
Positive Use of Health Data for Medi-cal establish a system to de-identify (anonymize) and
Research in the Public Interest provide these data upon fully reviewing the pur-
For this reason, the next-generation healthcare poses of use based on appropriate standards, and
infrastructure law just passed the National Diet this ensuring that the purposes can be met and that the
past April (Slide 15). This law defines a ser-vice individuals and the institutions from which these
provider responsible for anonymization who will data are obtained will not be inconvenienced, dis-
provide personal information exclusively for the criminated, or unjustly judged in any way. This
purpose of medical research and technology law, commonly called the Health Infrastructure
innovation with the public interest in a way that it for Next Generation Act, is a brand new legisla-
will never infringe the privacy of the individuals. tion, and its detailed operation is still waiting to
This Authorized De-identifying Organization For be established. Nevertheless, this law marks the
Health Data is a service provider that meets cer-tain start-ing point of creating a legal system that
criteria and is authorized by the government. Each promotes the proper use of health data including
healthcare institution is allowed to collect patient medical services and healthcare.
information on an opt-out basis for the Au-thorized This concludes my presentation regarding the
De-identifying Organizationʼs use after carefully movements on health databases in Japan. Thank
informing the patients. Having a notice on a you for your attention.
bulletin board and waiting for the word “no”
15
◉ Lecture 1 ◉
Improving Health with Databases and
Biobanks: Promise and Pitfalls
Robert Wah
Former President, American Medical
Association @RobertWahMD
Three Waves of Health IT Investment

Health Information Exchanges (HIEs) • Electronic Health Records (EHRs) • Tools for Health Analytics
Ongoing Regulatory and Policy Changes

Pilots Standards
Health Information Exchanges
Implementation of EHRs
$20B
Population-Based Analytics
EHRs
$15B
Population Analysis
and Decision Support
$10B
HIEs
$5B
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Health IT Investment Over 10 Years: $150B
I would like to speak today about health data- ogy, the bits and bytes and boxes of getting
bases and biobanks and how we can use them to digital information together. I am more interested
improve the healthcare of our patients. I believe in what we can do with the information once we
that there is both promise and pitfalls in the use have it in a digital format, and that is where I
of health databases and biobanks. think we are right now. We can use very
powerful technology and computers to analyze
Three Waves of Health Information the digital information we have to help our
Technology in the United States patients become healthier and stay healthy.
When I think about health information technol-
ogy in the United States, there are really three “All of Us” Research Program
waves on which that has happened (Slide 1). The I would like to turn to a project that we are just
first wave was that we moved from paper records about to start this month in the United States. The
to digital records, and we spent about 30 billion name of the project is the “All of Us” Research
dollars making this happen. Program. It comes out of our goal of providing
Then we spent about another one billion U.S. “precision medicine” for our U.S. citizens. What
dollars to make health information exchanges so we mean by “precision medicine” is that we want
that we can connect the digital information we now to tailor treatment specific to an individual (Slide
have. Once we have the network-connected digital 2).
information, we enter the third wave; a new phase In the old days when a patient came to my office
of population analysis and decision support. and was diagnosed with diabetes, we would say for
As a physician, this is the interesting part for me diabetics this is what we do for all diabetics. But
in all of this. I am not so interested in the technol- now with personalized medicine, we can say
16
◉ Lecture 1 ◉ Improving Health with Databases and Biobanks: Promise and Pitfalls
for you—a 32-year-old single mother, Hispanic （Slide 3）
left-handed female, with these four medications

and these three aspects of your family history—
for you: this is the right treatment for your diabe-
tes. It is different from what we have done in the
past when we provided blanket treatment to
every-body. We can now personalize treatment,
and use genetic information which enables even
more per-sonalization.
The “All of Us” Research Program in the Unit-ed
States is an effort to really accelerate the move us engage with these one million citizens. We will
towards personalized precision medicine. What it be looking at mobile devices and other technolo-
is, is we are going to collect blood and urine sam- gies to see how we can interact with these citizens.
ples and health information from the electronic Now, the way we are projecting this is, partici-
records of one million citizens across the United pation by voluntary citizens and they may not re-
States. It will be a cross-section of old, young, fe- ceive personal benefits from donating their blood
male, and male patients across the entire United and urine samples and medical information (Slide
States. We are going to collect these biological 3). That is why the project is called “All of Us”; it is
samples, which could lead to the accumulation of because, by having all the United States citizens get
genetic information on one million patients in one involved in this study, we think that it will help all
place, along with blood samples on which we can of the United States citizens, not just the indi-
conduct many tests besides genetic analysis. The viduals.
urine samples will also give us information about Ultimately we hope that this project will be
the metabolism of their biology, and then also we very precise in giving the right drug for the right
are going to have an ongoing stream of informa- person at the right dose. It is due to kick off in
tion from the electronic records going into our May. The company that I work for, DXC
electronic database. Technology, is providing the citizen engagement
This will give us a very rich picture of one mil- technology. We are going to be working to
lion citizens and will create a tremendous source of engage the citizen through digital mechanisms as
information for conducting incredible research and, this new project rolls out, and we are very excited
we believe, making many exciting new dis- about the proj-ect.
coveries. It is going to be a totally different way of
conducting our research. In the old days we con- “Million Veterans” Program
ducted clinical trials; we would say, “Okay, here are Alongside this project, there is another project
200 patients with a particular disease; we are going that is being conducted over about the same period
to test a medication on them to see whether or not it of time called the “Million Veteran Program”
is better or worse than the current medica-tion.” By (MVP) (Slide 4). In this project we are collecting the
taking a million citizens, who each has a rich base same samples—blood, urine, and digital infor-
of information, we will be able to use that database mation—but on one million veterans. These are
of information to do some really ex-citing studies men and women who have served their country in
and make discoveries about all kinds of diseases, the military and have now completed their mili-tary
not just one. service. So this is a different million patients from
So, we will be able to not only treat but also the “All of Us” population because they all served in
prevent disease, and we are also going to look at the military. They were often exposed to some of
the question of how we utilize technology to help the many environmental aspects of war-
17
Intersection of Health IT, Cloud Computing and

Cybersecurity with the Patient in the Center
Cloud
Computing
Cyber Health IT Health IT
fare, and the psychological aspects of warfare. What I want to talk a little bit about is cyber se-
This will be a different cohort to study, but it will curity. You no doubt heard the headlines last night
still be a group of people to obtain rich informa- that there was a major hacking incident with the
tion from, and will provide a source for future re- United Kingdom National Health Service.
search and very exciting discoveries. The I have been talking about the cyber security of
“Million Veteran Program” already has 550,000 healthcare data for a long time. There are two
volunteers signed up to participate, so it is a little ma-jor threats to healthcare data that we can see.
bit ahead of the “All of Us” Program, which we One is the criminals, particularly in the United
are going to start in May of 2017. States, that are trying to steal healthcare data, and
These projects sound very similar to some of what we find in the United States is that this
the research I have heard other countries are health in-formation and stolen credit cards are
doing. Here in Japan we just heard about some being sold on the black market.
database creation that has already started and will If a credit card sells for one dollar in the crimi-
be on-go-ing. I was in Sweden two and a half nal marketplace, a health record sells for 50 to
weeks ago, and in Scandinavia they have a long 100 dollars in the same criminal black market.
history of col-lecting information on their The reason is the criminals use the information
citizens. We are see-ing this around the world, and health record to create a false identity. Using
where governments and private agencies are this false identity, they can then perpetrate very
collecting these new rich sources of information exten-sive financial fraud. They take the false,
with which we will be able to do research and, I created persona that they crafted from healthcare
believe, make very exciting discoveries. data and commit financial fraud, such as taking
out loans, creating credit cards, and buying boats
Cyber Security or houses. This seems to be a problem that is
I want to talk about the security considerations more focused in the United States than in other
that we need to keep in mind. I just showed you countries because of the way our financial system
two projects in the United States that show great works in the Unit-ed States.
promise. Now, letʼs talk about some of the risks and However, one problem that we are seeing every-
pitfalls that we have to think about as we gath-er where in the world that differs from information
this rich pool of information on our patients and theft, is ransomware. This is actually what hap-
citizens. I often say that I think health information pened with the National Health Service over the
technology for healthcare is really an intersection of past 24 hours. With ransomware, what happens is
health IT, cloud computing, and cyber security that the criminal elements invade a computer sys-
(Slide 5). At the middle of that intersection are our tem and then create some sort of a program that
patients. We should always remember that this is all encrypts and locks very critical files inside the
coming about for the betterment of our patients. computer system, so the computer system will not
18
（Slide 6）
work because their files are locked.
The ransom part is that the criminals will not Historical perspectives
unlock the files or give you the key until you pay
The WMA has been concerned about health data for decades.
them a ransom. This is a problem everywhere in
– As early as 1973 in a “Resolution on Medical Secrecy” addressing Computers
the world, and that is what we are seeing with the and Confidentiality in Medicine at 27th General Assembly [GA] in Munich
– GA in Venice in 1983, short statement
NHS today. My company does a lot of work for – GA in Washington, DC 2002, extensive declaration
the NHS, so I have information about this issue. – The WMA Declaration of Taipei on Ethical Considerations regarding Health
Databases and Biobanks approved Nov 2016 by Taipei General Assembly
It looks like the attack that just happened in the
last 24 hours was not actually targeting the
National Health Service. It just happened to get
into the Na-tional Health Service, and that is why we call a bell that you cannot un-ring: once the
it is grab-bing all the headlines, but many people bell rings, everybody hears it.
believe it probably started in Spain with an Patients are very mindful and fearful that their
attempt to attack the telephone system there. very personal and confidential information may
So, we are seeing this wave of attacks, and show up on the Internet, and they are expecting us
what usually happens is a small piece of software as physicians and healthcare workers to do every-
we call “malware” is embedded in an email and thing we can to protect that very private and confi-
then somebody inadvertently clicks on the bad dential information that they have provided us. So
part of the email, which launches a ferocious there are many reasons why we need to improve
malware program into that computer and locking cyber security in healthcare: because of the false
down the files whether they be pictures, identity and ransomware problem, because of the
documents, or files, it locks them and then the privacy problem, and because of the security and
criminal demands a ran-som to unlock it. This is trust that our patients give us to keep their confi-
something we all have to be very mindful of, and dential information secure and private.
very vigorous in protect-ing against.
Another point about cyber security is that our WMA Declaration of Taipei
patients expect us in healthcare to continue to be I want to talk about the Declaration of Taipei. We
the good data stewards of their healthcare infor- as the World Medical Association thought this
mation. Patients give us as physicians very private declaration was important for physicians to talk
and confidential information because they know by about the ethics of collecting health databases and
doing so we can help them improve their healthcare biobanks going forward (Slide 6). It was a very
and maintain their health. However, they will lengthy and detailed project, and as I said, the
become very uncomfortable giving us information WMA has been concerned about this for a very
if we fail to continue to be good data stewards of long time. As early as 1973, there was a resolution
that information because patients have seen that on medical privacy by the World Medical Associ-
financial information has shown up inap-propriately ation, and then in 2002 there was a very extensive
on the Internet in the past. declaration on the digital information we are start-
Patients also know that if a credit card shows up ing to collect on patients. We felt that this declara-
on the Internet that it is a problem. But you can tion needed to be revised in 2017.
undo the problem. It takes a lot of work—it might The revision process started back in 2012, and it
take a year or so—but you can undo the problem if took almost four years to complete these very dif-
your credit card shows up on the Internet. If your ficult and challenging ethical guidelines. We had a
diagnosis of diabetes or HIV infection or the fact lot of input; we had open consultations in Copen-
that you take psychiatric medications shows up on hagen and Seoul. We had another open consulta-
the Internet, that cannot be undone. That is what tion during 2016, and we had a committee com-
19
prising members from all around the world, relies to make sure that we are taking care of their
including the JMA, who provided a very rich ethical and scientific concerns regarding using
range of perspectives on what their national con- data or conducting research. So we relied on the
cerns are about privacy and the security of health research ethics committee to unravel some of
information. These efforts resulted in the these very sticky problems because we cannot
Declara-tion of Taipei. possibly anticipate every problem in our Declara-
A couple of things for us to think about when we tion of Taipei.
look at this: one, which was already touched on in Now, it is worthwhile saying that there is a
the last lecture, is the question of what is identi- pret-ty broad spectrum of research ethic
fiable information and what is de-identified and committees across the world. Some countries
anonymized. The problem today is that with all the have very devel-oped research ethics committees,
ways available to link information, we proba-bly while those in other countries are not quite as
cannot completely anonymize or delink all the developed, and so we recognize this and we put it
information. This is particularly true when we have down on paper as well.
genetic information about individual pa-tients, as We also think it is important to think about gov-
that is a very specific fingerprint that would ernance. How is this data being managed, whether it
identify individual patients. be fluids, genomic data, or digital information?
Since we probably cannot completely ano- How is it going to be handled; who is going to be in
nymize or de-identify information with todayʼs charge; and who is going to be held accountable for
technology, we also need to think about what we the management of this information? So we think it
have always traditionally thought and relied on— is important to consider these issues going forward
that if we pool all the information and remove all that go beyond the ethical considerations of health
the labels it is okay, the information cannot be databases and biobanks.
linked back to a certain patient or individual. With biobanks, again, this is not just informa-
This is not true anymore. tion but also tissue and fluids. Many of the same
We also have to think about consent. We are very issues come up as with digital information, but
comfortable in medicine about getting in-formed there is an additional dimension when you talk
consent from our patients. But in the world of about tissue, body fluids, and blood.
databases and biobanks, where we may collect We were especially concerned about the han-
information today in 2017 but not use it for anoth- dling and transfer of materials. I can tell you that
er 10, 20, or 30 years, the consent issue is very from the perspective of Africans, based on their
different. If I obtain the consent of my patient in long history of being exploited, they are very con-
2017 to use their information or their blood, what cerned that people or countries or industries will
happens if I discover a new purpose to study their come to Africa and take advantage of the African
blood or information in 20 or 30 years? How do I peopleʼs poverty and maybe lack of sophistication
get their permission in 2017 for something that may and they will exploit their population, particularly
happen in 20 or 30 yearsʼ time? This is a very in taking biological materials. That is why it was
challenging issue that we need to deal with. important that we state in our Declaration to be on
What we said was the cornerstone of how we in guard against the kind of exploitation that African
medicine should handle this, is through research people are concerned about.
ethics committees, because almost every country Next is security; we already talked about this.
has a process where medical, ethical and legisla- It is very critical that our patients know that we
tive experts come together and create research eth- are continuing to be the best stewards possible of
ics committees. These committees set a sort of their data and keeping it secure and private.
golden standard on which everyone in healthcare
20
（Slide 7）
Instead of Looking for a Needle in a The Open Health Connect Approach
What is An Application? • App Teams or data scientists

Haystack The Tip:
The UI, the functions of the
only focus on the tip
• “Below the water” O&M is
App or logic of the analytics
Let me switch gears to say that we are very ex- The Middleware:
Supporting software to make
the App Openoranalytic Healthrun.
shared across the eco-system
• Data duplication is minimised
Connect Platform • Single consistent security
cited about the current level of technology and what The Infrastructure:
Hardware/servers
model
• Provides an environment for
The Current State of the Enterprise…. pluggable frameworks
we can do with the data once we have all the • Everyone builds
• Sharing of data and code
their own iceberg becomes the de-facto model
from scratch
information collected. I work for a big technology • Everyone provides O&M

for their entire iceberg
• Data is duplicated
across every iceberg
Platform API Data
company with 170,000 employees worldwide. We • Everyone builds their own

security model
• Nobody can share

as a Service
Deploy and Scale my
as a Service
Allow me to leverage
as a Service
Allow me to get and
easily, code is Apps in Real Time by assets for new stream data easily to
do 25 billion dollarsʼ worth of business each year, never reused opportunities my Apps
and so we are developing very exciting technolo-

gies for looking at new methods of analyzing The problem we have in healthcare today is that
data. For example, in the old world of analysis, everybody is building their own iceberg. They are
we would take a hypothesis and test it against the building all these icebergs and repeating this bot-
data. I have a hypothesis, drug A is better than tom part (below the surface). What we think we
drug B, let me ask the data. need to do is pool our resources and have a much
In the new world of analytics and business ma- more common base under the surface of the water.
chine learning, we believe we are going to have We can still have very individual tips that are vis-
the data speak to us, telling us things through ible above the waterʼs surface, but we should not be
asso-ciations and patterns that we would never rebuilding our icebergs underneath the water over
think to even ask the data. This is an exciting and over again.
new opportu-nity and it is like instead of looking We are very excited about a new technology
for a needle in a haystack, making the needle that would build a single infrastructure
show itself out of the haystack. underneath the surface of the water but still allow
This method will be much faster and simpler the individ-ual tips above the surface to be used.
than going through the entire haystack looking This is a pro-cess we call “Open Health Connect”.
for the needle. This is one of the technologies we It is a lot like where we are today with cloud
are very excited about. computing, where everything gets done as a
service. Platforms as a service, what we call API
Open Health Connect Approach (that is, “application process interface”) as a
Another issue is that we need much more in- service, and then is how you connect in and out
teroperability of the data that we have. We need of systems, with data as a service.
data to flow more like water and less like bricks.
All of us that have worked in information Grand Healthcare Platform
technol-ogy have experienced times when So again making the data more fluid, less like
moving data from one place to another was a bricks, is important. We are very excited about this
little like moving bricks—very heavy, very slow, concept of creating a single iceberg under the
very laborious— but it would be much better if waterʼs surface with multiple tips above the water.
data flowed like wa-ter through a pipe. Where this all comes together for me as a physi-
One project that we are currently working on is cian who has worked in health IT for nearly 20
called “Open Health Connect”. Data scientists are years is when I think back three years ago to when I
only focused on the top of an application, the “tip was standing in this room and talking about my
of the iceberg”—the part you can see above the views on health information technology—and I may
water, but below the surface there are also ele- have shown these slides, so my apologies for those
ments such as middleware and infrastructure of you that were here three years ago—but I still
(Slide 7). believe this is where we are heading: we are
21
The Future Better Information for Better Health Care Decisions

Interconnected, Private, Secure Health Information Exchange
QUALITY OF CARE IS IMPROVED WITH BETTER INFORMATION - SAVING LIVES AND MONEY
Physicians, Nurses
PMS, EMR
Specialist
Patient
PMS, EMR
Patient Health Record Routine Care Patients make better decisions
Specialty Hospital Physicians make better
Self Care CPOE, EMR, ERP PACS
about their care, their
decisions for their patients
Care physicians, and their health
Payer Acute Care
Payer System Claims, Eligibility,Grand Healthcare
Platform Lab Testing Lab
Formulary L abSy stem System–M isy s
Lab
FDA/CDC Preventive Domain Government makes better decisions

Expertise Professional
Adverse Event Database Care about quality of care, biosurveillance,
Bioterrorism Surveillance Product Society
Chronic Care Performance and utilization, integrity and transparency
Treatment
Registries Evidence
Guidelines
Service Company Manufacturers
Disease Management Pharma/Medical
Devices/Surgical
going to build a Grand Healthcare Platform in the gy in healthcare is to provide better information for
center for healthcare (Slide 8). better healthcare decisions (Slide 9). As I said, I am
This platform will be a virtual pool of informa- a physician who loves technology but not be-cause I
tion. It will not be one hard drive, one big data like the bytes and bits and boxes. I do not write
center that we are going to put everything into. code at night; I do not make applications on
The data will be federated, which means that it weekends. I am simply a doctor who wants tech-
will stay where it was created. We are not going nology to help me take better care of my patients.
to put it all in one place. But once we have this The way I think technology will help me take bet-
virtu-al pool of information at the center for ter care of my patients is by providing better infor-
healthcare, everyone participating in healthcare mation for making better decisions.
will be able to contribute to and extract Everybody in healthcare will make better deci-
information out of the pool. sions with better information. Patients, doctors,
Everybody around the circle—physicians, nurs- governments, payers, and researchers will all
es, specialists, hospitals, laboratories, medical so- make better decisions with better information. It
cieties, manufacturers, governments, payers, pa- is the role of technology to deliver the right
tients, and citizens—will all contribute to and informa-tion to the right person at the right time.
extract data from this pool of information. I think That is the really exciting promise of what we are
we are very quickly heading towards this system, talking about in health databases and biobanks.
and these little gold arrows are very secure pipes, I want to again thank the Japan Medical
with strong security for going in and out of the Associ-ation for your kind invitation. It is always
pool. This is where we are heading. I am excited a plea-sure and a privilege for me to travel
about this future because the pool of information is around the world and hear what is happening in
going to become very rich with health databases healthcare from the frontlines. Thank you for
and biobanks adding to it. your attention. I hope this information will be
helpful, and I am happy to answer any questions
Better Information for Better Health-care in the Q&A ses-sion.
Decisions
Finally, it is my belief that the role of technolo-
22
◉ Lecture 2 ◉ Personal and Private Big Data: Genomes and Health Records
◉ Lecture 2 ◉
Personal and Private Big Data:
Genomes and Health Records
Ju Han Kim
（Slide 1）
I was previously here 13 years ago, so today is
my 13-years-later presentation, with a slightly I have sequenced my genome!
dif-ferent topic about health data. The title of my
talk is “Personal and Private Big Data”. I use the
word “personal” because, as you all may have
seen in the previous two lectures, although the
data has great value, it also has risk, and we need
to deal with that. The reason why we have risk is
that the data is personal—and even private—so
we may need to develop a strategy to deal with
both these complex, contradicting issues.
I will start by briefly introducing the .. with my twelve students
complexity of genomic data, on which my your genome sequence at all because it is in you.
research focuses, and then explain our pilot Genome data contains even more information than
system, which is intend-ed to orchestrate balance your entire medical record, especially when you are
between the risks and benefits of using this very in a healthy state. It is valuable, and the cost was
sensitive and very vul-nerable data. initially very expensive but is now below a
For this reason, the title includes “Genomes thousand dollars, so there is no reason why we do
and Health Records.” If I could add one more not integrate this genomic data into patientsʼ
type of data then it would be LifeLogs, which are health records. But it is very tricky.
being used by many members of the public. For So I decided to sequence my genome in 2011,
the first time in the entire history of medicine, when it was still very expensive, and I gave my
patients themselves have started to generate and genomic data to my students for them to try to find
use their own data using lifelogs. Thus LifeLogs out something about me from my data. The first
should be added to this complex system. genomic site that was interpreted was Chromo-
some 15 (Slide 1). They were all “A”s. So I have an
I Had My Genome Sequenced! AA genome type. The first step when you have
I will start with my personal experience con- identified one genome type from your genome is to
cerning my genome. Genomic data is extremely link your genome type to your database.
sensitive. As was shown in previous talks, genom- Here is the population structure of AA genome
ic data cannot even be anonymized. It is identifi- type among Han Chinese in Beijing (HCB) and
able, plain and simple. You cannot even change Japanese in Tokyo (JPT)� , which represents my
23
（Slide 2）
ethnic group very well. This data says that when
I am one third, my type of person may be found
in one third of the whole population of my ethnic
group.
You then link this data to some knowledge base
and find that I am a fast caffeine metabolizer—
which has been a well-known genome type for a
long time—and then eventually you link this data to
literature. One German article says that this type of
person—the genome type, by the way is on the
cytochrome A2 enzyme—is well-known to be a fast
caffeine metabolizer. They have done some clinical
research and have found that this type of person, ter than you because today hypercoagulability is
because they can metabolize caffeine very well, more of an issue than bleeding tendencies. Many
high levels of caffeine consumption does not of you may have to take anticoagulants to prevent
increase their cardiovascular risk. So at least the you from prothrombin events, especially in old
test had some positive implications in that respect. age. So slightly lengthened bleeding-time is not a
I am encouraging all my students to sequence health risk; rather, it could be a benefit.
their genomes, now that it is affordable. I am go- What happens if I take a new oral anticoagulant
ing to give you one more interesting example drug such as Rivaroxaban (Xarelto), which is a di-
con-cerning my genome which is both terrifying rect F10 inhibitor? If I take a F10 inhibitor, it will
and valuable, as well as revealing (Slide 2). I have lower my functional activity to 30, which means
found that I have Coagulation Factor 10 (F10) in- that I could be killed at any time. It is a terrifying
hibition. Coagulation Factor 8 deficiency is the risk. Rivaroxaban (Xarelto) is a blockbuster drug
cause of hemophilia. F10 deficiency is extremely which has 13 million prescriptions in the United
rare; there have been only two cases reported in States alone. I have researched the lawsuits against
the world. this drug on drugwatch.com. You do not want to
But I found that one copy of my F10 has been see this kind of TV ad: the Waldman Smallwood
lost. This type of inhibition is loss-of-function in- law firm called for those who have experienced bad
hibition. So I lost one F10 copy. If I had lost both side effects from taking the Xarelto drug to contact
copies, I could not have been born, because them. For this one anticoagulant drug, Ri-varoxaban
bleed-ing could not be stopped at all. So it is (Xarelto), there are currently 7,400 lawsuits filed,
okay, I do not have any bleeding tendencies. But and they will be resolved this year in Louisiana
one of my laboratory physicians took me to her court. Taking such drugs could be very dangerous.
lab and mea-sured all factorial activities. All my
blood coagu-lation factors are okay—showing The frequency of my type of F10 inhibition is
100% function activity—except for F10, which one in 167. So within this audience, at least one
shows 67% of normal activity, which is below person may have a similar problem as me, which
the minimum lim-it (which is 74 at my hospital), means about 760,000 people in Japan—not a small
and my prothrom-bin time (PT) is 12.3 seconds, number. One interesting thing is that the indica-
which is above our upper limit for PT. tions for the prescription of this drug have nothing
It is clear at a molecular level and functional to do with coagulopathy; rather, the main prescrip-
level as well as physiologically that I have thin tion indication is atrial fibrillation for elderly pa-
blood. So my bleeding time is longer. What the tients to prevent thromboembolic events. So peo-ple
implication here is, is that I may have evolved bet- who are older than 80 have an almost 20%
24
Era of Personal Pharmacogenomics

Inhibition of FXa activity by increasing yields of Rivaroxaban
160
140
120
100
F10 (U/dL)
80
R² = 0.9994
R² = 0.9829
60 R² = 0.9826
40
R² = 0.9757
20
0
0 5 10 15 20 25 30 35 40 45
Rivaroxaban (pg)
Control Case 001 Case 002 Case 003
chance of having atrial fibrillation, and so their pranolol and Betaxolol. But her scores for many
physician will prescribe this drug to them and one other drugs were within the normal range of
in 167 will be killed without anyone knowing what scores. Why would you prescribe this particular
has happened. I posted a message on my Facebook drug to this subject if you knew she has a particu-
page to all my physicians saying, “Could you lar mutation on these pharmacokinetic genes?
prescribe me an F10 inhibitor drug if you knew my I have created a smartphone app for her and that
genome type?” No one answered. shows her genomic sequence and CCR (Continui-ty
It was an exercise; I do not conduct full-blown of Care Record) and recognizes prescription sheets
experiments on myself or others. The functional and checks them for signs of risk for her to show to
activity of others who took the drug fell from 100 her physician. I have said to her, “Wow, these are
to 60, which is the therapeutic target for functional very important pharmacokinetic genes related to
activity while the drug concentration is increasing more than 200 drugs, so what happens to you?” Her
to the therapeutic level (Slide 3). My functional ac- answer was, “Professor, I take just half of the drugs
tivity level started at 67 and fell to below 30, which I am prescribed because I have expe-rienced so
means the drug could be toxic to me. many side effects.” After a pause, I re-plied, “You
Regarding adverse drug reaction (ADR), which did a good job.” This experience is actually
is the fourth leading cause of death in the United changing my beliefs because it is an issue
States, there are 2.7 million severe adverse reac- concerning compliance. Patient should take their
tion cases in the United States alone, from which drugs according to their physicianʼs instructions or
128,000 people may die, and the additional costs prescriptions, but in cases such as this, we may
of these drug side effects on par with the cost of have to be more cautious.
cardiovascular disease. It is a huge problem. Interpersonal variability is a very big issue for
How-ever, we may be able to manage this big data. If you integrate old personal big data,
problem by knowing interpersonal variabilities. you can tailor your diagnosis and therapy to indi-
vidual patients. Interpersonal variability is some-
Era of Personal Pharmacogenomics thing that has not been integrated into current
Slide 4 shows examples of 22 beta blockers; the medical practices.
lines are the scores for my students and me. This
particular female student, the red line, shows very LifeLogs
low scores for Propranolol none-selective and I have briefly touched on the importance of the
Betaxolol selective beta-blockers, which means she genome in this era of “precision medicine” (Slide
has a mutation on her cytochrome 1A1, 1A2, and 5). As I mentioned at the beginning of this talk,
3A5, which are the major enzymes for Pro- LifeLogs will be a problem. Patients, for the first
25
Health Avatar on CDM on MDR/FHIR

LifeLogs!
Data Partner
Proprietary Adminstraton
EMR Hospital A Hospital B Hospital C
EMR
Regulation Hospital-centered
K-CDM
분석수행
결과
분석
질의 보안
Query
Constructor/
Analysis Code
Research
DW DW DW
자료 습득 eCRFs
FDA Metadata-Validation 폼 생성
Ontology-enhancement
Data indexing
Clinical research/trials
Databases
Protocol
Creation
BioEMR 임상연구
Clinical
XNet
Community Dr.-centered
CareNet
간호/케어중심 Agents
Pt. participatory
BMeSH: Biomedical
Avatar Metadata Standard
5 Pt.-centered for Health
time in medical history, have started to collect their son because he made his own genomic data pub-
own data and let the data work for them. The types lic, and the sonʼs argument was, “You and I share
of data are ever-increasing and should be in- half of the same data. You do not have the right
tegrated into patientsʼ health records very soon. But to release my data.” That is the reason for the
LifeLogs are outside the medical system. As law-suit. So genome data is extremely tricky to
doctors, we do not have control over LifeLog data. man-age in our healthcare system.
Here I have a question for all of us. My LifeLog
works for me at my cost without any preservation. Health Avatar on Common Data
For the first time in the entire history of medicine, Model
the patients themselves have started generating I observed two themes in the first keynote speech
their own data. Before that, doctors created pa- by Dr. Yamamoto. One is the centraliza-tion of all
tients' data on their behalf. What about our health healthcare information data in a single repository.
records? Health records are stored in our EMR The other is the creation of a distribut-ed system
system; they sleep for long periods of time and are which was a sentinel system for Japan. We have a
only awakened when the patient visits their physi- similar system K-Sentinel, and we have created a
cianʼs office. Health records then work for the pa- Common Data Model from different hospitals,
tient for a short duration—of course, in a very ef- although different hospitals have differ-ent data
ficient manner—and are then closed and sleep structures (Slide 6). When we supplied the Common
again 24/7. I would like to make health records Data Model, named K-CDM, they trans-formed the
alive, make the medical data inspire and work for data into a Common Data Model that is currently
the patient 24/7. used in 12 hospitals and that can be used for
Genomic data is even more complicated. There pharmacovigilance surveys, which are con-ducted
is no way to store your genome data. You cannot for governmental use to ensure drug safety. This
store your genome data in one particular hospital medical, EMR system serves hospital presi-dents
because you cannot see or use the data when you and administrators. However, I realized that as yet
are in a different hospital. But you cannot distrib- there are no, or very few, systems designed to serve
ute all of your genome data to many institutions physicians and patients themselves.
because it contains very sensitive information, We have created a physician-centered applica-
like mine does. It is inherently identifiable, and it tion. While the EMR system is an institution-cen-
is not just personal or private data, it is also tered information paradigm, we would like to cre-
family data, so it is shared. ate physician-centered information for each
Actually a son of Nobel laureate, James Wat- different specialty, such as cardiology and ne-
son, his assistant, has filed a lawsuit against Wat- phrology, and then allow users to communicate
26
Patient-centered Integration of Health Records Perspective: Patient-centered Integration

food
Health Avatar (관련연구, 미래부 NCRC (2010~2017)) work
PHR + Genome + LifeLog ClinicA

Pharmacy A 산학연!
Pharmacy B
Fittness
ClinicB
ClinicC Pharmacy C
genes
Integrity
market
Open Innovation
Env.
deli
using personal devices such as smartphones. Records

Phy-sicians can create their own networks, and We have tested this kind of system and my proj-
patients can create their own networks. ect is “Health Avatar”, which involves making your
Currently, the paradigm is that physicians who smartphone your surrogate: having your ava-tar
are doing different jobs in different specialties work for you, meet your doctor, see your nurse or
have to use the same information system simply pharmacist, and collect other second-hand in-
because they are working at the same hospital. formation from the cyber environment (Slide
But my opinion is that it might be better for 7).“Health Avatar” provides uniform access, en-abling
physicians who are doing the same job—even if users to read and input personal big data, which is
they work for different institutions—to share the their medical record, genome, and LifeL-og all
same infor-mation system. We have divided the integrated into the one smartphone app.
system into separate information systems for Patient-centered information is possible
individual spe-cialties and have linked these because you now have smartphones, which
specialty-based clin-ical information systems to provide uni-versal device programs (Slide 8).
multi-centered clinical research. We would like Each pharmacy or clinic can send you data
to integrate clinical re-search and practice. concerning you and then this can be expanded to
The big difference here is that there is no cen- aspects of everyday life such as food, LifeLogs,
tralized repository at all. Each data type is fitness, and environ-ment.
located at the appropriate location for that data. This type of integration enables you to under-
Hospital data is located in the hospital: physician take open innovation because it provides you
data is located in the physicianʼs iPad app: with a unique, uniform view of your data
patientʼs data is located and stored in the patientʼs structure, that third-party players such as artificial
smartphone; and so on and so forth. intelligence and decision support parties can
There are two different paradigms. One para- provide through an open API to uniformly read
digm is collecting all the data in a central and write your data to give you a certain service.
reposito-ry and protecting it with very strong
security de-vices, but data is not easy to protect Physician-centered Information
once it is collected. It is my personal belief that System
the best way of protecting privacy is to keep data Finally, as I mentioned, we found that physi-
spread amongst different locations. cians themselves need physician-centered infor-
mation systems, so we first of all implemented this
Patient-centered Integration of Health type of approach in the “Hemodialysis Net” (Slide
9). Hemodialysis is a good place to start because
27
Avatar Beans Avatar Beans

Avatar Beans and DialysisNet (인제대백병원, 서울대, 강의내과 혈액투석실)
Avatar Beans: 만성 콩팥병 환자의 혈액 투석 관리를 위한 앱
DialysisNet: 혈액투석실 관리를 위한 의사용 스마트패드 앱

Health Avatar, XNet • 인제대 서울 백병원
Hemoglobin level fluctuates
• 강원 대병원
• 인제대 상계 백병원
• 경주 동국대 병원
• 건양대 병원
• 이대목동 병원
• 파티마병원
• 측추병원
• 곽내과의원
• 을지대 병원
• 부산대 병원
the practice of hemodialysis is standardized all making decisions together with their patients and
over the world. Patients visit the clinic two or so on.
three times a week; it is very data intensive; and We have extended usage of this distributed
it is a disease of the elderly, and so the healthcare app, so currently in South Korea, we have about
costs for chronic kidney disease is ever-increas- 15 ma-jor hospitals and clinics using the app,
ing. I heard that Taiwan spends 8% of health ex- which actu-ally shares the same structure base as
penditure on hemodialysis. We therefore created the Common Data Model for pharmacovigilance
a system to test this kind of paradigm. I showed you previously.
Slide 10 shows the app for physicians. Physi-
cians have all their patientsʼ data, and each Pharmacovigilance
patient has their own data; physicians can send So the same system, same structure—which is
data infor-mation such as hemoglobin, a distributed one—serves two totally different
pro-poses: for clinical practice, and for govern-
potassium, and calci-um—the most important
ment-driven pharmacovigilance for drugs and in-
information—to each patient and it will be fections. The advantage of this system is that you
displayed and managed by the patient. are able to manage the whole clinic. Individual
We started three years ago in our own hospital, patientsʼ data can be compared to the average
and currently we have 15 major hospitals using this data of 100 hemodialysis patients, which makes it
system (Slide 11). The advantage of this is that eas-ier to persuade and educate your patient.
medical staff can perform rounding with all of the
information stored in this system and the informa- We have had experience with this. Slide 12
tion can be sent to patients and used by doctors in shows a drugʼs classification. Hemodialysis is the
28
Hemoglobin drops
Avatar Beans for Patients

Colorful Clinical Avatars
 Clinical Problem-oriented applications
 Avatar Beans & DialysisNet


 Avatar Jr. & KidsNet

 Pink Avatar

 Avatar Gold & OncoNet

 Avatar Fit & ArthroNet

 PsyBase 2.0, Avatar BeWell & CareNet
16
most standardized practice, so the drugʼs classifi- if you have big data that is managed well, you
cation provides standardization of all your analy- may be able to respond to a pattern of data
sis and displays your laboratory results, which in- without knowing the underlying reality.
clude about 100 items. We have created a system covering all these as-
We incorporated all these in the program, and pects and made the Version 2.0 look much prettier
one day a clinic found that average hemoglobin and so on (Slide 15). Gradually we have expanded
levels at the clinic had gone down, which doctors this system from the dialysis unit to pediatric can-
had never known to happen before the introduc- cer, breast cancer (Pink Avatar), colon cancer,
tion of this kind of system (Slide 13). It was a big sports medicine, ArthroNet, and psychiatry, which
problem, so we researched every event that had is my specialty (Slide 16). We are attempting to
happened at this particular clinic two years ago, reorganize our computing paradigm for each spe-
and we found that a new drug had been cialty-based, physician-centered computing para-
introduced at around that time. digm. Eventually we will have a platform, and so
We did not have any evidence that the drug we would like to orchestrate interplay amongst
caused this kind of problem, but the salesman had smartphones and iPad apps and servers. We have
said you have to wait for at least three or four created a health avatar platform where you can plug
months and so on and so forth; so the clinic just in your personal patientʼs avatar—which is
stopped using the drug without confirming a caus-al composed of your genome, your LifeLog, and your
relationship because low hemoglobin levels were a medical records, which are logged in—and the
disastrous condition, and hemoglobin lev-els went physicianʼs system, which is also logged in, and
up again (Slide 14). It was a lesson for us: they will interplay with a secure platform in a
29
3
IoA for Health:
Internet of Avatars, Agents and Apps
Your Genome
Personal
Health Record Lifelog
Health Avatar Personal & Private
Health Avatar
Big Data
Distributed Agents
Open API
Avatar Platform: SNS-like Platform for Avatars, Agents, and Apps
Log 人 to the Facebook of Distributed Serive Bus

Resource
management
Data protocols
Avatars and Agents Knowledg

ebase
Biomedical
Informatics
Tech. Infra
18
…
Doctor’s App
EMR
Hospital-centered
병원 의료원 보건소
XNet 빈즈 쥬니어 핏 골드 블루 마인드 나비 핑크 리햅

Dr-centered
시
연 Avatar
Pt-centered
!
CareNet
Care-centered
CareTeam CareTeam CareTeam
verifiable manner. Then, as I mentioned, third clinically relevant data supported by data technol-
par-ty players can provide intelligent clinical ogy to build clinical and patient applications that
decision support apps (Slide 17). can be uniformly connected based on this data
technology.
Internet of Avatars, Agents, and Phy-sician We are trying to build a community-wide pro-
Apps gram, and I realized that we need another layer,
In imitation of IoT, “Internet of Things”, I have which is for caregivers. Caregiver-centered infor-
named our concept the “Internet of A3”: the Inter- mation systems are also required. Clinical research
net of Avatars, Agents, and physician Apps (Slide about multi-centered information for each center
18). Our aim is to create cyberspace counterparts of can be supported by this kind of technology.
our activities in the real world. Agents can be What I realized was that the current EMR sys-
supported by such programs, and we have already tem is merely an institution-centered information
developed many (Slide 19). system, but not a system for all of us. It is not a
In summary, hospitals have built their own pro- physician-centered or patient centered one (Slide
prietary systems, but these are primarily designed 20). One solution does not fit all. We need physi-
to serve their own institution. However, once a cian-centered information systems and pa-tient-
system is transformed into a common format, it can centered information systems, as well as
be used by government agencies without cen- community-centered information systems, in the era
tralizing data, as in the Japanese central program of personal and private big data.
(see Slide 6). In Korea, we call this system “K-Sen- Thank you for your attention.
tinel”. From the managed data, you can pull out
30
◉ Lecture 3 ◉ Development of the Taiwan Health Information Network and Health Cloud
◉ Lecture 3 ◉
Development of the Taiwan
Health Information Network
and Health Cloud
Heng-Shuen Chen
Assistant Professor, School of Medicine, National
Taiwan University
Development of Taiwan Health Infor- The purpose of this project is to return health in-
mation Network formation to citizens. Personal Health Records
To begin, I will give you an overview of the (PHRs) subsequently become a major issue in de-
de-velopment of the National Health Information veloping the national Taiwan Health Cloud (Slide
Network (HIN). In 1988, HIN version 1.0 was 1).
made for public health administration and health In HIN ver. 1.0. for health insurance manage-
insurance management. At that time, there were ment, we had three major regional centers—in
only labor health insurance and government em- Taipei, Taichung, and Kaohsiung—and these
ployee insurance schemes. cen-ters were connected via network (Slide 2).
The National Health Insurance system started In HIN ver. 2.0, we incorporated EMRs and
in 1995. In 1999, after the Internet become very medical images. Medical information and images
pop-ular, Taiwan started to develop electronic are stored on National Health Insurance Agency
medical records (EMRs). Subsequently, with the servers and are connected by virtual private net-
aim of developing a medical image exchange works. Other medical information application
center on the network, the HIN version 2.0 was shared among hospitals and clinics is on the
introduced around 2000. In 2001, National Inter-net (Slide 3).
Health Insurance IC cards were launched, and At the National Health Insurance Agency, there
many Internet appli-cations were later developed. is an Electronic Medical Records Exchange Cen-
In 2008, the Ministry of Health and Welfare ter with an index server, and hospitals can
started the National Health Informatics Project. connect to this exchange center (Slide 4).
31
Benefit of Electronic Medical Records applications.

When a physician wants to retrieve a patientʼs In the past, our medical records were paper, but
medical records from another hospital, they just now we use paperless, electronic document for-
use their health provider IC card in combination mats. For example, in 2014 the National Taiwan
with the patientʼs health insurance card. They ob- University Hospital created 160 EMR documents,
tain authorization to access the EMR and medical eliminating the need for 8,017,120 paper pages
images from the other hospital (Slide 5). (which pile up to a height of 110,214 cm), 175
The health provider IC card is for not only square meters of storage room, and 800 laser
phy-sicians but also other healthcare print-er cartridges.
professionals such as nurses, medical There are seven stages of EMRs, starting from
technologists, and even psychologists or just automation and digitalization, then sharing
nutritionists. If a health provider needs to input within the same institution, and then sharing
information into a medical docu-ment or make a among different institutions. The highest level is
medical record, they must use their provider IC sharing among different specialties. Patient-cen-
card in order to make the elec-tronic signature. tered integrated data is provided.
Slide 6 shows the current Taiwan National Health Currently, the Taiwan Health Cloud Project is
Information Network. There is a virtual private trying to integrate all the PHRs from different
network (VPN), which is a cloud under the government agencies―the Health Promotion
National Health Insurance (NHI). The Internet Data Cloud, etc., from the Health Promotion Agency; the
Center (IDC) connects hospitals and the Na-tional Medical Cloud, which comprises different hospitals
Health Insurance Agency. They are other and clinics under the National Health In-
32
surance Agency; the Disease Control Cloud; and and robotics in performing surgeries. For both
the Care Cloud, which is for long-term care and out-patient and inpatient chemotherapy, we use
disabled people. The care and services can be smart chemotherapy management (Slide 8).
con-nected. This integration effort is still in the There are many physiological data devices.
begin-ning stages. Data can be collected by using compatible proto-
cols. We have physiological data gateway, which
Taiwan Smart Healthcare is connected to the cloud and shares data among
Smart healthcare uses Information and Commu- the care providers (Slide 9).
nication Technology (ICT) to promote patient The previous speaker mentioned hemodialysis,
safety, medical care quality, and healthcare ser-vice and in Taiwan hemodialysis accounts for 8% of
efficiency. Patient engagement is becoming more healthcare expenditures. It is very important to
complex in our rapidly aging society. The increased im-plement good hemodialysis management
healthcare needs and lack of resources are forcing (Slide 10).
us to make some changes.
The advantage for Taiwanʼs smart healthcare Big Data + Open Data + My Data
in-dustry is that we have strong ICT and good First, we need to collect all the health informa-
medi-cal care. There is a huge hospital market: tion and create big data. We then need to make
100,000 hospitals globally, 500 in Taiwan, and this big data available to all healthcare providers
25,000 in China. and citizens. PHRs must become open data, then
Currently we use automation and many e-pre- “my data”.
scription systems (Slide 7). We use many monitors Here is an example of big data. In Taiwan, all
33
（Slide 15）
the hospitals need to provide their real time ICU
bed information so that we can know in an emer-
gency situation which hospital to send the ambu-
lance to.
The future is ABCD, Analytics, Big data,
Cloud computing, and wearable Devices.
Alongside dis-ruptive technology―the most
innovative technol-ogy, according to McKinsey
& Company―the mobile Internet, knowledge
management systems, cloud computing, and the
Internet of Things (IoT) are ranked the top.
Wearable devices are becoming very small.
This one may be available on the market (Slide its. Usually for a chronic disease patient, I might
11). It features many functions: emergency calls, see the patient once every three months. But what
fall detection, heart monitoring, and even sleep happens between these visits? We still need to
detection (Slide 12). make efforts such as lifestyle modifications or
I myself wear a device here. You can see how I health education, and so this device can be useful
slept well last night because I was treated by the (Slide 13).
JMA president to a very good dinner―I can There is still a lot of hype about the Internet of
show you on my smartphone. Things (IoT) (Slide 14). This innovative technolo-
This device can be used between healthcare vis- gy has several stages. IoTs are still at the peak of
34
expectations. Wearable devices are very useful mation Network (NHIN), useful applications for
(Slide 15). PHRs can be developed (Slide 18).
We currently have two kinds of PHR: My Health
Personal Health Records in Taiwan Bank and PharmaCloud. Citizens can use their
I will now talk about the elderly problem and health insurance card and go to the website to
the integration of long-term care into personal download their own personal health records from
health records. In Taiwan, aging of society is the National Health Insurance Agency (Slide 19).
pro-gressing very fast, and will peak in 2060. Physicians can also access a patientʼs PHR when
These are the problems (Slide 16). he/she visits the clinic or hospital. The provider IC
In 2000, 10% of the elderly accounted for 25% card, used in combination with the patient IC card,
of total healthcare expenses, but by 2025, they can access not only the patientʼs health records,
will account for more than half of total healthcare including medication records and laboratory ex-
ex-penses. amination results, but also medical images.
PHRs can be retrieved from electronic health
records (EHRs), which are patient-centered. Development of the Community Med-ical
EHRs are collected from different hospitals and Group
clinics, while electronic medical records (EMRs) In 2000, we developed the Community Medical
are kept within the one institution (Slide 17). Group (CMG), and in 2001 we further developed a
At a national level, PHRs can be retrieved and Community Healthcare Information System for this
collected from different government agencies or the group. In 2009, we developed the PHR Work-ing
private sector. With the National Health Infor- Group of the Taiwan Association of Family
35
Medicine (TAFM). I was the chair of this form a CMG.

working group. In 2016, we developed a multi- In this information system, we have the proto-
dimensional consent structure. type for the PHRs, including inpatient, outpatient,
In September 1999, a great earthquake struck emergency care, medication, and preventive ser-
central Taiwan. After the disaster, we found that vice records. We also have the electronic referral
all the health records had been destroyed and we system. This is a bi-directional referral system, so
needed to rebuild. primary care physicians can access the informa-
To reform the community health system, we tion when the patient is admitted to hospital or re-
de-veloped the CMG to restructure the destroyed ferred to a specialist.
health system. We used family doctors and the The PHR prototype, which was introduced in
Healthcare Information System to achieve this 2000, includes demographic data, a chronic/active
purpose. problem list, medication, food allergies, outpatient
A CMG comprises 5 to 10 primary care physi- care, hospitalization, emergency service visit re-
cians in community hospitals, and its function is cords, consultation and referral records, and im-
not only providing medical care, but also provid- munization and preventive service records.
ing a 24-hour call center for consultation
services, as well as integrating medical care with 2010 Personal Health Record Guide-lines
communi-ty medical education and sharing care
among pri-mary care physicians and community The TAFM PHR guideline was created in 2010.
hospitals. Medical centers and medical schools These have a multi-dimensional guideline struc-
support the system. ture. The first dimension is the natural history of
Our Community Health Information System has disease. This is related to preventive medicine. In
clinical, academic, public, and private databases for the beginning there were three stages, but we ex-
providing health counselling, emergency med-ical panded it to four stages (seven levels) (Slide 21).
care, and appointment registration. Citizens can list We provide a continuum of healthcare in differ-
their family physicians. Under this system family ent healthcare settings, from preventive to emer-
doctors can share health information with other gency, acute care, sub-acute care, long-term care,
group members (Slide 20). and terminal care such as hospice care. The third
This system now has over 400 CMGs with over dimension is holistic care: bio-psycho-socio-spiri-
3000 family doctors throughout Taiwan. They are tual. The fourth dimension is related to long-term
not all family medicine doctors. About two-thirds care. Assisted living includes six categories. Other
are specialists in other fields and are practicing dimensions include age, sex, and risk factors.
primary care. Such doctors can get together and These are the 4 stages of preventive medicine
36
（Slide 26）
(Slide 22). We added the terminal stage (end-of-life
care, palliative care, and bereavement care).
For the continuum of healthcare, we use IT
technology to provide telehealth or remote moni-
toring (Slide 23).
Holistic care is patient-centered, involves the
whole community, and is based on the concept of
family medicine (comprehensiveness, continuity,
coordination, accessibility, and accountability)
(Slide 24).
Assisted living has six categories. There are
many assisted living services and they are incor-
porated into our new long-term care 2.1 to this hospital last year. I want to become a grass
programs (Slide 25). roots person to develop a bottom-up healthcare
in-formation system in this area (Slide 26).
Puli Christian Hospital In our current design (Slide 27), we have the
Currently I work in the center of Taiwan. Our Health Information Management Center to cover
hospitalʼ service zone covers 9% of the area of different subsystems in four dimensions: Preven-
Taiwan with only about 0.7% of the population; the tion Stages, Healthcare Continuum, Holistic Care
region has a high altitude and an aged society. This and Assisted Living. We have different settings
is a relatively closed community. I just moved and different personnel. Different personnel pro-
37
（Slide 27）
mation technology, we can develop health clouds
integrated with community medical groups and
integrated delivery systems, which will be the be-
ginning of a capitation system in the future.
Conclusion
What is a capitation system? We now have a
new law called the National Health Insurance
Law. Article 44 of this law states: “To promote
preventive medicine, implement the referral sys-
tem, and to improve the quality of medicine and
treatment, the Insurer should draft the family
vide different services, and so they need to use phy-sicians system. The benefits of the family
this kind of system. physi-cians system should be paid out on a per
As a hospital, we have an advantage because person basis”.
we are the only regional hospital and the biggest This is the “family-doctor-system-per-capita”.
hos-pital in the area, and we provide a very wide The capitation payment system is included in the
range of services, including mobile clinics and law. In future, we hope to provide comprehensive,
long-term care. We can incorporate all the continuous, and holistic healthcare through prima-
services you can imagine. ry care family doctors in communities.
Regarding the future prospects for PHRs, PHRs That concludes my talk. Thank you very much
have empowered the engagement of patients and for your attention.
members of the general public in their own health
promotion and management. With the advance of
wireless networks, wearable biosensors, and infor-
38
◉ Lecture 4 ◉ Health Data: Its protection and better use for the public and patients
◉ Lecture 4 ◉
Health Data:
Its Protection and Better Use for the
Public and Patients
Norio Higuchi
I would like to begin by mentioning the two learn that the law, not the delay in technology de-
things I felt when listening to the experts who velopment, was perhaps involved in the delay of
have given lectures here so far. HIT development in Japan.
As Professor Yamamoto said, ICT development I felt that HIT, the law, and the public awareness
in the healthcare sector in Japan was relatively ad- are all important, and all three need to be promot-ed
vanced until the year 2000—perhaps it was more to build a health information system.
advanced than in other countries. After 2000,
however, the tides changed and so did the situa- From my Experience: Health Informa-tion
tion. In fact, the lectures by Dr. Wah of the United Technology (HIT) is the Key
States, Dr. Kim of Korea, and Dr. Chen of Taiwan I would like to mention a few things I have ex-
have substantiated this, and it made me feel that perienced. This is an anecdote—I have a friend
Japan has to make a stand now. Particularly in Tai- named Murray Katcher, who is a very interesting
wan, where not only is there a universal health in- man. He is a pediatrician, and although I believe
surance system similar to that in Japan but also a he is already retired, he was a professor at the
community-based care system has already been Uni-versity of Wisconsin. When his friend
established, Dr. Kim reported that the information became the Governor of Wisconsin, Dr. Katcher
exchange for this community care is in progress served as his Chief Medical Officer for some
and a form of care called “assisted living” in years as the sec-ond highest position in governing
healthcare is being built. Obviously, a system for state health and welfare, a position similar to the
sharing information is necessary for long-term care, vice minister of the Ministry of Health, Labour
and a more personalized care and help for each and Welfare of Ja-pan (MHLW).
individual is being built. I feel that there is so much I visited Wisconsin for several research projects,
more that Japan can learn from Taiwan as we work and I had an opportunity to ask him various ques-
on promoting our Community-based tions directly. It just so happens that shortly after
Comprehensive Care System. 2000, when I was involved in a medical accident
Another thing that left a strong impression on investigation system, I asked him this ques-tion—
me was the cause of the delay in health informa- “What is the most important thing, and what is the
tion technology (HIT) in Japan. I taught law for key strategy for the state government, to re-duce the
about 40 years at law schools, and Japan was an number of medical accidents?” His an-swer was
advanced nation in the HIT field until around “HIT.” This surprised me because I did not
2000 or so, but has considerably lagged behind in anticipate such an answer. He explained that all
the last decade or two. I was very disappointed to data from accidents must be collected and ana-
39
Health Care IT The Essential Lawyer's Guide to Health

The aim of Health Law in the U.S. Care Information Technology and the Law (2014 ABA)
 "access, quality and cost," this is the
catchword, meaning law should
encourage and support more access
to medicine and better quality of

medicine at reasonable cost.
 To accomplish these three ends,
the most important and reliable
key is DATA HEALTH or Health IT.
1 2
（Slide 3） quality of healthcare. “Whatever care that is

avail-able” is not good enough; healthcare
EHR benefits delivery has to aim for better care. The last one,
  1) enhance care and reduce costs “cost,” natu-rally means that the cost to patients
  2) improve overall efficiency and reliability of health records
  3) interoperability and coordination has to be rea-sonable and should be sustainable
  4) collection of data for epidemiology and clinical research
 5) anonymous data used for resource management, for society as a whole. Balancing, maintaining,
quality improvement and public health
 6) clinical real time access to patient data to support patient care and developing these three targets is what

  7) patients' participation made possible and meaningful lawyers should aim to accomplish—this is what a
  8) improve clinical trials and personalized medicine
  9) increase transparency and reduce administrative costs law school textbook teaches first. This is very
  10) create the new jobs and innovation
 11) support to reform of health care system different from the health law education in Japan,
which pessimistically talks about nothing but
3
how to deal with medical malpractice lawsuits.
lyzed, and this surely convinced me. Ultimately, law education in the US concludes
that the key concept in solving these three targets
Aim of the Health Laws in the USA is “data health” or HIT, although much depends
I have taught about healthcare and the law at law on the efforts of individual physicians. This con-
schools and in other places, and I had some very clusion, too, hit home to even someone like me
good experiences in teaching with Dr. Yasushi Ko- who has poor skills in handling data and comput-
dama, who is a lawyer and physician. He answers ers.
any questions I have about healthcare.
When I started reading casebooks on the US Pros and Cons of the Digitized Health Data
health law, every book I read says that lawyers
in-volved in the health laws or healthcare should Recently, I purchased a book titled “Health
aim to manage “access,” “quality,” and “cost” Care IT” (Arthur Peabody, Jr. 2014) published by
(Slide 1). “Access” refers to better accessibility to the American Bar Association (ABA) (Slide 2).
health-care, namely, how healthcare should be This book on IT put together by the ABA is very
available for anyone—this is a major problem in interesting, and is written in a way that an
America. Obamacare improved the situation to a amateur in health IT, such as a lawyer like me
certain ex-tent, but with the backlash that is who is not a physician, can understand.
currently taking place, no one knows what will It talks about many benefits of developing the
happen. Their sys-tem is very different from the Electronic Health Record (EHR) System (Slide 3).
universal health coverage in Japan. These benefits are similar to those listed in the
The second point, “quality,” refers to better MHLWʼs Grand Design for Healthcare ICT in Ja-
40
（Slide 4）
pan in 2001, which Professor Yamamoto intro-
duced in his keynote lecture, so the ideas are uni-
versal in that sense. In this Grand Design, quality EHR risks
improvement in healthcare and cost saving are at  1) Resistance to the use of technology

the top of the list. IT naturally comes into play  2) data breach and unauthorized
when talking about cost and quality. Improved use with invasion of privacy

ef-ficiency and reliable medical records—I  3) data breach and error resulting
believe these two are essential. You canʼt in threats to the health of patients
remember all the vaccinations you had, right? It
would be a great help if there is a good record of
such information somewhere.
4
So, information sharing and communication are
important, and health data are very important for that can have negative consequences.
epidemiologic and clinical research; therefore, So, is it better to not do anything for HIT? This
health data should be used—and should be avail- is not a matter that should be simply decided by
able—to improve to healthcare management, majority vote, but many people, including
quality improvement, and public health. The use of myself, believe that there are benefits to IT
health data is not just for the public good; it is also development and that things will move in that
for the benefit of individuals. With HIT, my direction anyway. In short, there are many
medical history, including what kind of treatment I benefits to HIT develop-ment, and they are
have undergone, what prescriptions I am taking, diverse. It can contribute to so-cial development,
and what allergies I have, will be all available if I and sooner or later each of us will benefit as well.
fall unconscious or must be carried to a hospital in However, there are two con-cerns that need to be
an ambulance. alleviated: the invasion of privacy due to data
However, there is also a risk in using HIT breaches, and the threat to healthcare quality for
(Slide 4). Listed at the top of the list was that people individuals due to these data breaches.
might resist this sort of technology. The first wave
of resistance might come from healthcare institu- Revision of the Japanese Personal In-
tions, which will be asked to bear the costs. It is formation Protection Act
understandable considering the initial cost in- The revised Personal Information Protection
curred, and I believe some form of aid would be Act of Japan will take effect on May 30 of this
necessary—however, what is really behind their year. So, why was it revised? The Act was first
mind is the fear against advancing HIT. I would legislated in 2004 and was then revised only a de-
imagine that they have their reasons, but there is a cade or so later, so what happened during these
clear sense of fear in general against advancing years is key. Normally, a law is not revised in
technology. such a short period.
Letʼs talk more concretely here. Is it really pos- Reportedly, the way that the Act addressed cer-
sible that someoneʼs private information, such as tain issues was insufficient—but I do not believe
their history of medical or psychiatric care or sex- that it was necessarily the case. Nevertheless, the
ually transmitted disease, will be exposed to the focus of the revision emphasized enhanced priva-cy
public? There may be cases in which the data are protection. The beginning of the Act addresses
recorded incorrectly. Letʼs say, I have an allergy but effective use of personal information and the pro-
the data were entered wrongly or tampered, and I tection of personal information when considering its
was then given a prescription or underwent surgery. use. So, it first lists both the use of the data and
Such error in recorded data is a problem their protection. It would have been better to re-ti-
41
（Slide 5）
tle the Act as the Personal Information Protection
and Positive Use Act, but the original title said
per-sonal information protection only, so New PIPA in fact
 1) Scope of data protection enlarged
everyone thinks that it addresses nothing but 
 Entities with less than 5000 data are now covered.

protection— this is very unfortunate.   2) Establishment of the central agency of data protection 
 3) Data subjects' right to demand disclosure and to consent made
Now, there were two factors behind the revision,  clear with direct enforcement.
 4) Individually Distinct Code is per se personal information which
and one of them began in the EU. There are sever-  could include genetic information.
  5) Sensitive personal information includes health history data. 
al Japanese laws whose creation was externally  6) Anonymization narrowly defined, making the creation of big
data difficult
pressured, but candidly speaking, this pressure is 
 These amendments are influencing badly against the more and
normally from the US. I will skip the details for better uses of health information.
now, but this time, the EU established a set of

5
global standards that define the minimum require-
ments for privacy protection. The 2004 Act already the Act, and this did not meet EU standards. So,
in place in Japan did not meet these EU standards, small businesses are also covered in the revised
so the EU gave it an F-grade. I think that this is a Act. In the healthcare sector, small clinics with
type of interference in the domestic affairs, but fewer than 5,000 patients are now all subject to
there is nothing we can do. So, one reason that the the Act.
Act was revised is to have it meet the EU standards Second, one reason that the Act did not meet
so that the EU gives us a passing grade this time. the EU standards was the lack of a centralized
However, there was another reason for the respon-sible agency similar to the Data Protection
revi-sion, which was actually far more Agency of the EU. Our practice was to appoint
significant. In the first place, EU—Japan trading the main-handling ministries and agencies for
did not suffer from the “failed” Personal differ-ent types of businesses to manage data
Information Protection Act of Japan, so Japan protec-tion—for example, the Ministry of Land,
was not really in trouble. Still, conforming to the Infra-structure, Transport and Tourism for taxi
EUʼs ideas is perhaps an admirable attitude. companies, and the Ministry of Environment for
The second point is the issue of “big data,” which environmental businesses. So, data protection
is lately a hot topic and is what has brought us here was in place but separated. The EU did not think
today. Even the government is beginning to say that this was good enough, so they labeled Japan as
now is the time for “big data” use. The government negli-gent for not having a single centralized
decided to revise the Act to use “big data” better, agency re-sponsible for data protection. The
not only in the healthcare sector but also in all areas Personal Infor-mation Protection Committee was
of industry, as a way to innovation and economic thus created. Can they handle it all? Yes, in legal
revitalization. and formal terms, but practically speaking, I
doubt it and it may be problematic at best.
Revised Personal Information Protec-tion The third change in the revision was to address
Act: Actual facts the EUʼs claim that the right to demand disclosure
So, the Act was revised with the intention of or correction of personal information did not seem
making it easier to use health data and other per- to exist and that no one seems to be entitled to this
sonal data; however, actual result was not so, rath- right. This was simply a misunderstanding on the
er it became too protection oriented. The first part of the EU. Filing a lawsuit against a breach of
change made in the revision was to expand the ar- information or wrongly recorded data was always
eas that are subject to law (Slide 5). The businesses possible through the Civil Code. However, it is
that handled 5,000 or fewer cases of personal in- quite understandable how the EU could have mis-
formation were not subject to the old version of understood because this was probably not ex-
42
（Slide 6）
plained enough. Anyhow, the EU said that the
rights of the patients and the individuals should
be clearly stated, and so they are now. Bad influences against health IT
The fourth change was to introduce the idea of a  Many examples of fear and anxiety, among others:

personal identification code to Japan, which in it-  1) Genomics academics are feeling that their research is
self expanded the concept of personal information. almost impossible, since genomic information may be
 classified as Personally Distinct Code.
Anything that has to do with this personal identifi-  2) Since health history is now classified as sensitive
information, The new PIPA becomes a tremendous
cation code is now subject to the regulations of the barrier against collection of health data.

Act. This raised a major question as to what con-  3) The PIPA covering national hospital and universities
has made a restraint for health research, a bit narrower
stitutes personally identifiable information in the that private universities.
context of genetic data. The currently available
6
answer is that “not all genetic data are considered
personal information,” which is quite ambiguous. is not considered anonymization because the data
So ambiguous that any research involving “per- can be reverted back to its original form. Maybe
sonal” genetic data will need to have consent from the Ministry of Internal Affairs and Communica-
the subjects in advance, which will make things tions was behind this—I really do not know.
extremely difficult for researchers. Anonymized or
not, a study that includes genetic information may How and Why did This Happen?
be difficult if the data in question are consid-ered So, in short, this revised Act will do nothing but
personal. clearly prevent the positive use of “big data” over-
The fifth change was the introduction of the idea all. What happened to the basic policy of revising
of “sensitive information.” In the old Act, there was the law for positive data use? How did this hap-
only one kind of personal information. In the pen? I am only an outsider, so I really do not know.
revised Act, however, a new category of “sensitive The Japanese government is not monolithic; each
information” was created for particularly import-ant department is thinking differently. So, I speculate
personal information. Medical history was added to that a hard-working ministry in charge of protect-
this category at the last minute when fin-ishing the ing personal information thought nothing but of
bill for the revised Act. A medical histo-ry is a meeting the EU standards to serve its own inter-
history of medical and health records. Thus, all ests. They were not interested in the other key pur-
health information can be considered part of pose of revising the Act, which was to help use “big
medical history, and therefore sensitive informa- data” better.
tion. Health data are now so heavily protected that In some cases, the grounds for protection are
the “positive use” part has been neglected in some uncertain, and information is protected simply
ways. This is really difficult to understand. just because protection must be in place. In the
The sixth change was about making anonymized case of healthcare, privacy is surely protected,
“big data” available for use; however, the require- but people might die as a result. This is like
ments for the anonymization are so strict that any putting the cart before the horse—it is foolish.
data that can be reverted back to identifiable infor-
mation under certain conditions are not considered Revised Personal Information Protec-tion
as anonymized. The use of health data requires that Act: Negative effects
the data be traceable. Thus, health data have to Now that the revised Personal Information Pro-
undergo a process called “linkable anonymiza-tion,” tection Act is in effect, some negative influences
which is somewhat old-fashioned, before being are expected to take place (Slide 6). First, genetics
used. However, the revised Act utilizes so narrow researchers will no longer be able to use any ge-
interpretation that linkable anonymization netic data because they are considered to be per-
43
sonal identification codes. I am already hearing scopes, and privacy protection has always been
such a pressing claim from some academic ex- strictly regulated in every sphere, private and pub-
perts. At this rate, I also fear that genomic lic. These guidelines remain, but now the Personal
research will no longer be possible in Japan. Information Protection Act could come into play as
Second, now that medical history is considered a factor impeding research more directly. Health
sensitive information, it will be extremely researchers and many others are concerned for the
difficult to obtain health data, which could be a future development of healthcare.
serious threat to research projects such as new So, the Japanese legal system for personal infor-
drug devel-opment. mation protection is flooded by nearly 1,000 laws
Japan is a crowning example of the Galapagos and ordinances, which is a very strange phenome-
phenomenon when it comes to privacy protection. non—but it would not really matter if their content
In addition to the Personal Information Protection is all the same. Typically, laws are copied, any-
Act, different municipalities are legislating similar way—but, these laws ordinances are not all cop-ies.
laws and ordinances. As a result, there are now I asked someone to check if academic study is
close to 1,000 personal information protection laws exempted from the personal information protec-tion
and ordinances in Japan. Personally, I have never ordinances, and it turns out that about 30% of
heard of anything like this in other coun-tries, but prefectural ordinances and over 60% of municipal
maybe there are instances somewhere in the world. ordinances do not have such clearly stated exemp-
Nevertheless, this situation is clearly rare, and I do tion clauses. A city hospital, city college, or pre-
not know how we have arrived at this strange fectural university in these areas will be subject to
situation. the city and prefectural ordinances, and therefore,
So, what is the result? Now, there are three na- their academic study will be legally impeded as
tional laws for privacy protection in Japan—one well.
targeting the government administrative agencies
that govern national hospitals; one targeting inde- Enactment of the Health Infrastruc-ture for
pendent administrative corporations, which were Next Generation Act
formerly the national university hospitals; and one Now that this sort of legal system has been es-
targeting private institutions, clinics and hospitals. tablished, a different department in the govern-ment
There are some notable differences even among came up with a plan for a breakthrough to solve this
these three acts. Academic study is excluded from situation. Only a law, not guidelines, can act against
the scope of the law per se in the private area, another law, after all. A breakthrough law—
which means that academic use of personal infor- commonly called the Health Infrastructure for Next
mation is allowed in principle. In the area of na- Generation Act, which I have personally named the
tional university hospitals, in contrast, the Act says “landmark act”—was passed by the National Diet
academic use of personal information is permitted on April 28. Unfortunately, hardly any media
but except when these studies involve certain risks. organizations, except the Mainichi, re-ported on it.
So, this exception clause has become a source of Still, this act clearly states that health data can be
concern. The law even states that no ac-ademic legally used for research and develop-ment
study that may damage the interests of in-dividuals involving healthcare, despite the Personal
is allowed. It is not understandable that academic Information Protection Act (Slide 7).
researchers in private university hospi-tals and So, what does this mean for the future? The most
those in national university hospitals are subject to basic framework is very simple. Patient data from
different laws and treatments. each hospital will be collected to create “big data.”
In reality, ethical guidelines for medical re- Now, what is important here is not what happens to
search never exclude academic research in their a patient named Higuchi, but what hap-
44
How we should respond to the new

PIPA from coming June What we should do further?
 Act versus Act 1) Research done by researchers of national

 On April 28, 2017, our Parliament passed a new landmark  hospitals and national universities should be
Act, Health Infrastructure for Next Generation Act
(HINGA). more clearly exempt from PIPA.
 To make use of health information available 2) The sharing of health information for the
for health research and innovation, Government benefit of patients when medical treatment
certified entity anonymize the health data to
distribute anonymized health data for research needed should be clearly made exempt from
and innovation. PIPA.

7 8
（Slide 9）
Protection Act is not their concern. Of course, a
decent procedure is a must. Solid security mea-
What we should do from now on sures must also be in place because it is only natu-
 3) The sharing of health information for the ral to care for security and privacy. However, it
purpose of health research and public health
should be generously possible.
should be made clear that, unlike the Personal In-

 4) Finally, Make guidelines on medical ethics formation Protection Act, the Health Infrastruc-ture
for health research sponsored by Japan Medical for Next Generation Act will not make the use of
Association(JMA) to show that health
professionals are capable of professional health data for health research difficult. This point
autonomy. Also the training program should be has not been made clear in the current Health
established under these guidelines by JMA
which should be a model for other countries. Infrastructure for Next Generation Act.
Second, it is only reasonable to share informa-
9
tion for the benefit of patients. Privacy protection
pens to patients who have the same disease that I should not be without due cause, so it should be
do. So, the data will be anonymized but tracked, clearly stated that the use of health data for health
which means that the data will reveal information research is not subject to the Personal
such as how many years I have lived and which Information Protection Act.
drugs worked very well. To enable such tracking, Third, health data is not only meant to serve in-
several Authorized De-identifying Organizations dividuals; they are public information and are
will be created, and the data they anonymize will therefore meant to serve the good of the public
be made available to various projects. This way, (Slide 9). For example, I have been suffering from a
security is ensured and due consideration is paid disease for about 40 years now, but my physician is
for the use of the data under the new law. determining what treatment is appropriate for me
based on the data of other people with the same
What Should be Done Further ? disease, as well as his own knowledge and experi-
Now, can this Health Infrastructure for Next ence. If I am allowed to claim and declare that my
Generation Act solve everything? Someone told health information not to be used for others, it
me differently, and I will list four concerns (Slide would be nonsense in the first place. Thatʼs being a
8). free rider.
The Personal Information Protection Act tends Of course, privacy and security are important and
to apply more strictly to independent administra- essential as premises, but permitting a person not to
tive organizations that were once national univer- use his/her data for public health just be-cause the
sities or national university hospitals, so they data belongs to that person is a misplace-ment of
should be assured that the Personal Information the information control right. It is not the
45
exercise of a right; rather, it is purely the abuse government; however, I believe that the Japan
of that right. Permitting such a right is ludicrous Medical Association (JMA) should be taking an
in the first place, and it should be made clear that initiative in setting up guidelines.
the sharing of health data for health research or Training on health data issues should also be
public health is allowed. in-cluded in the core curriculum of the JMA
Finally, there will be many risks and ethical is- Continu-ing Medical Education Program. Many
sues involved in the use of health data. Further- people will still be lost even when guidelines are
more, new questions and problems will emerge one available somewhere, and they need to undergo a
after another as technology advances. It is not certain training program as a prerequisite.
possible to always cope with them through law, as Todayʼs confer-ence is hosted by the JMA, so I
it takes time to create a law. This Health Infra- would like to take this opportunity, and be candid
structure for Next Generation Act was indeed an in saying that it will be essential to the true
exception. I believe it was a case that the health- practice of professional autonomy. Maybe no
care community was alarmed by the Personal In- other national medical asso-ciation has reached
formation Protection Act so much that the govern- out that far, but today, I would like to propose
ment moved quickly. The health data issue, that Japan could become a model case.
including the risk management and ethical chal- Thank you for your attention.
lenges involved, will require further efforts by the
46
◉ Comment ◉ Health Database: Are we ready to step forward?
◉ Comment ◉
Health Database:
Are we ready to step forward?
Dong-Chun Shin
I have been engaged in WMA activities for not live without much knowledge of economy.
over 10 years. We always thank JMA and Dr. That is still effective. But in the 21st century,
Yokoku-ra for his continuous leadership and some people say we are living in risk society, so
contribution to the WMA and congratulate again we have to be prepared to be risk literate. The
Dr. Yokokura to be President-Elect of WMA. society can be divided by risk literate society and
We expect more leadership from Japan and Asian risk illit-erate society. We have to educate and
region in the global arena in various kinds of train what the risk is and what risk means. We
health issues in-cluding health database. also have to communicate among stakeholders
My title is “Are we ready to step forward?” I such as the gen-eral public, patients, healthcare
think we are ready to go. Before going on my providers, legisla-tors and policymakers, to talk
talk, I will try to briefly summarize the previous about what is the virtually zero risk.
four prominent speakersʼ talk. If we have well-designed policies and regula-
Firstly, Professor Yamamoto and Professor Hi- tions to make this kind of database utilization
guchi mentioned that Japan has two acts, which can pos-sible, we are in the track with very little
be contradictory; One act will promote and the virtual risk. However, those kinds of guidelines
other act will discourage. But I think these two and legis-lation are not enough to make virtually
tracks should and can be complementary, not con- risk zero status. We need to continually talk
tradictory. We can start to step forward on the ba- about the cases in some country and bridge it to
sis of security measures, some kind of legislation other regions with efficient communication. We
and protection law. Japan is ready by the amend- continually share our experiences to protect the
ment of PIPA, and I hope you can minimize the risk infringement of pa-tientsʼ safety.
of health database utilization down to the vir-tually Japan has a good cohort for Japan sentinel
zero level of risk by that legislation. proj-ect, which is an information project and also
We are talking about virtually zero risk in risk the Tohoku community, a very desirable third
science and risk analysis domain, in academic do- genera-tion cohort. That kind of cohort is
main. I have been engaged in that area for my life- expected to pro-duce unbiased finding of disease
time. So we should talk about what should be the etiology rather than hospital data.
virtually zero. In modern society, we cannot live Dr. Robert Wah also mentioned that research on
without any risk, from disaster, from technology database health information has started from elec-
development, from environment or from IT. We tronic medical record (EMR) and then is moving to
should be prepared to live in this risk society. the community cohort study, two kinds of mil-lion
People say that before the 21st century we could people cohorts. He also told us lots of import-
47
ant information to take care of patients and take information can be hacked or leaked in some way.
care of prevention especially. Dr. Wah also men- I think it is a big issue in his work.
tioned promises and pitfalls, and WMA declara- Dr. Chen introduced us to Taiwanʼs system from
tions in the aspect of security issues. He showed us past to present and to some future prospects, and
a way in the future in the aspect of data security and showed us how much we can save on paper and so
better use of data for better healthcare. We were on, by applying this kind of information system. It
entertained by several very nice Qs & As af-ter his makes me happy because I am a supporter of mak-
presentation. Some participant here asked if that ing hospitals green. Energy saving and material
kind of system is feasible in the future or not. We saving in hospitals are very important because we
have to think about technology across society. We are living with cost-containment in healthcare sec-
have much bigger pictures to deal with these very tor and we have to concern about the cost reduc-
important issues. These kinds of same ques-tions tion in our healthcare industry. So green hospital is
will be applied to any situations in our risky my recent work. Also he mentioned a very nice
society; How can we make people safe, how can we community project in a greater Puli area in the
make people in the state of peace of mind. I can tell middle of Taiwan, in which almost 90 percent of
in Japanese language that “anshin” equals “anzen” patients are covered, so it is a perfect cohort from
plus “shinrai”. So “anzen” is technology. We try to which we can expect many good results. In the fu-
make technology perfect to ensure pa-tients safety ture Taiwan will introduce partly the capitation
for their personal information. But that is not system, so it will make a big change for the behav-
enough. If people do not believe tech-nology, if iors both of patients and of healthcare providers and
people do not believe policymakers, government or I hope this change will ultimately enhance the value
experts, it does not work. So trust is another hand of patient care and the health of the people.
or another leg to go. We have two legs. One is Professor Higuchi gave a very nice, comprehen-
anzen or security, and the other one is shinrai. It sive talk, and introduced some basic concepts and
can make peace of mind, anshin, togeth-er. This principles, and also presented problems in Japan.
equation is very common in the risk anal-ysis He mentioned about a medical doctor in Wiscon-
society and the answer from Robert Wah is sin. Dr. Murray Katcher tells us that the key to im-
something similar to this concept. So I agree with proving patientsʼ safety and prevention of medical
his opinion. We need to make a consensus among accidents is health information technology. I agree
stakeholders. Continual communication and risk with that. As an individual medical doctor, we ac-
communication are required. cumulate patient care experiences in our lifelong
Dr. Ju Han Kim gave us quite an interesting pre- career. There is an individual doctorʼs embedded
sentation using his own genome data. Some medi- information, and all this kind of information is
cal doctors in history tried some vaccines to him- shared by health information technology, and
self and looked what was going on, and showed us enormous number of medical doctorsʼ lifetime in-
clear logic why this kind of work is critical to take formation is embedded in one small IT. It is great.
care of patient, individual patient and save the so- As you know we are already in the era of fourth
cial cost from drug misuse. Drug misuse could be industrial revolution. Artificial Intelligence sys-tem
assessed more precisely and reduced with genom-ic or AI can take part in our medical work in the near
data or health database. The pharmacovigilance future. In that case, this kind of accumulated
project is also impressive, and I want his project to information in some system makes us happy, or no?
keep growing and expect many avatars in Korea. It will depend on our decision and our way of
But still, security issues are left, because of cellu- thinking and working.
lar phones. A one-to-one, patient-doctor relation- According to Prof. Higuchi, access, quality and
ship does not make a big problem. But the mobile cost are the key aims of health law in the U.S., and
48
◉ Comment ◉ Health Database: Are we ready to step forward?
WMA Declaration on Health DB (2016) CMAAO resolution for health DB (2014)
to accomplish these three ends, health IT is the im- tors are well educated, well trained to take care of
portant key. He also introduced some points writ- patients and people, to make people healthy. Their
ten in the book titled “Health Care IT” and in ad- ethical standard can be going up even higher to lead
dition to all the benefits we already talked about, the society, to make all these things possible, to
there are job creation, transparency and healthcare make medical information usable and applica-ble,
reform as EHR benefits, through reengineering of and to make efficient communication to peo-ple in
precisions in healthcare sector. We need IT appli- the other sectors, patients and the general public.
cation in healthcare sector and we do need to min- That is my summary.
imize the risk of this new way of work down to I already spent, almost used up my time, but these
virtual zero. In order to be in that state, in that step, are my slides I prepared in advance. WMA Decla-
we have to discuss more among medical people, ration of Taipei is already mentioned (Slide 1). We
legislative people, general public and patients. have CMAAO, Confederation of Medical Associa-
Prof. Higuchi also mentioned that PIPA in Ja- tions in Asia and Oceania, and adopted a very nice
pan amendment will be effective this month to resolution in 2014 (Slide 2). I am Council Chair of
strengthen the protection of information. But as I CMAAO group and JMA serves as the Secretariat and
told you, I think this is a basic step to go forward holds Secretary General for a long time. In this
although he talked us many negative effects. It is resolution, we have three recommendations; “Each
a legislation, much stronger than guidelines or NMA (National Medical Association) shall urge each
framework, but these legislation can be compli- government to prepare the necessary legal sys-tems
mented by other legislation like the next genera- and procedures”. “Each NMA shall exert ef-forts in the
tion information legislation. This level of strict development and distribution of educa-tion and
guideline might be achieved by new technology. training programs”. It is very important. Also, “Each
If new technology is growing, we can make NMA shall exert efforts to support re-search activities
every-thing individual, every record permanent on ethical approaches”. - again it is very important to
and ev-ery information easy, and then we can raise young medical doctors in this way- and “to
make, and almost fulfil that kind of strict monitor whether such ethical principles are being well
legislation in our future society. followed”.
Let me stress once more the consensus among In Korea, it is very similar to Japan, but in Ko-rea
stakeholders. Who will drive or initiate this whole the benefit is that data is stored in one system. It is
work? In Prof. Higuchiʼs last slide, JMA, medical very powerful. But we cannot use that without any
association, medical people, have to be prepared permission from the government (Slide 3).
with very high standard of ethics. Ethical standard Government sometimes permits us to use it in the
is needed to initiate this work. I think medical doc- case of social benefit or patient benefit. But it is
49
Personal Information Protection Act, 2011 Personal Information Protection Act, 2011
in Korea
• Data exportation was strictly limited in order to prevent
• Article 1 (Purpose) leakage of personal information
– The purpose of this Act is to prescribe matters • Data coding: resident ID numberrandomizedsecret
concerning the management of personal code
information in order to protect the rights and

• New randomized number should be given during clinical trials
interests of all citizens and further realize the
dignity and value of each individual by protecting
personal privacy, etc. from collection, leakage, • The same principle applies genetic research
– Bioethics and Safety Act, revised 2013
misuse and abuse of individual information.
– Institutional Review Board
Future prospect Risk Governance
• The 4th industrial revolution (Industry 4.0)

• Safety and Security of health DB
• Privacy and Misuse of health DB

• Precision medicine initiative
• Transparency and Accountability
• Health DB Market and Commercialization • Basic System for Risk Governance
✓ National Medical Association Level

• Reward and right for own health ✓ National Level
information
✓ International Level
（Slide 7） hancement is one of the great rewards to the indi-

vidual patient. I will tell you about risk gover-
nance; safety and security, privacy and misuse of
health database, and transparency and account-
ability (Slide 6). It is very important because it
can make people trust us, trust the policy, so we
need communication with transparent way, and
ac-countable standpoint. We need to make basic
sys-tem, which I think is now ongoing, at
national and international level.
Lastly in general IT environment, in what is
Source: http://dhanasystems.com/
called IT governance, we assess IT maturity and
not easy and is almost blocked. When you use it, we measure IT performance within the organiza-
we have data with anonymous type (Slide 4). tion framework, strategic framework, operating
For future prospect, we are already in the fourth framework and control framework (Slide 7). So,
industrial revolution and precision medicine ini- we pursue IT value in the core to improve the
tiative (Slide 5). We have to be very cautious about medical science and patient safety, by improving
commercialization of health information and re- compliances, risks and security issues, to make
ward and right for own information. Reward can be this IT health database sustainable in the future.
the medical science. Medical treatment en- Thank you very much.
50
This report can be downloaded at www.med.or.jp/english.
Copyright © 2017 Japan Medical Association. All rights reserved.
Japan Medical Association
2-28-16 Honkomagome, Bunkyo-ku, Tokyo 113-8621, JAPAN
Tel +81-3-3942-6489 / Fax +81-3-3946-6295
E-mail: jmaintl@po.med.or.jp
www.med.or.jp/english

International Conference On Current Situation and Challenges of Health Database in Each Country

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

International Conference On Current Situation and Challenges of Health Database in Each Country

Uploaded by

Copyright:

Available Formats

International Conference on Current Situation

and Challenges of Health Database in Each Country

Japan Medical Association

Welcome Address: Yoshitake Yokokura, President, Japan Medical Association

Lectures Co-Chairs: Hiromi Ishikawa, Executive Board Member, JMA

17：00 Closing Remarks: Kenji Matsubara, Vice-President, Japan Medical Association

The World Medical Association (WMA) adopted the Declaration of

I believe that my task is to first explain the （Slide 1）

communi-cation technology (ICT) in healthcare,

including some for biobanks.

Brief History of Healthcare ICT Devel- Helping medical staff

1970sComputerized financial systems

Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017

acterized by data entry at the point-of-origin,

Gender and postal code

the i-Japan 2015 died out. Nevertheless, the full

Health Databases in Japan

sible to identify a person using the normal data, （Slide 7）

names or dates of birth. As for the procedure regarding data delivery,

 Based on distributed database model, with

 Common data model consists of SS-MIX and

Rules of Operation and Security

“Database” includes: Personal Information Protection Act (PIPA), 2005

It seems to be more secure than 

But….  Supplementary Provisions

（Slide 13） （Slide 14）

greatly reduced. In a way, the revised Act proba- （Slide 15）

Organization of consent for use + MI -CAN

data. In this sense, medical students and Linkage Service

professionals utilize knowledge obtained from a Sharing Collaboration

considerable body of personal information to (Open data with some latency)

serve patients in return. If personal information

Three Waves of Health IT Investment

Ongoing Regulatory and Policy Changes

Health IT Investment Over 10 Years: $150B

for you—a 32-year-old single mother, Hispanic （Slide 3）

left-handed female, with these four medications

Intersection of Health IT, Cloud Computing and

Cyber Health IT Health IT

Instead of Looking for a Needle in a The Open Health Connect Approach

What is An Application? • App Teams or data scientists

information collected. I work for a big technology • Everyone provides O&M

company with 170,000 employees worldwide. We • Everyone builds their own

• Nobody can share

and so we are developing very exciting technolo-

The Future Better Information for Better Health Care Decisions

FDA/CDC Preventive Domain Government makes better decisions

Era of Personal Pharmacogenomics

Control Case 001 Case 002 Case 003

Health Avatar on CDM on MDR/FHIR

Patient-centered Integration of Health Records Perspective: Patient-centered Integration

Health Avatar (관련연구, 미래부 NCRC (2010~2017)) work

PHR + Genome + LifeLog ClinicA

using personal devices such as smartphones. Records

Avatar Beans Avatar Beans

（Slide 11） （Slide 12）

（Slide 13） （Slide 14）

（Slide 15） （Slide 16）

Avatar Beans for Patients

 Clinical Problem-oriented applications

 Avatar Beans & DialysisNet

Health Avatar Personal & Private

Avatar Platform: SNS-like Platform for Avatars, Agents, and Apps

（Slide 13）（Slide 14）

（Slide 11）（Slide 12）

（Slide 13）（Slide 14）

（Slide 15）（Slide 16）

（Slide 19）（Slide 20）

（Slide 9）（Slide 10）

（Slide 13）（Slide 14）

（Slide 16）（Slide 17）

（Slide 18）（Slide 19）

（Slide 22）（Slide 23）

（Slide 24）（Slide 25）