Digital Health Blue Print Full Book 01.11.2023 Final

ISBN 978-624-5719-86-0

Department of Government Printing

Sri Lanka Digital Health
Blueprint
Version 1
Enabling a Healthier Nation through Digital Transformation of Healthcare
Ministry of Health
Sri Lanka Digital Health Blueprint
Enabling a Healthier Nation that contributes to its Economic, Social, Mental, and Spiritual Development.
Version 1
ISBN Printed No.: ISBN 978-624-5719-86-0

ISBN Electronic No.: ISBN 978-624-5719-87-7
Copyright © 2023 by Ministry of Health, Sri Lanka
No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or any information storage and
retrieval system, without permission in writing from the publisher.
Published by:
Health Information Unit
Ministry of Health,
Suwasiripaya, No. 385, Rev. Baddegama Wimalawansa Thero Mawatha, Colombo 10,
Sri Lanka.
Tel: (+94)112 694033, (+94)112 675011, (+94)112675449, (+94)112693493

E-mail: digitalhealth@health.gov.lk
Web: http://www.health.gov.lk/moh_final/english
Publication date: November 2023
Designed & Printed by :

Department of Government Printing,
No. 118, Dr. Danister De Silva Mawatha,
Colombo 08, Sri Lanka.
Executive Summary | III
Executive Summary
Health information is one of the key pillars of This Sri Lanka Digital Health Blueprint (DHB)
health system. The Health Information System defines the path that the Ministry of Health, should
(HIS) revolutionized the method of information take in transforming digital health. This process will
usage for decision making. A HIS encompasses all streamline the digitalization of the health sector in
health data sources required by a country for the Sri Lanka, optimizing scarce resources at a time of
provision of healthcare and to plan, implement, financial constraint.
monitor, and evaluate its national health strategies
The blueprint proposes a National Electronic Health
and action plans.
Record (NeHR) as one of its central components.
There were many obstacles identified due to the The NeHR will serve as a lifelong record of
use of paper-based health information systems, individual patients from conception to death. It
such as the unavailability of real time data, lack has also been identified that the interoperability
of readily accessible and poor quality of data of systems and information sharing are key to the
which affects timely informed decision making. success of digital health systems and their use. The
Therefore, the Ministry of Health has identified digital health platform specified and detailed in
that the digitalization of health services, including this Digital Health Blueprint, will form the basis for
the incorporation of the health information delivering the above components and functions.
system, is a fundamental need to improve quality Other deliverables include point-of-care services,
and effectiveness of the health care delivery in the central registries, centralized services, document
country. repositories, a data warehouse, authentication
services, audit trails, information dashboards, and
The digitalization of healthcare in Sri Lanka was
a national health data exchange.
initiated at the beginning of the second decade
of the 21st century. The digital transformation is The realisation of the blueprint will be
related to governance, clinical care, public health, pragmatically phased out to ensure focused
education, and health administration. The adoption mobilisation of the resources available and
of Health Informatics as a specialty field of medicine sustainability of the systems implemented. The
has accelerated the digital transition of the health Ministry also plans to improve the required human
system in Sri Lanka. The digital transformation resource capacity to support this endeavour.
included various information systems, including All the future investment on digital health
hospital health information systems, public should be align with Digital Health Blueprint and
health information systems, statistical health implementation roadmap.
information systems, and logistic/human resource
I wish to thank everyone involved in developing
systems. More than 85 major state sector hospitals
the Sri Lanka Digital Health Blueprint, specially the
have been empowered with the two leading
Health Information Unit of the Ministry of Health,
hospital health information systems (HHIMS and
for their untiring efforts. I hope Digital Health
HIMS) and more than 12 million patients have
Blueprint will undergo necessary modifications
registered. These hospital information systems
and updates as and when required with advancing
cover outpatient departments, admissions, clinics,
technology.
transfers, and discharges, as well as laboratory,
pharmacy, radiology, and appointment booking
Dr. Palitha Karunapema
information.
Director Health Information,
Ministry of Health.

IV | Message
Message from the Secretary of Health
The National Health Policy 2016–2025 outlines I appreciate the efforts of the Health Information
a robust framework for achieving national Unit of the Ministry of Health, all the relevant
health goals, including Sustainable Development stakeholders including Director General of Health
Goals (SGDs), through the adoption of the basic Services, all the deputy director generals, directors
principles of accessibility, quality, and affordability and deputy directors of the Ministry of Health,
and by leveraging the power of information and Information Communication Technology Agency,
communication technologies to strengthen health the Global Fund, WHO and other international
care delivery systems. partners in developing Sri Lanka Digital Health
Blueprint. I request all the stakeholders to put this
Digital health interventions strengthen and support plan into action and create the conditions necessary
the outcomes of every health service delivery for Sri Lanka to become a nation that is a leader in
programme in the country. With increased ease digital healthcare and improve health outcome of
of use, acceptance by the masses, and adaptation the population.
by service providers, digital health interventions
can be a powerful instrument in accelerating S. Janaka Sri Chandraguptha
the transformation of the health agenda and Secretary / Ministry of Health
enhancing the health outcomes of the entire
population of the nation. The integration of many
digital interventions in the ecosystem of digital
health is essential for a holistic pursuit of the
goals of National Health Policy 2016-2025 and the
SDGs relating to health. The Ministry of health has
initiated efforts for establishing a comprehensive,
integrated Digital Health ecosystem through an
architectural framework namely, the Digital Health
Blueprint (DHB) in line with Government overall
digital transformation framework.

Message | V
Message from the Director General of Health Services
Global evidence shows the digitalization of the I would like to specially acknowledge and thank the
health information system has made it feasible to Management Development and Planning Unit of
take a significant step toward establishing universal the Ministry of Health, Information Communication
health care. Technology Agency, the Global Fund, and all the
other stakeholders, including the medical specialty
The Ministry of Health of Sri Lanka has demonstrated of Health Informatics, for initiating the development
the use of digital health interventions in major of the National Digital Health Blueprint for Sri Lanka
national health programs, which have benefited and the digital transformation of the health sector.
patients with timely service delivery and made
government healthcare services more efficient and The Ministry of Health is dedicated to taking all
accessible. necessary actions to ensure that the Digital Health
Blueprint is successfully implemented throughout
However, all these efforts need to converge into a the entire health sector.
single framework to achieve interoperability of data,
which would benefit both policymakers for decision Dr. Asela Gunawardena
making and patients with effective services at the Director General of Health Services
time of need. The Sri Lanka Digital Health Blueprint
provides clear guidance for all stakeholders to
engage and contribute to strengthening the digital
health system in Sri Lanka.

VI | Message
Message from the Deputy Director General-Planning
Information is a key building block of any health It is important that all digital health initiatives are
system. Information is required for day-to-day properly coordinated by the Health Information
clinical decisions, planning, and administration Unit of the Ministry, in line with the Digital
purposes. Evidence-based decision making is Health Blueprint. All digital health initiatives
very important in healthcare. Globally, healthcare and investment should be aligned with DHPB to
systems are adopting digital systems, processors, improve cohesiveness, avoid duplication of efforts,
and tools to enhance the function of health and better utilize our limited resources.
information systems.
The Sri Lanka Digital Health Blueprint will serve as a
Digital health information systems can provide guide for achieving all these goals and subsequently
relevant data to clinicians as well as health raising the standard of healthcare in Sri Lanka.
administrators for decision making purposes.
Relevant, accurate, complete, and timely Dr. S. Sridharan
information supports health planning, strategizing, Deputy Director General- Planning
making policy decisions and research. Information Ministry of Health
is vital in planning for the development of
infrastructure, human resource capacity building,
and financing for the long term and sustainability.

Editorial board and contributors |
| VII
Editorial Board
1. Dr. S.Sridharan – Deputy Director General – Planning
2. Dr. Palitha Karunapema - Director of Health Information
3. Dr. Gumindu Kulatunga - Consultant in Health Informatics
4. Dr. H.N. Hasitha Pramod - Consultant in Health Informatics
5. Dr. Buddika Ariyarathne - Consultant in Health Informatics
6. Dr. Pradeep Sylva - Consultant in Health Informatics
7. Dr. Chaminda Weerabaddana - Consultant in Health Informatics
8. Dr. Lasantha Ranwala - Consultant in Health Informatics
9. Dr. Buddika Dayarathne - Consultant in Health Informatics
10. Dr. Muditha Hapudeniya - Consultant in Health Informatics
11. Dr. Prabath Jayathissa - Consultant in Health Informatics
12. Dr. Jayathri Wijerathne - Consultant in Health Informatics
13. Dr. Uditha Perera - Consultant in Health Informatics
14. Dr. Poorna Fernando - Acting Consultant in Health Informatics
15. Dr. Nayani Dharmakeerthi - Registrar in Community Medicine
16. Dr. Ranamayurie De Alwis - Registrar in Community Medicine
Project Consultants of the Digital Health Architecture Blueprint

Development of HI & QI Project
1. Dr. Jayathri Wijerathne - Consultant in Health Informatics
2. Dr. H. N. Hasitha Pramod - Consultant in Health Informatics
3. Dr. Pradeep Sylva - Consultant in Health Informatics
International Technical Assistance

e-SHIFT Team
1. Ron Parker
2. Sima Newel
3. Justin Fyfe
4. Duane Bender
5. Steven Uggowitzer

VIII | Editorial board and contributors
Local Technical Collaborations
1. Information and Communication Technology Agency

2. Sri Lanka College of Health Informatics
3. Sri Lanka Computer Emergency Readiness Team
Endorsements
1. The Global Fund
2. World Health Organization
3. United Nations International Children’s Emergency Fund
4. World Bank
5. Asia Development Bank
Contributors
1. Dr. Susie Perera – Deputy Director General (Public Health Services II)
2. Dr. S.M. Arnold - Deputy Director General (Public Health Services I)
3. Dr. Lal Panapitiya – Deputy Director General, Medical Services I
4. Dr. G. Wijesuriya - Deputy Director General, Medical Services II
5. Dr. D.R.K. Herath- Deputy Director General, Medical Supplies Division
6. Prof. Vajira Dissanayake – (Chair – Specialty Board, Biomedical Informatics)
7. Dr. Prasad Ranathunga - Consultant in Health Informatics - President SLCHI
8. Dr. Chithramalee De Silva – Director Maternal and Child Health, Family Health Bureau
9. Dr. Uditha Perera - Consultant in Health Informatics - Secretory SLCHI
10. Dr. Prasad Ranaweera – Director Anti Leprosy Campaign
11. Dr. Neranga Liyanaarachchi - Consultant in Health Informatics
12. Dr. Nishan Siriwardena - Consultant in Health Informatics
13. Dr. Subodha Manoj - Consultant in Health Informatics
14. Dr. Ranga Kumara Welikanne - Consultant in Health Informatics
15. Dr. Kaushalya Kasthuriarachchi - Consultant Community Physician
16. Dr. J. Bandara – Medical Superintendent, BH- Homagama
17. Dr. Dilrukshi Dheerasinghe – Medical Superintendent, BH - Panadura
18. Dr. Lahiru Rajakaruna – Senior Registrar in Health Informatics
19. Dr. Kaushalya Mendis - Registrar in Health Informatics
20. Dr. Chinthaka Jayarathne - Registrar in Health Informatics
21. Dr. Dharshana Abeywardhana – Medical Officer in charge, OPD, BH - Homagama

Table of Contents | IX
Table of Contents
List of Figures ................................................................................................................................................ XIII
List of Tables ................................................................................................................................................. XV
List of Annexes ................................................................................................................................................ XVI
Glossary ............................................................................................................................................... XVII
List of Abbrievations....................................................................................................................................... XIX
Foreward ................................................................................................................................................. 01
1. Background & Context............................................................................................................................. 03

1.1 Health System Organisation............................................................................................................ 04
1.2 Healthcare Vision.............................................................................................................................. 04
1.2.1 Key Strategic Goals ............................................................................................................... 05
1.3 Health Information Systems Challenges........................................................................................ 05
2. Introduction............................................................................................................................................... 09
2.1 Introducing the Digital Health Blueprint........................................................................................ 09
2.2 Alignment to Sri Lanka Government Enterprise Architecture (SL-GEA)..................................... 10
2.3 Architectural Views (Enterprise vs. Logical vs. Technical)............................................................. 11
2.3.1 Enterprise View...................................................................................................................... 12
2.3.2 Logical Views.......................................................................................................................... 12
2.3.3 Technical View....................................................................................................................... 12
2.3.4 Enterprise Architecture Frameworks.................................................................................. 13
2.4 Key Definitions & Overarching Concepts....................................................................................... 13
2.4.1 Digital Health Blueprint........................................................................................................ 13
2.4.2 National Electronic Health Record (NEHR)......................................................................... 13
2.4.3 Digital Health Service (DHS)................................................................................................. 13
2.4.4 Digital Health Platform (DHP).............................................................................................. 13
2.4.5 Point of Service (PoS)............................................................................................................ 15
2.4.6 Digital Health Information Warehouse (DHIW)................................................................. 15
2.4.7 Record Locator / Index......................................................................................................... 16
2.4.8 Repository.............................................................................................................................. 16
2.5 Guiding Principles............................................................................................................................. 16
2.5.1 Patient Centred...................................................................................................................... 17
2.5.2 Aligned to Values................................................................................................................... 17
2.5.3 Culture of Information Sharing........................................................................................... 17
2.5.4 Value for Providers and Government Officers ................................................................. 17
2.5.5 Security and Privacy by Design............................................................................................ 18

X | Table of Contents
2.5.6 Blueprint is Authoritative..................................................................................................... 18

2.5.7 Vehicle for Cost Effective & Efficient Investment............................................................... 19
2.5.8 Leverage Existing Assets....................................................................................................... 19
2.5.9 Encourage Innovation, Competition and Partnership...................................................... 19
2.5.10 Evolutionary Development................................................................................................... 20
2.5.11 Standardisation of Process and Services........................................................................... 20
2.6 Uses and Benefits.............................................................................................................................. 20
2.6.1 Uses of the Blueprint............................................................................................................ 20
2.6.2 Benefits of the Architecture Blueprint................................................................................ 21
2.7 Key Assumptions, Decisions and Limitations................................................................................ 23
2.8 Evolution of the Blueprint................................................................................................................ 24
2.8.1 Identification of Key Stakeholder Groups.......................................................................... 24
2.8.2 Landscape Assessment and Business Context.................................................................. 24
2.8.3 Establishing Digital Health Needs....................................................................................... 25
2.8.4 Creation of the Digital Health Blueprint Artefacts............................................................ 25
2.9 Stakeholder Engagement................................................................................................................. 25
3. Business Architecture............................................................................................................................... 27
3.1 Current State ..................................................................................................................................... 27
3.1.1 Business Structure................................................................................................................ 29
3.1.2 Provincial Health Ministries................................................................................................. 30
3.2 Business Drivers................................................................................................................................ 30
3.2.1 Address Complexity of Digital Health Solutions................................................................ 31
3.2.2 Establish a Shared, Patient Centric National Electronic Health Record (NEHR)............ 32
3.2.3 Share Relevant Clinical Data between Organisations, Facilities and Care
Settings................................................................................................................................... 32
3.2.4 Provide Accurate, Complete and Timely Delivery of Care................................................ 33
3.2.5 Provide Secure and Private Access to Health Information.............................................. 35
3.2.6 Streamline Clinical Data Collection for Secondary Uses.................................................. 37
3.2.7 Enhance Operations of Ministry of Health......................................................................... 39
3.2.8 Integrate Information Flows Within the Enterprise.......................................................... 40
3.3 Proposed Future-State..................................................................................................................... 40
3.3.1 Proposed Solution Outcomes.............................................................................................. 43
3.3.2 Managing Complexity........................................................................................................... 43
3.3.3 Interoperability...................................................................................................................... 44
3.3.4 Scalability................................................................................................................................ 45
3.3.5 Blueprint Architectural Domains ........................................................................................ 47

Table of Contents | XI
4. Application Architecture .......................................................................................................................... 49

4.1 Current State...................................................................................................................................... 49
4.2 Proposed Future State...................................................................................................................... 52
4.2.2 Points of Service.................................................................................................................... 52
4.2.3 Shared Infrastructure........................................................................................................... 55
4.2.4 Health Administration........................................................................................................... 62
4.2.5 Health Delivery...................................................................................................................... 65
4.2.6 Secondary Use....................................................................................................................... 71
4.2.7 Security & Privacy.................................................................................................................. 73
4.2.8 Operational Support............................................................................................................. 77
4.3 Evolving the Blueprint....................................................................................................................... 77
5. Information Architecture......................................................................................................................... 81
5.1 Current State...................................................................................................................................... 81
5.1.1 Private Sector / Insurance.................................................................................................... 84
5.2 Proposed Future State...................................................................................................................... 84
5.2.1 Enterprise Entities & Relationships..................................................................................... 84
5.2.2 General Pattern of Information Flows in the DHP............................................................ 88
5.2.3 Health Events......................................................................................................................... 88
5.2.4 Security Audits....................................................................................................................... 89
5.2.5 Secondary Use....................................................................................................................... 90
5.2.6 Information Management Principles.................................................................................. 92
6. Technology Architecture.......................................................................................................................... 97
6.1 Technical Principles........................................................................................................................... 97
6.1.1 Privacy and Security Control by Design.............................................................................. 97
6.1.2 Use of Open Standards and Open-Source Software........................................................ 98
6.1.3 Interoperability Focus........................................................................................................... 98
6.1.4 Re-Use Shared Business Services........................................................................................ 99
6.1.5 Leverage Virtualized and Cloud Design Patterns.............................................................. 99
6.1.6 Line of Business Systems are Expert Systems................................................................... 99
6.2 Functional Principles of Digital Health Solutions.......................................................................... 99
6.2.1 Non- Repudiation of Information........................................................................................ 99
6.2.2 Portability for Digital Health Services............................................................................... 100
6.2.3 Identifier Management....................................................................................................... 100
6.2.4 Follow Standards and Interoperability Plan..................................................................... 101
6.2.5 Encapsulation of Data Submitted...................................................................................... 102
6.2.6 Performance Targets.......................................................................................................... 102
6.2.7 Authentication..................................................................................................................... 104

XII | Table of Contents
6.2.8 Authorisation....................................................................................................................... 105

6.2.9 Auditing and Accountability Tracing................................................................................. 105
6.2.10 Informational Consent Directives..................................................................................... 106
6.2.11 Transaction and Message Control.................................................................................... 106
6.2.12 Error Handling and Retry.................................................................................................... 107
7. Realising the Blueprint........................................................................................................................... 111
7.1 Stages of Evolution ........................................................................................................................ 112
7.1.1 Digitising Clinical Information............................................................................................ 112
7.1.2 Connecting Digitised Solutions.......................................................................................... 112
7.1.3 Sharing Clinical Information............................................................................................... 112
7.1.4 Informing Health Decisions................................................................................................ 112
7.1.5 Clinical Innovation............................................................................................................... 113
7.1.6 Digital Transformation........................................................................................................ 113
7.2 Patient Journey Stories................................................................................................................... 113
7.3 Blueprint Implementation Roadmap............................................................................................ 114
7.3.1 Existing Project Alignment.................................................................................................. 116
7.3.2 Interoperability Plan........................................................................................................... 117
7.4 Blueprint Dependency Map........................................................................................................... 117
7.4.1 Dependency Map for Diabetes Patient Journey.............................................................. 118
7.5 System Implementation................................................................................................................. 118
7.6 Operating Environments................................................................................................................ 118
7.6.1 Strategic Environments...................................................................................................... 120
8. References ............................................................................................................................................... 122
9. Annexes ............................................................................................................................................... 129

List of Figures | XIII
List of Figures
Figure 1 – Main Strategic Areas of National Health Policy 06
Figure 2 – Architectural Levels and Artefacts 11
Figure 3 – Relationship of Blueprint Concepts 14
Figure 4 – Stakeholder Engagement Plan 26
Figure 5 – Current Enterprise Business Architecture 28
Figure 6 – Conceptual Relation of Central MOH 29
Figure 7 – Focal DDGs for the blueprint 30
Figure 8 - Sharing of Clinically Relevant Data 34
Figure 9 – Proposed Future State Domain Relationships 41
Figure 10 – Enhanced Future State 42
Figure 11– Business Domains and Functional Concerns of the Blueprint 48
Figure 12 – Current State Conceptual Architecture 50
Figure 13 - Current Application Architecture State (Blueprint Nomenclature) 51
Figure 14 – Conceptual Application Architecture 53
Figure 15 – Technical Actor Relationships 54
Figure 16 – Simplified Actor Relationship 54
Figure 17 – Shared Infrastructure Components 57
Figure 18 – Health Administration Conceptual Components 64
Figure 19 – Health Delivery Domain Conceptual Components 67
Figure 20 – XDS-I Image Exchange in DHP 69
Figure 21 – MHD and MHDS in the DHP 70
Figure 22 – Secondary Use Domain Conceptual Architecture 72
Figure 23 – Security & Privacy Domain Conceptual Architecture 74
Figure 24 – Certificate Chain of Trust 76
Figure 25 – Client Credentials Flow 78
Figure 26 – Blueprint Modification Structure 79
Figure 27 – Blueprint Change Process 80
Figure 28 – Baseline Information Architecture 82
Figure 29 – Enterprise Data Entities and Relationships 83

XIV | List of Figures
Figure 30 – General Information Flow of Data Through the DHP 87
Figure 31– Event Information Model 89
Figure 32 – Logical Information Model for Audits 90
Figure 33 – Automated Aggregate Data Exchange Pattern 91
Figure 34 – Survey Population of DHIW 91
Figure 35 – Using ETL to Populate DHIW 92
Figure 36 – Near-Real-Time Reporting 93
Figure 37 – Data Flow for De-Identification 95
Figure 38 – Policy Information, Decision and Enforcement 107
Figure 39 – Service Orchestration and Composition in the DHP 107
Figure 40 – Recommended approach to realising the blueprint 112
Figure 41 – Patient journey stories 114
Figure 42 – High Level Roadmap 115
Figure 43 – Blueprint Component Dependencies 119
Figure 44 – Diabetes Project Dependency Map 121

List of Tables | XV
List of Tables
Table 1 – Audience and Scope 12
Table 2 – Enterprise Data Entities and Relationship 85
Table 3 – Information Lifecycles 94
Table 4 – Common Attributes of Current State Assessments from

Selected Institutes 132

XVI | List of Annexes
List of Annexes
Annex A - Directorates of the Line Ministry of Health 129
Annex B - Stakeholder Engagement / Current State Assessments Reviewed 131
Annex C - List of Current Digital Health Interventions in Sri Lanka 136
Annex D - Blueprint Service Detailed Dependencies 137
Annex E - Digital Health Blueprint Diagram 140

Glossary of Terms | XVII
Glossary of Terms
Term Definition
Application Programming Interface – in the context of the digital health blueprint, the term
API API is used to describe a business goal or operation as opposed to a specific technology
implementation (ex. function call, HTTP, REST, etc.)
Application Performance Monitoring – Software which evaluates the performance of

APM various services and technologies on virtualised infrastructure. APM can be used to
measure and detect performance degradation, application-level issues, or database issues.
The term Client and Patient are used interchangeably in this document and are used to
Client / Patient describe an individual who is seeking or being provided care by the Sri Lankan Health
System (public or private, curative or preventative).
Common Off the Shelf – Indicates that software or services are purchased and configured
COTS
rather than developed in-house (for example: Open Office, Word, XenDesk, etc.)
DHBP Sri Lanka Digital Health Blueprint (see: 2.4.1)
DHP Digital Health Platform (see: 2.4.4)
DHS Digital Health Service (see: 2.4.3)
Digital Imaging and Communications in Medicine – An interoperability standard primarily
DICOM concerned with the exchange, capture, and processing of diagnostic images to/from PACS
solutions.
Fast Health Interoperability Resources – A resource-based interoperability standard which
FHIR defines a common format for representing health resources, as well as related processes
for specification, validation, and transport.
Healthcare Any State or Private Institute in Sri Lanka which provides curative or preventive health care
Institution services
Health Level 7 – An ANSI accredited standards development organisation which specifies

HL7
and governs the development of a variety of standards.
HTTP Hypertext Transfer Protocol
International Classification of Disease – An international standard maintained by the World
ICD
Health Organization which is used to represent clinical concepts in a computable manner.
Information Communications Technology Agency – An agency of the government of Sri
ICTA Lanka which is responsible for the implementation of all ICT projects initiated by the
government.
Integrating the Healthcare Enterprise – An international profiling organisation which
IHE provides concrete implementation patterns, data exchange specifications, and inter-
standard considerations for health information exchange.
KPI Key Performance Indicator
Lanka Government Cloud – A shared government cloud environment which is used for
LGC digital government services provided in Sri Lanka. The goal of the LGC is to reduce cost
and foster reuse of technical assets.
Lanka Government Network – A network which provides a virtual private connection for
LGN
government services.

XVIII | Glossary of Terms
Logical Observation Identifiers Names and Codes – An international standard maintained

LOINC
by the Regenstrief Institute which is used to codify observation classifications and results.
MCDS Minimum Clinical Data Set
MoH Ministry of Health
Master Patient Index – A solution which is responsible for maintaining and cross
MPI
referencing the identity of persons/patients within the authority.
MTO Maximum Tolerable Outage
National Data Exchange – An API gateway which provides mediation between systems in
NDX
use in Sri Lanka
NEHR National Electronic Health Record (see: 2.4.2)
NeHSC National e-Health Steering Committee
National Health Data Exchange – An API gateway and service bus implemented on the
NHDX
base of the NDX for sharing health information.
Open Authentication – An interoperability standard primarily concerned with the

OAUTH
authentication of users of transport of authentication tokens.
Open Identity – A specification (restriction) built on OAUTH which standardises the

OpenID
methods and tokens used for accessing protected resources using REST APIs.
PACS Picture Archiving and Communications System
Personal Health Information – Discrete health information stored about a person’s
PHI
interactions with the health system which is directly identifiable to the individual.
Private Medical Institution – A setting in the private health system where curative or
PMI
preventative services are delivered.
Refers to an individual who is providing care to a client within the health system. Examples
Provider
of providers include medical officers, private medical institutions, nurses, etc.
Query Based on ID for DICOM Objects – A REST based wrapper for accessing DICOM object
QIDO
using their identifiers.
Representational State Transfer – described a pattern of data exchange where a sending

REST system serialises a data structure (a resource) to a wire format and shares this data with
another system over the HTTP protocol.
RIS Radiology Information System

RPO Recovery Point Objective
RTO Recovery Time Objective
Security Information Event Management – Software which is used by operators of

SIEM infrastructure to monitor the events generated by servers and networks. This is often used
to detect and protect infrastructure.
Systematized Nomenclature of Medicine – An international standard maintained by

SNOMED
IHTSDO which is used to present complex clinical concepts in a structured ontology.
Services Oriented Architecture – describes a pattern of enterprise application integration

SOA whereby individual services (such as APIs) are consumed, orchestrated, and governed to
achieve an enterprise business goal.
Web Access to DICOM Objects – A web-enabled wrapper for DICOM which allows for
WADO
accession of DICOM objects in a RIS or PACS.

List of Abbreviations | XIX
List of Abbreviations
AES Advanced Encryption Standard

API Application Programming Interface
ArB Architecture Review Board
ATNA Audit Trail and Node Authentication
C&CG Certificate & Compliance Group
CA Certificate Authority
CCG Computable Care Guidelines
CDS Clinical Decision Support
CDSS Clinical Decision Support Services
CKD Chronic Kidney Disease
COTS Common Off The Shelf
CQL Clinical Quality Language
DenSys Dengue Surveillance System
DGHS Director General of Health Services
DHB Digital Health Blueprint
DHEAP Digital Health Enterprise Architecture Plan
DHIW Digital Health Information Warehouse
DHP Digital Health Platform
DICOM Digital Imaging and Communication in Medicine
DPO Data Protection Officer
EHSC E-Health Steering Committee
eIMMR Electronic Indoor Morbidity and Mortality Register
eMIS Electronic Management Information System
EMR Electronic Medical Record
ePIMS(TB) Electronic Patient Information Management System for Tuberculosis
eRHMIS Electronic Reproductive Health Information Management System
ESB Enterprise Service Bus

ETL Extraction, Transform, Load
EU European Union
FHIR Fast Health Interoperability Resources
FTP File Transfer Protocol
GDPR General Data Protection Regulations
HFSMS Healthcare Facility Survey Management System
HHIMS Hospital Health Information Management System
HI & QI Health Information and Quality Improvement
HIMS Hospital Information Management System
HIW Health Information Warehouse

XX | List of Abbreviations
HL7 Health Level Seven

HRM Human Resource Management
HRMIS Human Resource Management Information System
HSMrB Health Systems Management Review Board
HTTP Hypertext Transfer Protocol
ICD International Classification of Diseases
ICPC International Classification of Primary Care
ICTA Information and Communication Technology Agency of Sri Lanka
IdP Identity Provider
IIS Internet Information Services
ITA International Technical Assistance
ITSG Implementable Technology Specification Group
KDS Key Distribution Service
KPI Key Performance Indicators
LeMIS Leprosy Management Information System
LIFe Lanka Interoperability Framework
LLP Limited Liability Partnership
LMS Learning Management Systems
MHD Mobile access to Health Documents
MHDS Mobile Health Document Sharing
MOH Ministry of Health
MOoH Medical Officer of Health
MSMIS Medical Supplies Management Information System
NDHGS National Digital Health Guidelines and Standards
NDHIW National Digital Health Information Warehouse
NeSC National e-Health Steering Committee
NHDX National Health Data Exchange
NHRIS National Human Resource Information Management System
NIC National Identity Card
NIFT National Insurance Trust Fund
NMHS National Mental Health System
NPTCCD National Programme for Tuberculosis Control and Chest Diseases
NRE Non-Repudiation of Emission
NRO Non-Repudiation of Origin
NSACP National STD and AIDS Control Programme
NTA National Technical Consultants
OLAP Online Analytical Processing
PBAC Policy Based Access Control

List of Abbreviations | XXI
PDHS Provincial Director of Health Services

PDPA Personal Data Protection Act
PHN Personal Health Number
PHSRC Private Health Sector Regulatory Commission
PMO Programme Management Office
PoS Point of Services
Private HIS Private Health Information System
PSErB Privacy, Security & Ethics Review Board
QHMIS Quarantine Health Management Information System
QIDO Query based on ID for DICOM Objects
RBAC Role Based Access Control
RDHS Regional Director of Health Services
REST REpresentational State Transfer
RSA Rivest, Shamir, Adleman algorithm
SARA Service Availability and Readiness Assessments
SFTP Secure File Transfer Protocol
SLIN Sri Lanka Identification number
SLLP Sustainability Linked Loan Principles
SLPP Simple Loop Preventive Protocol
SLUID Sri Lanka Unique Identifier
SOA Services Oriented Architecture
SOP Standard Operating Procedures
SQL Structured Query Language
SYSLOG System Logging protocol
TLS Transport Layer Security
WADO Web Access to DICOM Objects
XML Extensible Markup Language

XXII |

Foreword || 1
Foreword Lanka, and other stakeholders have coordinated

to engage with stakeholder groups and have
The 2016-2025 National Health Strategic Master developed several artefacts to foster interoperable
Plan of Sri Lanka identified the need for a formalised and interconnected digital health solutions.
health information management programme, to be Including:
led by a Director of Health Information. The plan
recognised the limits of the traditional information ● The Digital Health Enterprise Architecture
flow and its impact on decision making and policy Plan (DHEAP)
creation. The plan highlighted the many benefits ● The National Digital Health Guidelines and
of a digital health approach, including improved Standards (NDHGS)
efficiency, safety, and long-term cost benefits.
● Current State Assessment Documentation
According to the plan, the primary beneficiaries of
With this background information collected and
the National Digital Health Policies of Sri Lanka are
requirements being documented, the Ministry
stated to be:
of Health, TWG BluePHIE stakeholders, ICTA,
● Patients seeking care at healthcare and international agencies have undertaken
institutions the development of the Sri Lanka Digital Health
Blueprint contained herewith.
● Providers during healthcare delivery
processes and using clinical decision support This blueprint was developed with the engagement
● Public health officials utilising disease of various stakeholder’s groups within Sri Lanka
monitoring data including the consultant Health informaticians as
the main medical specialty related to Digital Health
● Citizens utilising health services
and is based on a variety of international best
● Health Administrators utilising data to make practices, blueprints, and standards. In addition to
evidence-based decisions and policies the existing artefacts produced within Sri Lanka,
other sources of inspiration for this document and
● Digital health vendors investing in new digital
the architecture it describes include:
health platforms
● Health related software developers to ● The Digital Health Blueprint of India

recognize digital health architecture
● WHO-ITU Digital Health Platform Handbook
While efforts to develop and deploy digital health ● Open Health Information Exchange
technology have been widespread across Sri (OpenHIE)
Lanka, the benefits have been quite localised, and
● Canada Health Infoway’s e-Health
exchange of individual patient data is limited. A
Blueprint v2
citizen cannot access his or her health records,
clinicians order and undertake diagnostic tests ● Integrating the Healthcare Enterprise
without insight into other activities in other disease (IHE) architectural patterns such as:
verticals, and what solutions do exist create isolated Cross Community Access (XCA) and Cross
medical records. This can create increased burden Community Document Exchange for Imaging
on citizens to ensure they appropriately seek care (XDS-I)
and inform medical providers of their history. ● HL7 Standards
The Health Information Unit at the Ministry The blueprint represents an architectural vision for
of Health (HIU) Sri Lanka, the Information and an interconnected and interoperable digital health
Communication Technology Agency (ICTA) of Sri ecosystem within Sri Lanka. The blueprint document

2 | Foreword
includes details only about the information systems ● Security and privacy by design,
that were explained in detail by the heads of the
● National Digital Health Information
institutes to the HIU and the ICTA. Any Information
Warehouse for administrative planning,
system that functions independently and has
public health, and evidence-based research
not been divulged to the HIU during the time of
purposes.
assessment has not been considered in this version
of the blueprint, however, the blueprint is designed The blueprint should not be seen as a detailed
to be inclusive and to evolve over time to eventually software architecture specification which prescribes
include all systems of strategic value. The blueprint how software is developed. Rather, the blueprint
seeks to be software and implementation agnostic, proposes a conceptual, informative structure within
while establishing patterns of interchange, which technological solutions are realised, and by
descriptions of foundational business services, and doing so, allows for flexibility of the blueprint to
a framework for further specification of information scale within a heterogenous software environment
interchange within Sri Lanka. The key features of functionally, administratively, geographically, and
the blueprint are: generationally.
● A set of overall architectural, business,
The Sri Lanka Digital Health Blueprint organises
information, and functional principles
existing artefacts (the DHEAP, NDHGS, application
that can be used to guide a cost-effective
architecture, solution requirements documents,
evolutionary path from the existing digital
and others) and builds upon them, presenting a
environment to the future state,
common framework for a nationally scoped digital
● A modern services-oriented architecture health ecosystem within Sri Lanka. By doing so, the
(SOA) based design pattern, blueprint can be realised in an evolutionary manner
● A common pattern and framework for over the coming decade.
realising the architecture (via its architectural
The authors of the blueprint would like to
views, and realisation plan),
acknowledge the commitment and contributions
● Registries for unique identification of made by our key stakeholder groups in the
subjects of care (referred to as clients or development of this document, and in their
patients in this document), providers of commitment to continual development and
care (organisations, and workers), supplies improvement of the blueprint and digital health
(drugs, devices, and materials), and facilities ecosystem, for the benefit of all Sri Lankan by
(locations, hospitals, and clinics), expansion of health services through digital health
● A National Electronic Health Record (NEHR) modalities.
providing a lifetime view of summary
This is the first version of the Digital Health
information for patients,
Blueprint; future versions of the blueprint will
● Enterprise single sign on of application API be published after in-depth consultation with
keys and users, stakeholders.

Background & Context | 3
1.
Background & Context
The Democratic Socialist Republic of Sri Lanka, The bulk of the inpatient burden of care in Sri
previously known as Ceylon, is an island nation Lanka (95%) and about half (50%) of outpatient care
approximately 65,000km2 situated in the Indian services are provided by the public sector2, which
Ocean. With a GDP of $3,682 per capita, Sri Lanka handled more than 6 million hospitalisations and
is a lower middle-income country which has a over 55 million outpatient visits in 20173.
population of 21.9 million people.
The government health sector comprises of
Sri Lanka provides free healthcare to all its following key streams:
citizens. Government expenditure on Health was
approximately 4.08% of GDP in 20191 and, despite • Curative Care: Delivery of non-specialised
the relatively low expenditure the country’s health primary care and specialised tertiary care
indicators have been on par with countries in the through a network of care institutions
region. throughout the country.
Sri Lankans can seek care from many different • Preventative Care: Delivery of community
practices within the country, however the health services which focus on disease
allopathic system caters to the needs of most of the prevention, the promotion of health and
population via private and public delivery, with very early interventions.
minor additional services provided by non-profit
organisations.
4 | Background & Context
Each of the streams mentioned above also multiple units under these DDGs, headed by
provides capacity building, such as undergraduate directors (examples: Health Promotion Bureau,
supportive hospital base training and full time In- Quarantine Unit, etc.). Specific technical work is led
service training of health professionals. They also by the medical specialists in each field supported
provide supportive services, such as aiding with by the medical officers and other paramedical staff.
logistics, drugs, equipment, and medical devices.
There is a department of health service for each
The delivery of care in the public system is provided province. Provincial councils are permitted to
by over 1,600 institutions (consisting of hospitals, formulate their own legislations called provincial
primary care units, and preventative care institutes) statutes covering the scope of Health in line with
of which 641 are hospitals operated by the central national health policies. Health services in the
government and provinces (provincial council country are provided by central government
hospitals). On average, the availability of hospital institutes as well as the nine provincial health
services is 3.5 beds per 1,000 persons. Community ministry institutes. Almost all Medical Officer
care is provided through 354 medical officer of Health (MOOH) offices (354) are directed by
of health divisions across the country provide Provincial health departments. It is also important
community care. Training of undergraduate to note the importance of the contribution of the
medical students and paramedical students done private sector, which provides more than 50% of
by the teaching hospitals. Also Inservice training primary care in the country.
of some paramedical students is done by training
schools joined to teaching hospitals. There are 354 MOOH Areas in Sri Lanka, each
headed by a Medical Officer responsible for a
Currently there are 91 medical officers and 212.4 defined population which, on average, is between
nursing staff per 100,000 persons4. 40,000 and 80,000 population.
1.1 Health System Organisation Human resource pool of the Sri Lankan health
system is made up of around 140,000 personnel
The Sri Lanka Health System Review produced by from different categories working in the curative
the Asia Pacific Observatory on Health Systems and preventive sectors. There are many medical
and Policies2 provides an in-depth view of the specialists that are involved in this process. For
organisational structure of the ministry of health. example, digital health related activity is the main
This content is summarised in this document for responsibility of the Health informatics specialty,
convenience of the reader. and in alignment with current global trends, played
a main role in the development of this blueprint.
The key agency for health services is the Ministry
of Health (MoH) of the government of Sri Lanka. 1.2 Healthcare Vision
The Ministry is responsible for policy development,
regulatory functions, resource allocation, medical The National Policy on Health of Sri Lanka5 states
supplies, and infrastructure development of the the healthcare vision for the country as “A healthier
public health sector. The Ministry is headed by a nation that contributes to its economic, social,
Minister of Health and a Secretary of Health. The mental and spiritual development”. The policy
Director General of Health Services (DGHS) is the identifies eleven guiding principles which serve as
technical head of the department of health and is the basis of this blueprint:
supported by multiple Deputy Directors General
• Citizen centric approaches,
(DDGs) who are mostly specialist administrators
or specialist community physicians. There are • Good governance and transparency,

• Upholding national values of free healthcare, • Ensure security and integrity of all health data/
the right to health, universal health coverage information systems
and equity and social justice.
• Ensure sustainability to all health information
• Encouraging multiple stakeholder involvement, systems
collaboration and partnerships for information
dissemination and sharing. 1.2.1 Key Strategic Goals
• Evidence-based decision making and
accountability, The National Health Policy established seven broad
strategic directions which were summarised in the
• Ensuring the privacy and security of healthcare
Digital Health Enterprise Architecture Plan [1] and
recipients,
are shown in Figure 1, which identifies the following
• Sensitivity towards cultural diversity and social goals:
norms,
a) Strengthen service delivery to achieve
• Systems approach to health information with a preventative health goals
focus on interoperability, b) Appropriate and accessible high-quality
• Minimal data redundancy and capture, curative care for all Sri Lankan citizens
• Conformity to technology relevance, simplicity, c) Promotion of equitable access to quality

cost-effectiveness, and efficient use of rehabilitation care
information resources, and d) Strengthen evidence-based service delivery to
support journey along the continuum of care
• Sustainability of information systems.
e) Develop new strategies to reduce Out of
The national policy describes a Health Information Pocket Spending (OOPS) and reduce financial
System (HIS) which facilitates an effective, equitable, risk
economical, and quality service while ensuring f) To ensure a comprehensive health system
privacy and confidentiality of care recipients. The through a better restructuring including
national policy set forth objectives including: Human Resource Management (HRM)
• Ensure that health institutions generate, share, g) Develop strategic partnership with all providers
and use timely and quality health information of care
to support organisational management and
development.
1.3 Health Information Systems
Challenges
• Make available systems for personalised
and community-based health information According to the United Nations sustainable
management. Enabling the continuous care of development goals7, physical and mental health
recipients who receive care at different level and wellbeing are key goals for a nation as well as
of care ensure optimal data & information the world. In any system as complex as the delivery
sharing and access to health information of health care services, there are bound to be
in relation to relevant sharable data in challenges all countries, regardless of the level of
health information systems while ensuring economic development, however the nature of the
ethical considerations and confidentiality of challenges may be unique to a country or similar
recipients. between a group of countries with similar socio-
• Encourage suitable innovations related economic backgrounds. Health information system
to health information management in challenges related to information, availability,
all information processes while ensuring quality, acceptability, utilisation, efficiency, costs
interoperability. and accountability are discussed here.

Appropriate and
Accessible high quality
curative care for all Sri
Lankan Citizens
Strengthen service Promotion of equitable

delivery to achieve access to quality
preventative health Rehabilitative care
goals Strengthen Evidence based
service delivery to support
journey along the continuum of
care
PEOPLE – PATIENT CENTRED HEALTH SYSTEM
Develop new strategies to

reduce out of pocket spending
(OOPS) and reduce financial risk
Ensure a
Comprehensive health Develop strategic
system through a better partnership with all
restructuring including providers of care.
HRM
Figure 1 : Main Strategic Areas of National Health Policy 6
Information and the sharing of it, is a key driver in Currently, if a patient transfer is required between
many business sectors and domains. The lack of hospitals using different (or even similar) systems,
availability or lack of quality of information in the there is no digital information sharing. Additionally,
healthcare sector can be particularly disruptive to discharges, referrals to outpatient services, or
streamlined care delivery. In Sri Lanka, digital health specialised services are not digitally shared.
solutions have been developed for a variety of care
settings (Annex C), however these solutions are This lack of interoperability and sharing currently
localised and are essentially siloed medical records adds an extra burden of sending/transferring
systems. The blueprint ecosystem was developed hardcopies of requisitions, records, results, and
based on shared systems details with the HIU. summaries between institutions, and relies on
patients, guardians, or medical workers to physically
For example, there are multiple hospital move records around and/or remember their
information systems (HIS) in use within Sri Lanka: own medical history. This lack of efficient sharing
Hospital Information Management System (HIMS impacts the availability of clinical information
– mostly used for inpatient hospital stays), Hospital where patients cannot produce summaries, recall
Health Information Management System (HHIMS their own history, or are in emergency situations
– mostly used for outpatient clinics, managed by where they are unable to produce this information.
ICTA), and a variety of private sector solutions. This reduces the accuracy of clinical assessments,

treatment plan development, and overall decision The country’s Medical Supplies Divisions (MSD) uses
making, potentially impacting the quality-of-care a software package Medical Supplies Management
delivery. This inefficiency is also costly to the Information System (MSMIS) to manage drug
health system as it requires duplication of efforts supplies between 200 institutions and drug stores
and increased strain on supplies and reduces the within the country. This solution, however, lacks the
overall capacity to deliver care. ability to track of non-drug medical equipment and
supplies which means that these stock supplies can
Additionally, these digital health solutions are run low, and in rare cases stockout conditions arise.
hampered by several equipment and human
resourcing challenges. There is often a lack of The inadequate availability of aggregate data also
available redundant computer terminals within hampers the ability for public health services to
hospitals and clinics. This means that hardware make real-time or near-real-time decisions on data
failures result in stations and digital services being submitted. Currently the availability of public health
unavailable for extended periods of time, requiring information in Sri Lanka is not directly integrated
staff to fall back to paper-based systems. The lack with clinical information systems, and accessing
of a trained, onsite human resource person to this information is sometimes difficult. This makes
provide local helpdesk services also means that communicable disease surveillance challenging.
repairs of equipment and networks often fall to It also makes the assessment of clinical quality
junior staff members when they are available to fix and accessibility challenging, which may hamper
these issues, when components become available. administrative decision-making processes.
Quality of care can be measured from differing All these issues can lead to a lack of transparency
perspectives. From a patient perspective, the
within the health sector. Accountability tracing
outcome of their personal experience of the
within the health sector (i.e., staff to the central
overall delivery and acquisition of care services
and provincial Ministries of Health) is difficult,
are the primary measures of the quality of their
if not impossible with manual processes.
care. Relying on patients to self-manage medical
Understanding how individual data was disclosed,
information can reduce the patient’s experience
used, and collected is important for patients and
as it imparts an information management burden
administrators as it can indicate inappropriate use
on them. Additionally, a lack of clear or accurate
of assets, access of resources, and can provide
information from the patient can increase medical
insights into potential optimisations.
burden, as tests are repeated, contraindicated
medications are unknown, and unnecessarily
All these challenges can coalesce and manifest
repeated procedures.
in a variety of manners. The poor allocation and
From an administrative perspective, quality of utilization of personnel, equipment, consumables,
care is typically measured at a macro level with and care settings can lead to increased cost and
adherence to guidelines, measuring access to burden on the central and provincial ministries of
services, and assigning additional supportive health. The lack of clear insight into use of inventory,
services. Currently, there is no adequate measure and health issues can cause understocking or
of adherence to clinical guidelines, policies, overstocking of materials in facilities. Additionally,
and evidence based best practices in Sri Lanka. the burden of manual aggregate data capture,
Additionally, the lack of robust human resourcing order and inventory management, and disjointed
systems means that allocation of human resources environments can lead to increased burden on
including transfers of staff between facilities and/ staff leading to poorer care.
or modifying assignments of staff to address
deficiencies in clinical quality can be difficult.

Implementing stand-alone digital health solutions to be addressed as the DHP is developed. There are
however is not a panacea. For example, there are different tiers of digital literacy required depending
already 3 hospital-based health information system on the service need, for example operators/
currently implemented in healthcare settings which end users of the system, hospital level system
operate individually and do not share information administrators, national level administrators, etc.
among each other. Public health information
systems are also not integrated and do not share It is vital to the financial sustainability and viability
information easily. of the health system that efficient, effective, and
appropriate use of health services by staff and
Further, the current level of digital literacy among patients be realised. Only through robust data
health staff and clients is likely inadequate and the capture, sharing, aggregation, and dissemination
capacity to utilise digital health solutions will need can this be achieved.

Introduction | 9
2.
Introduction
This section presents the key elements which a Digital Health Platform which will support the
were considered in establishing the Digital Health secure and confidential digital health future within
Blueprint for Sri Lanka. Most of these elements Sri Lanka as envisioned within the National Policy
emanated from the referenced documents (see on Health8.
table II.2), and consultations with Ministry of Health
and related stakeholders of Sri Lanka. Healthcare is a broad and deep domain, and the
wide array of projects currently being undertaken
by the Ministry of Health, the Health Information
2.1 Introducing the Digital Health
Unit, and ICTA are starting this transformation.
Blueprint
The blueprint sets forth a framework for moving
The most effective manner to resolve the health towards a future state and seeks to align the current
information system challenges in Sri Lanka, is the and future digital health interventions leveraged
adoption of a well-designed, well-connected, and within Sri Lanka. The alignment of health information
highly available health workforce, and related resources; indicators and data elements; data and
digital tools to support that workforce. information management practices; information
security, privacy, confidentiality, and ethics; and
This adoption is a journey to an ever evolving and
innovation are considered.
changing destination. The blueprint describes

10 | Introduction
The blueprint sets forth a consistent framework e) Innovate on clinical and administrative
for the specification of interchanges between processes by using evidence-based
solutions (the principles, views, and concepts of approaches based on real data from the
the blueprint), proposing a business service-based digital health infrastructure. The Digital Health
architecture, proposing a common architecture Platform by its service-based nature also
for integration using shared services, common fosters digital innovations within the public
information concepts and flows, and technical/ and private sectors.
functional principles for digital health solutions in f) Transform the health system of Sri Lanka into
Sri Lanka. a more efficient, quality and patient centric
health care delivery system future where data
Realisation of the blueprint will require multiple
and good decision making are omnipresent via
projects to be executed over the coming decades.
the shared, Digital Health Platform.
Broadly speaking, the initial realisation of a digital
health future for Sri Lanka involves:
2.2 Alignment to Sri Lanka
a) Digitalization of clinical workflows (such as Government Enterprise Architecture
primary care, inward base care, laboratory, (SL-GEA)
imaging, etc.), public health information,
human resourcing and identification, logistics The SL-GEA seeks to provide a whole government
management and more using digital software architectural approach for a digitally inclusive Sri
platforms. This includes the increasing of Lanka. The SL-GEA identifies three core values for
digital literacy of users leveraging massive, digital solutions in Sri Lanka, which this blueprint
open, online courses (MOOC) for users via aligns with:
e-Learning. 1. Citizens First – The blueprint provides a patient
b) Connecting those digital health solutions centred approach to integration of the Sri
to the broader ecosystem by increasing Lanka digital health ecosystem.
available infrastructure such as local and wide 2. Government as a Platform – The blueprint
area networks and cellular infrastructure, is designed to foster service reusability,
increasing access to mobile technologies, and providing common services for health
providing workstations capable of participating information exchange, and a framework for
in this connectivity. business domain specification.
c) Sharing information between digital health 3. Empowerment of Government Officers – The
solutions using open, consistent, and available blueprint serves as an enabler of health care
Application Programming Interfaces (APIs) for providers, and secondary use for health
the use of clinical curative and preventative administration and public health purposes.
delivery as well as administrative planning and
monitoring purposes. Throughout the development of the blueprint the
stakeholders and involved persons considered the
Once these baseline activities are completed, and
four key strategies identified in the SL-GEA:
become more broadly available within the country,
it then becomes possible to: • Citizens and Business Focused Solutions–
By providing a common framework for
d) Inform clinical providers and administrators
representing digital health solutions within
decision-making process via access to the
the broader enterprise aligned to the
digitised, connected, and shared data.
principles of provider benefit and patient
centredness.

Introduction | 11
• Shared Digital Services and Platforms – By 2.3 Architectural Views (Enterprise

providing a definition of common business vs. Logical vs. Technical)
domains, application concerns and
integration between each. This document specifies the requirements,
outline of the structure, as well as major features
• Developing a Highly Available and Secure
and components of a digital health platform
System – By treating privacy and security
architecture. It sets out the framework for
as a service, leveraging a services-oriented
implementing an interoperable health system
architecture (SOA) approach, and defining
using layers of detail expressed in different views.
common IT infrastructure for health services.
Figure 2 provides a summary of the levels of
• Unified Approach Towards Digital
specificity of this document and its relationship
Transformation – By focusing on
to other documents which provide further
interoperability and standardisation
specification of the digital health system in Sri
of technical components and business
Lanka.
processes through the solution and technical
views of the blueprint framework. Each view targets a different scope within the
enterprise design, and audience. Table 1 provides a
summary of the audience and scope for each view.
Contextual/Conceptual Abstraction Level Logical Abstraction Level Physical Abstraction Level
Enterprise View Logical Views Technical Views
Architecture Vision / Context Solution Use Cases Physical Designs
Requirements / Objectives Solution Business Architecture Software Designs
Service Models (Domains) Solution Application Architecture Interoperability Design
Conceptual Data Architecture Solution Services Architecture Security/Privacy Designs
Functional/Technical Principles Privacy/Security Architecture
Privacy/Security Principles
Identity Provider SRS
Identity Provider Solution Master Patient Index SRS
E-Health Blueprint Master Patient Index Solution Master Patient Index FHIR IG
Interoperability Plan Provider Registry Solution ...
...
Figure 2 : Architectural Levels and Artefacts

12 | Introduction
Table 1 – Audience and Scope
View Audience Scope Detail
Enterprise View All stakeholders National/Provincial Low
Logical View Business Owners National/Provincial Moderate
Technical View Operators and System/Application High

Developers
2.3.1 Enterprise View for a particular enterprise component. These

logical views contain interoperability profiles of
The enterprise view of the Sri Lankan digital relevant international standards, business triggers
heath architecture is primarily concerned with the for sending data, security considerations, and the
conceptual views, frameworks, patterns, principles, obligations of both providers and consumers of
and concepts upon which digital health services in digital health services.
Sri Lanka will be implemented and integrated.
For example, the Master Patient Index will be
The enterprise view of the Sri Lanka Digital Health realised as a software system, however there are
Blueprint is comprised of two key documents used potentially dozens of software solutions which
to disseminate the vision to relevant stakeholders: must interact with this service. The logical view
• Digital Health Blueprint: This document, which informs both the design of the provider of the
service (in the example, the Master Patient Index),
describes the overall conceptual business,
as well as consumers of the service (hospital
information and application architectures,
systems, Electronic Medical Records (EMRs) etc.) of
governing principles, vision and general
the overall use case and flow of information within
realisation plan.
a particular domain.
• National Interoperability Plan: This document
describes the structure, processes and 2.3.3 Technical View
cross-domain considerations for developing
interoperability profiles within the Sri Lanka The next level of detail which is required to
context and serves as guidance on the realise the Digital Health Blueprint of Sri Lanka
implementation of the interoperability in Sri are technical views. These documents are
Lanka. primarily authored to assist implementers (such
as developers, operations staff, and users)
2.3.2 Logical Views integrate and implement the blueprint in a physical
realisation.
While the enterprise view is a high-level document
which focuses on common patterns and structure Each domain may have one or more technical
between enterprise services and processes, logical views representing the implementation of the
views are intended to provide deeper analysis of logical enterprise component and expresses
the design of a particular component (for example: the data structures, APIs and transactions, and
Master Patient Index, Terminology Service, or software considerations within a particular
Provider Registry) and its interdependencies. implementation technology. These may manifest
as API documentation, FHIR implementation
The logical views are intended to facilitate the guides, or other structures appropriate for the
attainment of interoperability between systems implementation technology.

Introduction | 13
2.3.4 Enterprise Architecture enterprise architecture, this document presents a

Frameworks series of perspectives of an envisioned future state
of the digital health system in Sri Lanka.
The development of this blueprint takes inspiration
from several enterprise architecture frameworks. A Digital Health Blueprint is analogous to a
The most notable of which are the Federal blueprint for a building, in that it defines the overall
Enterprise Architecture Framework (FEAF)9 and The shape and requirements of the building (number of
Open Group Architecture Framework (TOGAF)10. rooms, layout, etc.). However, for implementation/
Furthermore, the blueprint draws inspiration construction of the building to progress, further
for design elements and structure from Canada detail must be expressed for electrical wiring,
Health Infoway’s Blueprint11, OpenHIE12, the plumbing, heating, and cooling, etc. The SL-DHBP
National Health Blueprint of India13, Integrating follows this pattern through its architectural views
the Healthcare Enterprise14, and WHO-ITU Digital (see section 2.3).
Health Platform Handbook15.
2.4.2 National Electronic Health Record
In this document, the health enterprise is separated (NEHR)
into conceptual business domains which contain
one or more conceptual business services. It is In this document, a national electronic health
envisioned that these business services will be record is used to describe the collection of health
described and specified further in solution and information captured about a citizen through
technical views. This strategy allows the blueprint various care providers connected to Sri Lanka’s
architecture to be decomposed into more Digital Health Platform. A client’s NEHR is populated
consumable pieces and implemented over time. as the client seeks and is provided care through
the numerous services connected to the health
2.4 Key Definitions & Overarching enterprise in Sri Lanka.
Concepts
The ultimate goals of the establishment of a digital
The purpose of the Digital Health Blueprint is to health record for citizens in Sri Lanka is to facilitate
provide a framework for the consistent planning lifelong care of the client across digital health
for the design and implementation of shared digital solutions. The requirements of which are described
health services within Sri Lanka. in section 3.2.
This section provides essential information 2.4.3 Digital Health Service (DHS)
about the key definitions and concepts of this
blueprint document which will assist readers and In this document the term digital health service
implementers in the understanding of how this is used to describe an enterprise service with a
document relates to others in the Sri Lanka health particular area of concern and function. This service
enterprise. Figure 3 illustrates the relationship should encapsulate all the business processes,
between these concepts. technology, and interconnectivity to provide one
or more business functions related to a particular
2.4.1 Digital Health Blueprint function within a business domain.
The primary objective of the Digital Health Blueprint 2.4.4 Digital Health Platform (DHP)
(referred in this document as “the blueprint”) is to
establish a shared understanding and vision of an In this document, a Digital Health Platform is used to
interoperable digital health record in the country describe the people (medical officers, government
of Sri Lanka. In keeping with the discipline of officers, support, and administrative staff, etc.),

14 | Introduction
Figure 3 : Relationship of Blueprint Concepts

Introduction | 15
organisations (ministries, NGOs, private sector • HIMS – Hospital Information Management

institutions, etc.), places (clinics, hospitals, etc.), System (and SWASTHA)
business processes, technologies, and standards
• Cloud HIMS
that facilitate the interchange of a client’s NEHR
• eRHMIS for reproductive public health
between stakeholders. This includes core and
support services such as: • LeMIS – Leprosy Management Information
System
• Mechanisms for uniquely identifying people,
places, services, providers, organisations, and • eIMMR – electronic Indoor Morbidity and
events. Mortality Register
• A patient-centred digital health record for An assessment of digital health interventions found
every citizen of Sri Lanka. in Sri Lanka can be found in the HIS Evaluation 2019
• Mechanisms to facilitate the delivery of care (referenced document #4).
including decision support, workflow and case

management, and cross-vertical care.
2.4.6 Digital Health Information
Warehouse (DHIW)
• Services to support centralised public health
monitoring, research, and financial and The Digital Health Information Warehouse provides
resource planning. summary information about population health
• Mechanisms to protect and monitor a client’s of organisational units within Sri Lanka (such as
privacy. provinces, regions, or private care settings). The
warehouse is the basis upon which reporting,
• Infrastructure built on existing Sri Lanka
financial and capacity planning activities, and public
government resources (Lanka Government
health decisions can be undertaken by the MoH.
Cloud, Lanka Government Network, National
Data Exchange Services, etc., and to be The DHIW is also commonly named the Health
expanded with private sector resources) to Management Information Services (HMIS). Because
ensure reliable, secure, and highly available the terms HMIS, HIMS (Hospital Information
communications. Management System), and HHIMS (Hospital Health
Information Management System) can easily be
The DHP encompasses the health information confused, the term DHIW and “secondary use” are
exchange of Sri Lanka and all related technical and used in this document in lieu of HMIS.
business services, policies, secondary use, and
supporting personnel. The DHIW defines and subsequently collects key
performance indicators (KPIs) either:
2.4.5 Point of Service (PoS)
Directly from Point of Service (PoS) applications
A point of service application is used to describe (i.e., data that is reported in aggregate directly by
any environment (clinic, hospital, community health the point of service application).
app, etc.) where clients seek, or receive care from
providers. These systems typically are specialised By querying DHS in the DHP to compute aggregates
and operated by various government, provincial (or asking those services to produce reports) on a
council and private sector institutes. particular reporting cadence.
Examples include: By monitoring events in the DHP and computing

aggregates in near real-time manner.
• HHIMS – Hospital Health Information
Management System

16 | Introduction
The physical realization of the logical DHIW up a component of the client’s NEHR. Repositories
component services within the DHP are not can store preliminary data, unconfirmed data,
specified in this document and will support a variety data which is negated (for negative results), and
of use cases and data within many contexts. The summaries (like discharge notes, referral notes, or
term DHIW is used to encapsulate all secondary visit notes).
use and reporting mechanisms within the DHP.
Repositories can be monolithic in nature (where only
Technologies which envisioned to service the role
one repository exists for all clinical information),
of DHIW are:
but should be federated (between provinces,
• Traditional Data Warehouse & Data Mart districts, or jurisdictions), delineated across disease
services provided by relational databases specific vectors (such as Non-Communicable
(using ETL or ELT) Diseases, HIV/AIDS, diabetes, or immunisation).
• Data Lake and Data Mining services Additionally, specialised points of service providing
detailed tests, studies and procedures (such as
• Online Analytical Processing (OLAP) Cubes
a PACS or RIS in a hospital system, lab system, a
• Specialized health services provided by District digital pathology lab, etc.) can also be considered
Health Information System (DHIS2), or the repositories of information in the blueprint if they
current eIMMR solutions. expose data in standardised forms.
2.4.7 Record Locator / Index 2.4.8.1 Registries
In this document, the term record locator (or index) In the context of the blueprint, the term registry
is used to describe a service which provide pointers is used to denote a digital health service which
to patient information across data repositories. provides authoritative/official records which are
Authenticated parties with the correct authorization referenced within the DHP. Whereas a repository
level may search the index to locate data within makes no supposition of the “official” status of
domain repositories, registries, etc. which may data, a registry’s primary goals is to establish an
represent a common client, event, etc. official (or golden) record for data.
For example, querying a record index for all data 2.5 Guiding Principles
related to Sanduni Perara may yield blood test
results in a lab repository, a discharge summary This section describes the architectural principles
in the NEHR repository, a diagnostic image in a which form the foundation of the blueprint, the
hospital system, and more. DHP, and the digital health solutions contained
therein. A principle is a fundamental truth or
Indexes contain metadata about the information
proposition that serves as a foundation for a
stored in repositories. An index primarily stores
system of beliefs. Principles should be used to
only minimal metadata information required to
guide strategic planning, prioritisation, and design
fulfil queries and a pointer to where the data
decisions. Solutions that align to these principles
resides in the DHP. An aggregator will then use
offer a basic level of compliance to the blueprint
these results to obtain the details of this data from
architecture.
the relevant repository of information.
All partners involved, including vendors, care
2.4.8 Repository delivery organisations, NGOs, and MOH staff
should strive to align with these principles in any
A domain repository is used in this document
business processes, procurements, development
to describe a digital health service which stores,
activities, software systems specifications, and
disseminates, and protects clinical data which makes
policy development activities undertaken.

Introduction | 17
2.5.1 Patient Centred The Digital Health Blueprint will encourage all
participant systems to provide appropriate access
The Digital Health Platform described in the to information that is suitable to be shared. As
Blueprint is intended to store and provide access to relevant health events occur, details will be shared
information primarily for the purpose of providing with the national digital health infrastructure.
health services for the benefit of patients. The
DHP and its transactions, events, and services Events should be captured with discrete, machine-
will be designed with the citizen/patient centric readable data wherever possible (patient, provider,
pattern in mind (for example, as opposed to case- location, substance, event, etc.) to maximise the
centric design), with the goal of providing the possibility for machine-processable re-use but
right information to the right person at the right should also be communicated in a context-specific
time along the entire continuum of care wherever package to provide additional clarity about the
possible. Solution designers will strive to develop specific care situation. The infostructure16 will
citizen-first, citizen-focused solutions to benefit all consolidate and assemble views of data rather
citizens of Sri Lanka. than through periodic extracts to provide dynamic
reporting through dashboards that will always
2.5.2 Aligned to Values remain current.
Stakeholders will collaborate to design systems that Participant systems in the solution should allow
will strive to uphold the national values of Sri Lanka. consumption of data from their repositories where
Particularly, that of universal health coverage, free practical. Patient information will be housed in
access to healthcare, the right to health, universal a decentralised manner, with source systems
equity, and justice. sharing only information that is suitable to be
shared. Information from source systems will not
Recognising patients do not all start from the same
be routinely replicated.
place, adjustments should be made to processes,
designs, and policies to correct imbalances with The blueprint shall be comprehensive and inclusive
the goal of inclusiveness and leaving no one in covering all relevant areas of healthcare workflow
behind. Systems will be used for the education and and information exchange across domains and
empowerment of citizens and healthcare workers jurisdictional boundaries to provide a complete
where possible. Intentional and unintentional national solution.
barriers arising from bias or systemic structures
should be identified and reasonable attempts 2.5.4 Value for Providers and
made to eliminate them. Government Officers
2.5.3 Culture of Information Sharing The digital health infostructure must be designed
with a focus on creating value in each service,
The enterprise architecture blueprint for Sri transaction or functionality that is created for
Lanka seeks to broaden access to clinical and individual or institutional providers of care (such
administrative information across agencies as delivery organisations, central and provincial
between patients, clinicians, health administrators, ministries of health, and health workers). The
researchers, and other stakeholders. Solutions infostructure must always seek to provide benefits
should support the sharing of accurate, timely and to providers and avoid obstructing workflows,
relevant information to support the administration duplicating work, or introducing complexity.
and delivery of care and foster appropriate and Solution designs should be created directly with the
transparent access to patient information with all end-user where possible, and solutions must treat
system stakeholders. provider user experience as a top priority.

18 | Introduction
Benefits such as reduced data-entry burden, manner ensures that appropriate mitigations and
seamless information flow, common authentication corrective actions can be taken in a timely manner.
processes, and clinical decision support will help to
enable organic adoption by providers of care. The The analysis and documentation of risks associated
DHP that the blueprint describes will enable data- with digital health solutions prior to integration
driven and evidence-informed decision making. The with the national health infostructure will provide
health information related resources stored and an understanding of what personal health
shared using the platform will be trusted, reliable information (PHI) is being collected and for what
and of high quality. Therefore will be suitable for purpose, how PHI may potentially be leaked or
use directly in patient care for evidence-based
disclosed, and allow for informed implementation
decision making, care accountability measurement,
of risk mitigations.
executing computable care guidelines and for the
accurate reporting of outcomes through KPIs and All artefacts, architectures, integration guides, etc.
data elements.
must include a security considerations section.
Solution and domain specifications must include
2.5.5 Security and Privacy by Design
implementation guidance regarding minimum
By design, digital health solutions implemented security constraints and contents of audit events.
in Sri Lanka will secure sensitive patient and
administrative information from unauthorised 2.5.6 Blueprint is Authoritative
access to protect privacy. Security and privacy
The blueprint is the authoritative reference for
analysis will be conducted as a first order activity
integrations within the health enterprise of Sri
during solution design, and not as an afterthought
Lanka at national, provincial, programme, and
during implementation.
health institution levels. Disagreements between
In providing broader access to sensitive information, system designs and patterns of integrations will
the custodians of clinical data (hospitals, ICTA, the arise as systems are integrated, but it is important
to identify and maintain an authoritative design
Ministry of Health, or organisations which store
pattern.
clinical information) must develop processes to
manage security breaches, data compromises, and All health IT activities undertaken by stakeholders
the scope/impact of such breaches. (such as central and provincial ministries of
health, private and public healthcare institutions,
Solutions and technical architectures of health and vendors) must, where possible, align to
systems deployed in Sri Lanka should include the blueprint. Classification of assets within the
appropriate analysis and documentation of risks, common framework helps with assessment of
contingencies, and validation that unauthorised solution applicability and a common language used
access is prevented (where possible) and to describe systems. Providing common assessment
documented/identified. Stakeholders which are tools for vendors and developers to understand
custodians of health information (clinical, or how they fit within the broader enterprise.
administrative) must establish protection strategies
The structure of regional, provincial, and national
and policies within their organisation which align
IT architecture documentation, plans, and assets
with the blueprint.
should follow fundamental structures set forth
by the blueprint. Establishing a consistent level
The security of private health information in transit
of requirements for solutions documentation
and at rest is of utmost importance. The auditing of
will allow for faster assessment of solutions prior
access and reporting of security breaches in a timely
to integration. Solutions and integrations must

Introduction | 19
adhere to the blueprint, and in the case of a 2.5.8 Leverage Existing Assets
fundamental disagreement, either the blueprint
must be updated to reflect the new approach (and The blueprint will consider the ecosystem of
all other system designs using this pattern are practices and solutions that are currently operated
updated), or the integration approach or solution in Sri Lanka and will identify how these existing
must be redesigned. assets fit into the conceptual constructs of the
architecture defined. Duplication of business
2.5.7 Vehicle for Cost Effective & functions within the broader e-health ecosystem is
Efficient Investment inefficient and should be avoided.
The blueprint will aid as a vehicle to guide and Existing investments in systems will survive and
support investment in digital health solutions prosper through the development of supported
in Sri Lanka. The blueprint seeks to support the integration strategies. Solution documentation
investment decisions of the central and regional should articulate the business services and uses
agencies operating within Sri Lanka to ensure of each shared service in the infostructure so that
alignment to the core principles of the digital health ecosystem partners can clearly identify the function
enterprise. Investment decisions should be made of shared assets and plan for integration.
in solutions that are architecturally aligned to the
blueprint, while supporting the strategic goals of Future developments of digital solutions should,
the broader health system. To reduce waste and where feasible, algin and leverage the existing
promote the organised rollout of an integrated services provided via the DHP described within the
health system, it is critical that future investments blueprint. In cases where shared services are not
align with the vision and roadmap of the blueprint. feasible, attempts should be made to address gaps
Sri Lankan authorities will include alignment to with existing solutions, rather than recreation of
the blueprint as a requirement for planning and functions.
procurements in future projects.

2.5.9 Encourage Innovation, Competition
The architecture must be defined to maximise and Partnership
benefit to providers while minimising costs
The digital health ecosystem should be open and
of implementation and operations for project
available to all suitable stakeholders, citizens,
sponsors, care providers, and government
vendors, and healthcare providers within Sri Lanka,
agencies. Designs must find a balance of sufficient
allowing for individuals to innovate and expand
quality and being suitable for purpose, while also
the existing constructs, participate in the creation
being simple and minimalistic, scalable to national of innovative technology, and compete with one
levels and provide a cost-effective model that another on a level playing field.
allows complexity to be absorbed and deployed
in an iterative fashion. Investments will strive to Design decisions should include all appropriate
maximise utilisation of available resources and be stakeholders. Public/private engagement is
built for sustainability. Investment decisions will encouraged where possible with the goal to provide
better care for all. Technical documentation should
involve suitable governance and transparency.
be openly available for vendors and innovators.
Solution designs will be able to sustain growth
Open standards should be transparently developed
across geographical expansion, the expansion in
and disseminated to stakeholders.
the number of users and the increased integration
of legacy systems.

20 | Introduction
2.5.10 Evolutionary Development 2.6 Uses and Benefits
The blueprint will expand as new features and This section is intended to assist in setting the
technologies become available. The enterprise context for the blueprint. Developing a blueprint
architecture described in the blueprint are the core is a critical step towards enabling standardisation
health information services the country will rely and interoperability between siloed health systems
on. The requirements and technologies available across a jurisdiction. The blueprint enhances and
to support these services continually change accelerates the development of digital health
over time, however resourcing to re-create or re- services and applications within the national digital
envision services is limited. health strategy. It also aids to align stakeholders
and to achieve consensus, creating an efficient
The blueprint will strive to ensure that architectural path forward to achieve national healthcare goals.
decisions made within domains facilitate functional
The following sections provide an overview of
growth of the infostructure while maintaining
the potential uses and benefits of an architecture
the operation of existing functions through both
blueprint, and how they apply to the various
incremental and transformational change.
individuals, organisations and stakeholders that
For example, new platform features can be interact with the national digital health system in
added while maintaining backwards compatibility the future. One of the primary purposes of the
with existing applications. This seeks to reduce blueprint is to act as a frame of reference and set
the rigidity and change management burden of of common definitions and principles for the teams
the enterprise and increases adaptability. The that are working on health information sharing
architecture will support incremental development, initiatives across the country.
allowing for near term results and rapid return on
The blueprint has been developed based on the
investment.
needs and requirements collected from the various
stakeholders that are operating clinical and health
2.5.11 Standardisation of Process and
information system operations in Sri Lanka, as well
Services
as the experiences gained from initiatives in other
Services and business processes related to data countries around the world.
and information management, specifically in
2.6.1 Uses of the Blueprint
relation to the interaction of stakeholders with the
DHP, should be aligned wherever possible.
The following sections describe the potential uses
of the blueprint and the DHP it describes.
The DHP described by the blueprint will be
designed using mature enterprise computing and
2.6.1.1 Framework of Reference for Strategic
service-oriented architecture approaches, ensuring
Planning
that interactions with the Digital Health Platform
are stable, persistent, and dependable. Consistent The healthcare sector of a nation is comprised of
processes between organisations increases data many stakeholders and systems. The blueprint
reliability and consistency. assists in providing an overall view of the national
digital heath systems, once realised it enables
All digital health solutions should provide business stakeholders and project teams to align their
use cases of their interactions with the information systems so that they can be incorporated in the
exchange. Design specifications should also future. The blueprint will serve as a valuable
consider availability, scalability, reliability, and strategic input document that can assist officials in
maintainability. Solutions must also be performant, their decision making, planning and investment in
scalable, and measurable. digital health solutions.

Introduction | 21
2.6.1.2 Tool for Promoting Country-wide 2.6.2 Benefits of the Architecture

Standardisation Blueprint
The blueprint promotes a common understanding The following sections describe the primary
of the future state of health information sharing benefits of the blueprint categorised by conceptual
in Sri Lanka. Operating within this context allows stakeholder group.
projects across the country to coordinate and align
their work within this common framework and 2.6.2.1 Benefits for Patients & Advocates
achieve interoperability.
Providing a national blueprint for digital health
The use of a blueprint establishes key terminology allows patients, their advocates and supporting
for communicating between stakeholders with organisations (for example, Sri Lanka Association
various backgrounds. Stakeholders will be better for Child Development) in the understanding of
able to identify and describe their requirements and the future digital health infostructure. In doing
be better able to understand potential solutions as so, innovative applications that make use of
they are presented. the services in the infostructure can be further
developed, allowing patients ownership over their
2.6.1.3 Guiding Conceptual Designs of Specific own clinical records in specialised tools customised
Implementations to their condition. This includes use cases such
as digital proof of procedures, prophylaxis,
The blueprint provides a conceptual architecture
immunisation records etc.
of the national Digital Health Platform (DHP) for Sri
Lanka. This accelerates the architecture phases of
2.6.2.2 Benefits for the Line Ministry and
individual projects by reducing effort and provides
Provincial Ministries of Health
valuable input into the design and development
phases. The blueprint can also be used as a Developing a blueprint is a critical step towards
supporting document in the early phases of project enabling standardisation and interoperability
initiation, to set context, help acquire support from between siloed health systems and across the
stakeholders or funding from project sponsors. various programmes delivered by the Line Ministry
and Provincial Ministries of Health in Sri Lanka.
2.6.1.4 Investment Evaluation The architecture manifests a national digital health
vision and mission into a tangible framework for
The blueprint will become a key asset used during
deploying digital health services. Use of a common
project initiation phases to assist in setting context
blueprint accelerates the development of digital
for programs or projects. Evaluation criteria could
health services and applications within the national
be established that assess the conformance of the
digital health strategy, and provides guidance
proposed program or project to the blueprint and
that can be leveraged throughout provincial and
this information could be used to guide investment.
regional directorates of health.
2.6.1.5 Framework for Education, Training &
The blueprint will also be used as a tool to achieve
Skills Development
stakeholder consensus on national strategies and
The blueprint provides a framework for education, priorities. The blueprint can be used as a framework
skills training and capacity development in digital for classifying initiatives to make the most effective
health solutions. Common nomenclatures and use of limited resources and funding.
concepts should be introduced into the various
Finally, a common blueprint assists in guiding
skills development programs across the country.
national digital health investments. This allows for
This will aid in the transition to a digital health
capital and donor based activities to be aligned,
environment.

22 | Introduction
reducing of duplicated efforts and prioritizing local and provincial systems, but also ensures
strategic digital health interventions. The alignment compatibility with a known national infostructure.
of all the in-country digital health initiatives provides
clarity to donors and implementer in regards to the The consistent use of nomenclature in solutions
services, requirements, roles, responsibilities and also improves understanding and communications
governance of the digital health innovations in Sri within care teams and across organisations, and
Lanka. ultimately improves accuracy in national reporting
and allows technology developers to better
2.6.2.3 Benefits for Technology Innovators,
understand where their solution fits within the
Software Development Organisations and
broader national digital health infrastructure.
Vendors
Establishing a blueprint benefits Sri Lanka 2.6.2.4 Benefits for Healthcare Institutions
by increasing the agility of health technology
Healthcare institutions benefit from having a
innovation. The blueprint provides clarity and
national blueprint. Hospitals, private clinics,
direction to innovators, software development
agencies, and non-governmental organisations
organisations and solution vendors, lowering their
can use the blueprint to assist in solution planning
costs, timelines, and risks of systems development
and/or procurement. for their individual goals and needs. While these
entities will all be at very different stages of
The blueprint achieves this is by simplifying and technology adoption, the blueprint can be used as
standardising information exchange protocols a support tool during strategic planning exercises
within the health sector of the nation. Using a for digital transformation.
platform approach also accelerates and simplifies
software development and future enhancements The DHP proposed by the blueprint will assist the
by re-using common platform components across healthcare institutions through the information
health domains and jurisdictions. sharing. The sharing of clinical data allows
institutions to reduce costs by preventing the
With this platform in place, client applications can
duplication of clinical investigations, reducing data
leverage complex business processes and datasets
entry errors, duplicate data entry, and consistent
available in the infostructure to achieve business
identification of subjects of care and materials at
objectives. For example, the blueprint architecture
will allow innovators to develop specialised “apps” the point of care.
to make use of information gathered by other
The blueprint also presents an opportunity to drive
digital health software applications without the
change management and knowledge transfer.
need for point-to-point integration between (or
This will aid in the adoption of common digital
even knowledge of) those other applications.
processes used by healthcare professionals, and
Information standardisation specified in the support staff.
blueprint and the companion artefacts such as
2.6.2.5 Benefits for Clinicians and Healthcare
the interoperability plan ensures that applications
Providers
work with data that is consistent, understandable,
accessible to, comparable to, and compatible Publishing the blueprint provides a common
with other applications across national digital framework and set of consistent nomenclature
health programs and services. Using consistent to assist in meaningful collaboration between
interoperability specifications across the nation colleagues across the health and ICT domains
allows for innovation and diversity to occur in in a secure manner. This allows providers to

Introduction | 23
securely access data and influence the direction 2.7 Key Assumptions, Decisions and
and prioritisation of investments in digital health Limitations
technologies.
This section defines the key architectural
The DHP that the blueprint describes also allows assumptions and decisions made during the
providers to use shared infrastructure to portably development of the blueprint.
apply their skills (i.e., after transfer, private
practice, telemedicine, or remote medical services). The assumptions made in the development of the
Streamlined access credentials reduce the blueprint were:
burden of remembering multiple logins, changing
i. The SL-UDI (Unique Digital Identity) platform
passwords, or updating contact information.
will be available and will provide compatible
Healthcare providers can also use the blueprint interfaces (using OAUTH and/or OpenID) made
to participate and influence the development available for the health sector for the DHP.
and implementation of the national digital ii. Any supporting security (one-time passwords,
health infostructure to achieve the broader password complexity, access control), human
goals of quality care processes such as known, resourcing (enrolment and deactivation of
consistent procedures for data capture and faster users, transfer, and assignment of providers),
dissemination of health event information to and and technical policies and procedures will be
from other facilities. developed independent of the blueprint by
relevant agencies in Sri Lanka (the NDHGS [2]
Understanding the architecture allows document contains guidelines for these).
providers to monitor and evaluate digital
health implementations and interventions as iii. Public and private health care institutions
they are developed. By utilising consistently have reliable connectivity (e.g., hard-wired
applied terminologies and workflows described fibre optic internet) and can accept requests to
in the blueprint, the health workforce becomes service queries from known consumers.
more efficient by having the ability to port their iv. There is an acceptance to use health
knowledge and skills between organisations across care standards and a willingness among
the country. implementers to implement them.
2.6.2.6 Benefits for Health Professional v. The maintenance of independent data

Councils producers to be directly queried by other
connected systems on the DHP would present
Health professional councils such Sri Lanka Medical a significant level of effort for operators,
Council and Sri Lanka Nursing Council and other network, and software developers as each
bodies can use the blueprint to envision future revision to the standard document would
state policies and workflows related to national require software updates to each connected
information presentation and sharing, member system.
education, and the performance and measurement
vi. Implementers of digital health services
of patient outcomes.
which participate in the DHP will understand
The blueprint will also assist in envisioning how the National Digital Health Guidelines and
the infostructure can be used to improve patient Standards [2] document including the onus
outcomes through utilising clinical decision support of their organisation whenever operating or
and/or expert systems. Associations can also use developing software for Sri Lanka.
the blueprint to help guide policy creation for data vii. Operators of digital health services
collection and research use of data. (custodians of data) will be responsible for the

24 | Introduction
maintenance and implementation of their own and an initial series of needs assessments with
policies which protect patient privacy, security relevant stakeholders.
of IT systems, etc.
viii. Blueprint version 1.0 is meant to provide an 2.8.1 Identification of Key Stakeholder
extensive description and presentation of a Groups
potential future state (10 – 20-year horizon),
From the outset, digital health capabilities and
this framework and blueprint will evolve
services defined in the Digital Health Blueprint
through stakeholder engagements to develop
have been based directly on the needs of key
future revisions 1.1, 1.2, 1.3, etc.
stakeholders. During the development of the DHEAP
ix. The Sri Lanka Digital Health Blueprint version mentioned above, an exhaustive list of stakeholders
1.0 was developed using an agile methodology was identified and prioritised, and these groups
led by the Sri Lanka Ministry of Health, along have been consulted from the beginning of the
with various national stakeholders and development of the DHEAP and the Blueprint. Live
national and international technical assistance in-person workshops were conducted where needs
during the mid 2022. Ongoing travel and were identified and documented, and capabilities
meeting restrictions required that much of the and services were identified to satisfy those needs.
work for version 1.0 be conducted remotely. Ongoing assessment meetings of the status of
This was effective at establishing an initial the digital health interventions being used by
first version; however, it was not ideal from various programs are being conducted during the
a collaboration standpoint, and may have development of the blueprint to ensure alignment
introduced gaps such as missing or incomplete to needs.
stakeholder feedback and assessments. It
is expected that the blueprint will continue Key stakeholders include relevant DDGs, public
to evolve beyond version 1.0 with intensive health programs in operation such as the
feedback from additional stakeholders, and National Cancer Control Program (NCCP), Non-
subsequent versions will be released later. Communicable Disease Unit, Deputy Director
Generals (DDG), Health Information Unit
2.8 Evolution of the Blueprint (HIU), Family Health Bureau, ICTA and more,
as well as operators of existing curative and
Under the mandate of the National e-Health preventative sector health information systems
Steering Committee (NeHSC) established in 2019, across the country such as the Hospital Health
a technical working group was appointed for Information Management Systems (HHIMS),
the development of the National Digital Health Hospital Information Management System (HIMS)
Blueprint and Health Information Exchange SWASTHA.
(TWG-BluePHIE). In the process of developing a
blueprint, the TWG-BluePHIE observed a deficit 2.8.2 Landscape Assessment and
of an overarching National Digital Health Strategy Business Context
that would align the scope of the blueprint with the
national digital health vision and mission. Because To set realistic and achievable targets for the
of this, the document scope of the original blueprint national digital health program, the working
expanded from a National Digital Health Blueprint group conducted a detailed landscape assessment
to a National Digital Health Enterprise Architecture evaluation of current health information systems
plan. active in Sri Lanka using the MAPS framework17.
This plan set the framework for the capture of To gain a thorough insight into the business context
requirements, provided an initial series of analysis, of digital health in Sri Lanka, the DHEAP reviewed

Introduction | 25
several National documents and publications, MOH and ICTA with technical assistance provided
including: by international consultants (ITA) and national
technical consultants (NTA) engaged in a
• Annual Health Bulletin – for insights on
collaborative authoring process to co-develop a
population health, health system status and
framework for a holistic approach for digital health
challenges
integration.
• National Health Policy – for insights on the
vision, mission, and health policy goals of the This initiative resulted in the creation of key
country enterprise, conceptual artefacts including:
• National Health Strategy Master Plan 2016-2025 • Digital Health Blueprint

– for identification of health strategic priorities
• Interoperability Plan
• The Annual Report of the Central Bank of Sri
• Interoperability Profiles
Lanka for insights on the economic and social
development goals of Sri Lanka • Sustainability and Resourcing Plan
• Health Information Policy of 2017 – insights • Procurement Plans
on guiding principles and main strategic areas
pertaining to Health Information This set of documents will serve as the basis for
implementation and realization of the blueprint.
2.8.3 Establishing Digital Health Needs
2.9 Stakeholder Engagement
One of the most important steps of the DHEAP
development process was to identify, collate The MOH will continue to engage with stakeholder
and discuss key stakeholders who would benefit groups identified within the DHEAP document
from digital health interventions. MOH carried throughout the development of the blueprint using
out a workshop in 2019 to sensitise the field level the process illustrated in Figure 4. To optimise the
stakeholders and identify their digital health needs. feedback from stakeholders, version 1.0 assets of
the digital health enterprise architecture will be
The primary workshop process had three distinct
presented, and feedback iterated into the draft
sessions:
to ensure that each of the assets developed in
• Sensitisation and knowledge sharing sessions the enterprise architecture meet the expectations
• Digital Health needs identification sessions and and needs of stakeholders (which were previously
mapping captured during the landscape assessment phase
of the DHEAP development). Subsequent releases
• Discussion sessions between organisations
will be made available, disseminated, and iterated
until validation has been achieved.
2.8.4 Creation of the Digital Health
Blueprint Artefacts Throughout the process documents are edited and
uploaded to the Sri Lanka Digital Health Architecture
After the development of the DHEAP zero draft, the
Blueprint Redmine site, a collaborative platform
development of a comprehensive framework for
that allows for dissemination of tasks, documents
digital health enterprise architecture (and health
and other assets between relevant authors and
information exchange) was undertaken, using an
stakeholders.
agile sprint development methodology. The project
has been supporting this piece of work since July • Public Health Programs: identified in the
2021. DHEAP

26 | Introduction
Blueprint Plan & Preliminary Blueprint & Standards Plan Digital Health
Work Authoring Blueprint Documents (v1.0)
Stakeholder Groups Blueprint Finalization / Collaboration

Process
Ministerial Provincial
Directors Directorates
WHO Vendors
DHEAP Plan 0.6 & Blueprint Incremental Dissemination of

Current State Assessments Validation Versions of Blueprint v2.0
Blueprint
Hospitals, Colleges/
Care Delivery Associations,
Organizations Universities,
PGIM
Sri Lanka Enterprise Blueprint Redmine Collaboration Platform
Figure 4 : Stakeholder Engagement Plan
• Ministerial Directors: Curative (DDG MSI, DDG, • Care Delivery Organisations: Primary Care
MSII, DDG Lab), preventative (DDG PHSI, DDG Units, Government and Private Sector Hospitals
PHAS II), Logistics (DDG MSD, DDG Bio Medical (Teaching, District and General)
and HR)
• Institutes contributing to streamlining digital
• International Agencies: The World Health health services, including: ICTASL (PVT) LTD,
Organisation, World bank, Asian Development SL-CERT(PVT) LTD, TRCSL, HISSL, SLCHI, SLMC,
Bank, and UNICEF NMRA, SLNC
• Public Health Programs • Patient Groups
• Provincial and Regional Directorates • Trade Unions
• Colleges/Associations, Universities and PGIM • Vendors: Telecom Providers, Network

Companies, and Hardware Vendors

Business Architecture | 27
3.
Business Architecture
3.1 Current State resources, software packages, and supporting

infrastructure.
The current state business architecture of the Sri
• Physical Capabilities: The personnel (nurses,
Lanka Health Enterprise has been adapted from
doctors, administrators, and other health
the DHEAP (1) document and illustrated in Figure 5.
workers) and physical infrastructure (such
The Ministry of Health is the governing body which hospitals and clinics) which are used to deliver
is primarily responsible for the E-Health Steering care to patients via health services offered in
Committee (EHSC). The steering committee with Sri Lanka.
the assistance of other ministries (such as ICTA)

The current and future physical (new devices, clinics)
and under the guidance of the Health Information
and digital (DHP, registries, etc.) capabilities of the
Unit (HIU), as the national focal point will monitor
sector will, in turn, either strengthen or weaken the
and guide the capabilities of the health sector:
ability of the EHSC to realise objectives set forth
• Digital Capabilities: The use of health by the national policy on health information18.
information systems for care delivery, Additionally, these capabilities will guide the ability of
management, reporting, monitoring and Sri Lanka to deliver and implement health services
protection of data used for the delivery (digital and physical) provided by government
of care. This includes the technology

28 | Business Architecture
Government
Special Interest Groups
Other
MOH
INGOS Ministries
HIU
NGOS
Governs Collaborates
Civil Organizations E-Health SC
Monitors / Guides Strengthens / Weakens
Capabilities
Contribute
Digital Physical
Enables
Capabilities Capabilities
Support Services Enables Enables
Digital Health Services Health Services

Strengthens / Supports
Government Supports Government
National
Prevent- Benefits
Provincial Curative
ative
Drives /
Informs Health Client
Private Private
Governs
Legislation Standards Guidelines Strategic Vision / Goals
Figure 5 : Current Enterprise Business Architecture

bodies at the national and provincial level, as well ministries of health. A detailed organisation chart
as the private sector. for the Sri Lankan MOH structure can be found in
the Sri Lanka Health System Review produced by
The capabilities enable supportive services for the Asia Pacific Observatory on Health Systems
digital health services and health delivery services. and Policies19, which provides an in-depth view
These support services include human resourcing of the organisational structure of the Ministry of
management, procurement and supplies Health which was summarised in section 1.1 of this
management, policy and procedure dissemination, document.
and other such services which strengthen digital
health services. Digital health services, in turn, The Director General of Health services (DGHS) is
support the delivery of preventative and curative the technical head of the Ministry and is supported
health services delivered by government and by multiple Deputy Director Generals (DDGs) most
private institutions for the benefit of health clients. of whom are specialist medical administrators or
specialist community physicians. Under the DDGs
3.1.1 Business Structure are separate units headed by directors (examples:
Health Promotion Bureau, Quarantine Unit, etc.).
This document provides only a summary of the The Health Information Unit resides under the DDG
MOH structure relevant to digital health and is Planning, and is the national focal point for health
not intended to provide an in-depth description information and digital health, as mandated by the
of the organisation of the central or provincial National Policy on Health Information-201718.
Minister of Health
Deputy Minister
Secretary of Health
Additional Secretaries
DGHS
Directs
DDGs
ICTA Supports
Coordinates
Operational Units
Department of Health
Figure 6 : Conceptual Relation of Central MOH

The Information and Communication Technology Provincial Directors of Health Services (PDHS)
Agency of Sri Lanka (ICTA) provides guidance on are the technical leads of each province’s health
national ICT strategies, policies, plans, standards department. Each district within the province
and guidelines as well as operational IT support to additionally has a Regional Director of Health
the MOH. Services (RGHS) who is responsible to the PDHS.
The DDGs are illustrated in Figure 7, and are There are 354 Medical Officer of Health areas
aligned to the core operations including financing, in Sri Lanka, each headed by a Medical Officer
staffing, planning, delivery, and administration of responsible for a defined population which, on
health delivery, monitoring and reporting activities. average, is between 40,000 and 80,000 persons.
Collectively, these represent the “business users”
for the blueprint. 3.2 Business Drivers
The primary areas of concern for each DDG at the This section provides insights into the business
central level is described in Annex A. needs and drivers for the establishment of
Figure 7 : Focal DDGs for the blueprint
3.1.2 Provincial Health Ministries the blueprint. These drivers were attained
by summarising the stated objectives of the
The MOH, also referred to as the “Line Ministry”, as
enterprise architecture in the DHEAP (section 7)
opposed to “Provincial Ministries”, is responsible
and key stakeholder engagements/current state
for the primary management of health services
assessments (described in more detail in Annex B)
within the country and provides stewardship
with several Deputy Director Generals and
for development and delivery of health services.
directorates of the MOH.
The MOH also directly manages several large
hospitals (National Hospital of Sri Lanka, teaching, These sources were used to establish key drivers
and specialised hospitals, etc.) and preventive for the establishment of a National Digital Health
programmes and campaigns. The nine provincial Platform which are described in more detail in this
health ministries are charged with the effective section:
implementation of care within their respective
provinces including primary care, secondary care, • Address the complexity of governing digital
and prevention services. health solutions.
• Establish a shared, patient centric, nationally

The administrative head of provincial ministries
scoped electronic health record (NEHR).
of health are the provincial Secretary of Health.

• Facilitate the sharing of data between digital to-day activities of providers (and, in the
health solutions in the private and public future, patients) requires additional training
sector. in all aspects of information sharing and
use, including privacy and security, ethics,
• Provide accurate, complete, and timely
appropriateness, patient safety. These
access to digital health information between
considerations must be taken by providers of
stakeholders.
care in addition to their regular clinical duties.
• Protect and secure private patient health
• Information Complexity: Storing and capturing
information.
data from different clinical domains delivered
• Streamline the collection of primary care data by different providers with varying systems of
and enable secondary uses of that data. use increases the complexity of defining the
• Enhance operational effectiveness of the structure and content of data including textual
Ministry of Health through capacity building, data, medical imaging, video, and others.
and knowledge dissemination. • Standardisation Complexity: Using a single
• Integrate information sharing flows between standard (such as FHIR) may appear, on
public and private care settings for delivery, the surface to address the complexity of
prevention, referral purposes, supply and a heterogenous standards environment,
commodity management. however it is rare that a single standard can
be adopted for the entirety of the health
3.2.1 Address Complexity of Digital domain. Several factors impact this including:
Health Solutions appropriateness of the standard itself Digital
Imaging and Communication in Medicine
The wide array of health services delivered within (DICOM), Web Access to DICOM Objects
the Sri Lankan health enterprise for various (WADO) / Query based on ID for DICOM
purposes by different providers can lead to a
Objects (QIDO) is better suited for imaging,
challenging IT landscape from both a governance
System Logging protocol (SYSLOG) is faster
and implementation perspective.
for auditing), the capabilities and ability/cost
The complexity manifests itself across many to change existing solutions (like proprietary
different dimensions, including: software solutions) should be considered when
selecting appropriate standards.
• System Complexity: A solution supporting the
wholistic delivery of care at a national or • Technical Complexity: The ability to manage
provincial level would need to support a wide diverse services required for different domains,
range of complex domains (like Radiology, across disease vectors while providing scalable
Laboratory, Pharmacy, Pathology, etc.) with and reliable infrastructure with proper
wildly differing data and business process redundancy and disaster recovery procedures
requirements and various users. must be considered by any implementer of a
health system.
• Organisational Complexity: Health clients may
seek curative or preventative care in private It is often tempting to envision a single, monolithic
or government health settings in a variety of solution to address this complexity. However,
settings (hospitals, clinics, outreach, etc.). forcing a single solution into such a complex domain
across specialties, use cases, and disease vectors
• Human Complexity: Incorporating the use
is nearly impossible, even if such a solution is
of shared health information into the day-

designed using microservices and REST APIs. There for research, monitoring, ability, and planning
are simply too many disease vectors, requirements, within Sri Lanka.
data elements, guidelines, and users to appease to
• The DHP shall ease the ability to make key
implement a one-sized solution for all use cases,
business decisions based on individual records
making a single solution unmanageably large and
inflexible to changing requirements. where clinically or legally relevant (such as
recalls of devices or drugs).
For the blueprint’s solution to complexity, please
• The DHP shall provide a mechanism to allow
refer to 3.3.2.
for permanent erase of clinical data related
to a patient when requested by the patient
3.2.2 Establish a Shared, Patient Centric
(withdrawal).
National Electronic Health Record
(NEHR)
3.2.3 Share Relevant Clinical Data
The primary business driver of the DHP in Sri Lanka between Organisations, Facilities and
is the establishment of a patient-centred National Care Settings
Electronic Health Record (NEHR). This electronic
The DHP’s primary business driver (establishing a
health record should be cross-cutting between
lifelong patient centric NEHR for a patient) requires
connected organisations, software solutions,
the consolidation of structured and unstructured
delivery systems, providers, organisations, and
data, documents, and notifications.
governmental bodies. NEHR will also facilitate
primary healthcare reorganization currently being
The NEHR should not be a replication of all health
undertaken within the line ministry of health.
events from every PoS system. Rather, it should
represent a curated subset of data collected from
The NEHR will be accumulated from contributions
individual interactions a patient has with the health
driven by care events delivered from birth until
system. Clinicians often have only minutes to interact
death: a life-long health record.
with patients, and as such, NEHR summaries should
Authorised primary and secondary use of clinical represent the essential information to provide an
data, with the consent of the patient or mandated by accurate health picture for the patient (i.e. only
law and in particular the Personal Data Protection sufficient data for a provider to make an informed
Act 2022, should be considered a key business clinical decision), allowing clinicians to navigate to
requirement of the DHP. the source of information when required.
3.2.2.1 Requirements Examples of data which may be of use in a shared

NEHR include:
• The DHP shall allow the storage and retrieval of
• Hospitalisations and discharge summaries.
discrete, identified, patient data, within legally
permitted limits, for the lifetime of the patient. • Referrals and transfer data between points of
care.
• DHP shall allow the expression of consent
by the patient (or the withdrawal of consent) • Blood type, allergy, immunological and
of the use of their data for secondary use prophylaxis profiles.
purposes such as research, planning, and • Communicable disease status.

monitoring.
• Chronic conditions and care plans related to
• The DHP shall allow the computation of long term care.
aggregate data on regular intervals for use • Medication profiles.

• Laboratory, pathology and diagnostic imaging • The DHP shall specify in its logical views, the
results. clinically relevant events which should trigger
sharing of data with the shared infrastructure.
• Organ donation and transplant recipient
status.
3.2.4 Provide Accurate, Complete and
Conversely, a client’s digital health record should Timely Delivery of Care
not include minutiae related to transactional care
Patients within Sri Lanka can seek curative and
within a clinical setting which would provide little
preventative care within the public or private health
or no value to care delivery or secondary use.
systems. During treatment, patients interact with a
Examples of content which should not be in the
variety of solutions including hospital information
shared DHP include:
systems (HIMS, HHIMS, SWASTHA, OpenMRS,
• Hourly temperature, blood-pressure, and heart CloudHIMS etc.), disease specific solutions (DenSys,
rate monitoring. eMIS, LeMIS, etc.) as well as private solutions.
• Discrete data about business processes within To facilitate the best health outcomes for these
an institution. patients, the DHP must supply to health providers
• Internal patient management data such as bed using these systems with accurate and up-to-date
location, current ward, etc. information. This includes facilities within the DHP
which allow for the querying of events which have
An illustration of the types of information captured occurred, or are intended to occur (i.e., referrals,
at points of service and the relevant information for transfers, appointments), and proposals for care
the national electronic health record is contained (i.e., Clinical Decision Support Services (CDSS)
in Figure 8. The initial specification of the minimum proposals).
data set for these classifications of data to be
submitted to the NEHR is specified in the National 3.2.4.1 Accurate
Digital Health Guidelines and Standards (2)
Whenever clinical decisions are made based on
document20.
data from outside of an organisation, it is important
Establishing which data elements belong in the that the provenance of that data (its origin,
patient’s shared digital health record is a decision including surrounding context) as well as accuracy
which must be made between stakeholders and of the data is conveyed. The DHP should indicate
will vary between health sub-domains. These methods of digitally signing clinical data from
elements are specified in each logical view so that source, ensuring that providers consuming this
implementers, operators, and users are aware of information can be assured that the information is
data which should be shared. accurate, and has been reviewed. Additionally, the
unaltered from the originally submitted data should
3.2.3.1 Requirements be available for clinically sensitive information.
User interface techniques should also be used to
• The DHP will specify in logical views, the data
report provenance to the end user of the data in
elements which are clinically relevant for
question21.
sharing between system and organisational
boundaries. In the case where data is generated, aggregated,
• The DHP will validate that submitted data to a or translated within a DHP service, it must also be
patient’s NEHR is valid and meets the criteria clearly identified as such. The distinction between
and minimum useful data elements based on generated, aggregated, or translated data and
the triggering event. data which was reviewed and signed by the source

Patient’s National Electronic Health Record
Demographics Medications Social History Referrals
Problem/Condition List Encounters Transfers/Discharges Diagnostic Reports
Discharge Summary
Laboratory Diagnostic Result:
Visit Summaries
Date, Health Institution Number,
Imaging Study Results Vaccination Event Summary
Investigation request ID, Personal Health
Lab Results
Number, Test Name, Test Result, Provider ID
Prescipriotns
Laboratory Hospital Child Welfare Clinic
Specimen Battery Temperature Drug Admins Weight Immunization

Collection Analys Dx
1 2 3 4 5 Bed Transfer
is Report
Heart Rate MRI
Dx
1 2 3 4 5 Image
Report
Figure 8 : Sharing of Clinically Relevant Data
provider is important, as it impacts the decision- organisation to ensure uninterrupted care to

making process of downstream users of the the patient. Use cases where timely access to
information. information is of elevated importance are:
• Digital capturing of physician order entries,

It is also important that the DHP and points of
currently Bed Head Ticket (BHT) at ward level
service communicating with the DHP also prevent
to EMRs
updates to records containing clinical data, or data
upon which clinical decisions have been made. • Transfers between facilities (such as a routine
Once submitted, signed data should be considered care to an emergency care centre)
unalterable, and changes should be submitted
• Sharing of medical imaging between facilities
as amendments (or versions) to the original. This
allows appropriate tracking of changes over time, • Requests to laboratory facilities and
to understand the basis upon which historical pharmacies
clinical decisions were made. • Specimen collection, shipping, and lab testing
3.2.4.2 Timely • Diagnosis of communicable diseases for

outbreak management
When patients transition between facilities, or care • Notifiable communicable diseases
settings there is be a need for the DHP to facilitate
the exchange of this data. Whenever business This timely delivery of data requires that the DHP
processes cross organisational boundaries, it is be available to all points of service. The nature of
vital that requisite data is available to the receiving using internet communications technologies will

ensure that data about the patient is available in a • The DHP shall define methods which allow
near-real time manner (i.e., in a matter of minutes for the amendment of clinical data (clearly
rather than days). identifying the history of amendments) and
should, prevent direct modification to data
3.2.4.3 Complete within the patient’s NEHR once signed.
• The DHP and its services shall be accessible

When a request is made to the DHP from points of
in a manner which allows all authorised and
service, it is important that the data presented back
relevant parties to query for data from the
to the requesting provider is complete in nature.
patient’s NEHR.
This means that the DHP (and by extension, the
point of service) must ensure that all data available • The DHP shall define reasonable timelines
for the requested recipient of care is disclosed. Any and timeframes (based on trigger events) for
summaries produced by the DHP or NEHR should which summary data from events are to be
include links to the original sources of the summary submitted.
information.
• The DHP and connected services shall provide
notice to consumers of information whenever
If portions of the clinical record for the client
data returned to a point of service represents
cannot be retrieved due to privacy directives, lack
an incomplete set of results (masked,
of access credentials, or other infrastructure or
redacted, etc.) as well as the status of results
application issues, it should be clearly identified to
(preliminary, unconfirmed, entered in error,
the consumer of the information.
etc.)
In some care settings where time sensitive access
to information is required (such as emergency care, 3.2.5 Provide Secure and Private Access
paramedic care, etc.) the DHP should not block to Health Information
information where blocking it would inhibit care
and should provide an override mechanism for The primary goal of the DHP is the establishment
specifying purpose of use (i.e., the point of service of a nationally scoped, patient centred, electronic
is requesting access to patient data for emergency health record. This necessitates the storage of
purposes). Such requests where sensitive discrete personally identifiable health information
information is disclosed to the provider should be (PHI) which is sensitive by nature. Combined with
appropriately audited and logged. the ever-increasing nature and sophistication of
cyber security threats online, it is important that all
In cases where the patient’s identity has been data and participating systems within the DHP are
associated with a policy which prevents recordation protected.
of, or disclosure of data (such as an opt-out) or
where data had previously been registered and It is important that, prior to integration with the
subsequently removed (such as a withdrawal of DHP, all digital health services undergo appropriate
consent) the DHP should provide an indication that security audits to ensure that the software and
data is missing from the result set. deployment adhere to minimum standards set
forth in blueprint22.
3.2.4.4 Requirements
3.2.5.1 Secure
• The DHP shall define methods which allow
for the validation that information submitted The notion of security within health software has a
to a patient’s NEHR is accurate, reviewed by few key attributes which extend to the DHP, and all
a responsible person/organisation, and are solutions integrating with the DHP. These are:
unaltered.

• Encryption of data in transit: Whenever data a. Role Based Access Control (RBAC): Where
is moved from one system boundary to the decision to grant or deny access to a
another it must be encrypted using industry function, or data is made based on asserted
standard encryption algorithms (i.e., Rivest, roles which the user holds in their current
Shamir, Adleman algorithm (RSA) Advanced session credential, or
Encryption Standard (AES)). Typically transport b. Policy Based Access Control (PBAC): Where
layer encryption (such as Hyper Text Transfer the decision to grant or deny access to
Protocol (HTTP) Secure File Transfer Protocol a function or data is made based on a
(SFTP) etc.) is sufficient for the protection of combination of roles the user holds,
data in transit. There are certain use cases policies on the action/data, configuration of
where encryption of data at the application the environment, etc.
level (i.e., payload encryption) will also be used
when data from one sensitive sender needs to The decision and behaviour of each PoS and
transit the DHP to another sensitive receiver administrative interface within the DHP is not
(the DHP will not inhibit such transactions). specified in the blueprint, so long as minimum
security considerations outlined in the
• Encryption of data at rest: Whenever data is interoperability profile is fulfilled.
stored on shared infrastructure, it must at
minimum, be encrypted on durable storage 3.2.5.2 Private
media. There are several mechanisms which
should be used for this purpose: With the introduction of a, DHP it will become easier
than ever before to collect, store and analyse large
a. Disk level encryption: Where virtual disk
sets of data about individuals. Personal Information
drives or drive images are encrypted. These
(PI) is generally considered to be information about
prevent physical theft of disk devices from
an individual that is recorded in any form which
being breached.
can be used to uniquely identify an individual (such
b. Database level encryption: Where sensitive as name, address, etc.). Collection of such data
database tables, columns, or fields are brings benefits to citizens, however also introduces
encrypted when stored on the disk. This potential privacy risks through misuse.
type of encryption ensures that if the host
operating system is breached, the database Protecting the privacy of personal information
contents cannot be dumped. is a legal requirement under The Personal Data
Protection Act – March, 202223, which sets the
c. Application encryption: Where the
legal framework within which the privacy of health
applications or APIs will make calls to
clients and providers must be protected.
cryptographic APIs to manually encrypt
sensitive data such as image files, logs, text
3.2.5.2.1 Personal Data Protection Act, Sri Lanka
files, and even database data.
On March 18th, 2022, Sri Lanka enacted the
The sensitivity of data being stored, and the Personal Data Protection Act, No. 9 of 2022 (the
intended use will dictate which encryption at rest
“Act” or “PDPA”), a comprehensive data protection
strategy is used. Key management is also important
legislation modelled after the General Data
to encryption of data at rest.
Protection Regulations (GDPR) in the European
• Access Control: Whereby access to certain Union (EU), and gradually comes into effect in the
systems, functions, or even data is blocked. beginning of 2023.
Using either:

The Act applies to any processing of personal • Right to withdrawing consent: Data subjects have
information that takes place in Sri Lanka, which the right to withdraw consent and to object to
applies to processors and controllers24 that offer the processing of their personal information.
goods or services to persons in Sri Lanka. The PDPA
• Right to rectification: Data subjects have the
relies heavily on GDPR’s principles of legitimate
right to request that their personal information
purpose, proportionality, and transparency, among
be corrected or rectified when inaccurate.
others. Under PDPA data controllers and processor
(i.e. the DHP components, MOH, etc.) must ensure • Right to erasure: Data subject may request to
that processing of personal information utilises the have their personal information erased.
following principles:
Periodic monitoring by the minister (an Adequacy
• Legitimacy: Processing of personal information Analysis) is performed to ensure compliance. The
must be for a “specified, explicit and legitimate” act also provides protections and guidelines for the
purpose. transfer of data outside of the territory of Sri Lanka,
• Proportionality: Processing of personal whereby electronic processing of data outside
information must be “adequate, relevant and of the territory must be reviewed. Additionally,
proportionate” to the extent necessary in organisations which process health information
relation to the purpose of processing. are required to appoint a data protection officer
(DPO) who advises the organisation on appropriate
• Accuracy: Processing of personal information
must be “accurate and kept up to date”. requirements for protection of personal data and
ensures compliance using threat risk assessments
• Limited Retention: Personal information should
and personal information protection impact
be kept only as far and as long as necessary for
assessments.
purpose to which it was processed.
• Integrity: Controllers must ensure integrity 3.2.5.3 Requirements

and confidentiality of personal information
processed by using appropriate technical and • The DHP shall provide a method of
organizational measures including encryption, conveying user identity assertions within the
pseudonymization, anonymization, access infrastructure to allow for granular security
controls or other such measures. and privacy enforcement decisions.
• Transparency: Controllers have an obligation to • The DHP shall govern the creation, update,
process in a transparent manner enabling data disclosure and deletion of data within the
subjects to receive information they request shared health information environment
regarding the processing of their information. according to configured policy directives
(examples: do not store data/opt-out,
• Accountability: Controllers must implement
emergency use only, etc.)
internal controls and procedures, a “Data
Protection Management Program”, to maintain • The DHP shall maintain a centralised audit trail
adequate data processing records and ensure which allows for compliance audits, security
appropriate oversight. or data breach detection.
Under PDPA, data subjects have the following rights
and choices: 3.2.6 Streamline Clinical Data Collection
for Secondary Uses
• Right of access: Data subjects have the right to
request access of their personal information. Digital health data captured from points of service
present a unique opportunity for secondary uses.

Whether supporting research, product recalls, or • Use by DDG Planning to allocate investment,
financial and resource planning, secondary use plan service delivery, outreach activities, etc.
of data within the context of the DHP are of the
• Use by the DDG Medical Services I and
utmost importance. The DHP will provide a health
Medical Services II (DDG MS-I and MS-II) units
information warehouse which stores aggregate
to provide and plan for appropriate staffing
level data for secondary uses and will provide
levels.
facilities for creating data warehouses, repositories
and other data marts which can be used for data • Use by DDG Public Health Services - I and
mining, decision support and other applications. Public Health Services - II ( DDG PHS-I and
PHS-II ) for population’s health monitoring and
For example, the DDG Planning Unit may use interventions, within the MOH.
transactional data within the DHP to determine how
• Use by MOH to generate health systems
to best deploy financial resources based on district
reports which are submitted to international
discharge summaries (indicating hospital uses). The
bodies for reporting, and health systems
DDG MS I unit may use the same data to determine
reporting.
the appropriate staffing levels for medical officers
within facilities of a particular district. • Use by researchers and research institutions
including to evaluate the efficacy and cost of
The DHP supports the generation of KPI (key new health interventions.
performance indicator) measures by:
• Use by medical safety regulators to evaluate
• Using transactional data to generate drug adverse events, medical device failures
measurements either: and coordinate/investigate potential recalls of
products.
a. Observing Transactional Data within the
DHP and relaying indicator measures to • Use by central and provincial public health
a health information warehouse as they authorities to monitor communicable disease
occur. outbreaks.
b. Allowing processes to query aggregates

The HIW should support open data exchange
from the DHP services using queries on
standards, standard terminology services and
APIs to obtain measure counts.
definitions for datasets collected and reported.
• Direct reporting of aggregates from health This exchange of aggregate KPI data from the DHP
institutions by (example eIMMR – electronic will foster research use and innovation among
indoor morbidity and mortality register): any authorised parties within the Sri Lankan
health system, and to create cu stom dashboards
a. Allowing for the dissemination of KPI
visualisations of data and research papers.
definitions, reporting cadence and
requirements to institutions.
As with all data stored within the DHP, the
b. Providing services for health institutions to provenance and validity of these KPI should be
submit computed indicators directly to a tracked. This means that any aggregates generated
health information warehouse for specified from transactional data should link to the data
reporting periods. event from which the measure was computed. Any
KPI measures submitted in aggregate from source
The information contained in the DHP’s health should have mechanisms in place to ensure validity
information warehouse should be sufficient to and review status from the submitting organisation.
support all activities of the MOH administration
including:

3.2.6.1 Requirements • Providing official ministerial e-mail addresses

to government staff members, ensuring
• The DHP must provide a health information that communications between staff, staff
warehouse which stores aggregate level and patients, or administrators is stored
data for secondary uses. The information in a manner which can be protected and
warehouse should: monitored.
a. Provide a mechanism for establishing data • Providing single sign-on services between
marts for particular purposes. applications used within the Ministry of Health.
b. Support the storage of discrete data Since staffing transfers and management is
elements (pseudonymized for protection) performed by the various DDGs (for example:
or aggregate indicators. DDG MS-I and MS-II) central policy application
and consistent identity for auditing and logging
c. Support data mining activities such as
tracking would greatly improve monitorability
Online Analytical Processing (OLAP) data
of the DHP services, as well as provide users
cubes, data lakes, or other statistical
with a simpler experience when using digital
analysis tools.
health services.
• The DHP must provide a facility which allows • Dissemination of new policies, circulars,
planning units to define and share KPI training materials and other administrative
definitions for which they expect organisations documents to staff. A central document
to submit regular reports. management solution would provide the
• The HIW must provide a link to original source ability to quickly share and handle document
data (if generated from DHP transactional data) assets (with consistent referencing) within the
or provide a function to ensure that aggregates organisation.
were validated by a source organisation. • Enterprise knowledgebase development
• The DHP must provide an open API for allowing of the collection of institutional
aggregate data in the HIW, allowing for standard operating procedures, frequently
development of custom dashboards, research, asked questions, and directing staff (and
and visualisations of data within the DHP and patients) to appropriate digital health
at sub-national, institutional ad unit levels, as resources within Sri Lanka.
required. • Enterprise issue ticketing to facilitate the
collection, tracking, and resolution of issues
3.2.7 Enhance Operations of Ministry of related to review of documents, transfer
Health requests, technical issues, and improvement
requests. Including help-desk escalation
The MOH, its DG and DDGs represent a large processes.
contingent of directors, administrators, clinicians,
• Human Resources Management, allowing for
and support staff. The dissemination of and
the processing and allocation of staff within the
effective use of resources is of utmost importance
Sri Lankan Public Health System. The current
to ensure that business services are delivered in a
use of the Human Resources Information
consistent, cost-efficient, and adherent manner.
Management System (HRIMS) should be
integrated into the Digital Health Platform
Examples of opportunities for leveraging digital
solution.
services for the enhancement of operations within
the MoH include: • Logistics and supply management via
consistent processes and channels, migrating

away from manual processes via integration of The integration of information flows and business
various clinical systems and moving towards processes is not limited to single types of care
automated techniques as DHP services mature. settings. Although there is likely no need to
interconnect every system in use, there are chronic
• Enterprise Project Management and lifecycle
and communicable disease use cases where
tracking for measuring and planning the
the integration of information between disease
implementation of physical and digital health
programs would provide a high degree of benefit
interventions within the health enterprise.
for clinicians. Examples include:
The DHP should consider the implementation
• Integration data across disease programs
of technologies which enhance the operational
where co-morbidities are important (example:
structure of the MOH and providing shared
integrating eIMS, operated by NSACP for
administrative resources.
tracking HIV patients and ePIMS, operated by
NPTCCD, for tracking TB).
3.2.8 Integrate Information Flows Within
• Sharing curative care records and displaying
the Enterprise
along with public health care records where
The digital health environment within Sri Lanka necessary.
contains many disparate systems which are at • Coordinating care for chronic conditions
various stages of scale up and scale out. Currently, between hospitals and primary care settings
many of these systems are silos of information such as transplant recipients, cancer treatment
along disease verticals, or clinical setting with recipients, patients with diabetes, and more.
limited data exchanges for discrete patient care
• Relaying hospital discharge and admission
delivery data.
information to disease care providers such as
A key driver of a digital health exchange is the ability general practitioners.
for different organisations to exchange data to
better serve patients. Currently, implementations 3.3 Proposed Future-State
of the Hospital Information Management System
The solution proposed to fulfil the needs of the
(HIMS/SWASTHA) and Hospital Health Information
DHP in Sri Lanka are illustrated in Figure 9 and is
Management System (HHIMS) are locally installed
described in more detail in section 3.
and neither connected with each other nor among
their own instances, even though there are
The solution allows for existing systems at points
business processes and information flows which
of service (PoS) to consume and contribute data
would benefit hospitals and patients running these
with a centralised infrastructure. The term PoS
solutions such as:
encompasses any solution:
• Ensuing mobility of patient records across
• Used by care providers (EMRs, HIS, etc.)
hospitals making them available at points of
care. • Used by patients (personal health records, etc.)
• Transferring of patients between facilities for • The general public (informative websites,
clinical reasons (i.e. to specialist hospitals or public health sites, etc.)
base hospitals to apex hospitals). • Administrative staff (HRMIS, planning tools,
• Alerting hospitals of the availability of live transfer and capacity planning, etc.)
donors from ICU and/or matching current
The blueprint and DHP enhances the current state
transplant recipients.
business architecture by supporting and enhancing
current operations as illustrated in Figure 10.

Points of Digital Health Platform
Service
Health
Administration
Providers
Shared Health Delivery Ministry of

Services Health
(National
Health
Staff Data Secondary Use
Points Exchange)
of
Service Security & Operational
Privacy Support
Governance, Conformance & Compliance
Patients
Common IT Services Technical Staff

Infrastructure
LGC LGN ...

Public
Principles
Business Technical
Legislation & Policy

Business Architecture |
Figure 9 : Proposed Future State Domain Relationships

41
Government
Special Interest Groups
Other
INGOS MOH
Ministries
HIU
NGOS
Civil Organizations Governs Collaborates

Informs E-Health SC
Monitors / Guides Strengthens / Weakens
Contributes
Capabilities
Support Services
Enables
Digital Physical
Capabilities Capabilities
Enhances
Digital Health Platform Enables Enables
Operational Support Streamline Digital Health Services Health Services

Services Secondary Use
Government Government Health Client
Enables
Streamlines / National
Supports
Enables
Security & Privacy Sharing Clinical Data Benefits
Prevent-
Provincial Curative
ative
Enables
Drives /
NEHR Informs
Private Private
Strengthens / Supports
Governs
Guiding Enterprise Guidelines (Clinical &

Legislation Conforms Aligns
Principles Technical)
Standards (Clinical &

Aligns Guides / Dictates Strategic Vision / Goals
Technical)
Figure 10 : Enhanced Future State

3.3.1 Proposed Solution Outcomes • Provides mechanisms for issuing centralised

application API keys, allowing for the
The proposed future state solution has been evaluation and enlistment of new Digital Health
created to meet the needs of the target business Applications into the ecosystem.
drivers described in section 3.2. The solution meets
these drivers as it: • Ensures that disclosure and exchange of Health
Information is ethical and patient privacy is
• Establishes of a nationally scaled, Electronic protected and/or audited for monitoring and
Health Record for all patients in Sri Lanka, compliance purposes.
including relevant data from Public Institutions
• Ensures the security of Health Information by
and Private Institutions.
providing central control of disclosure policies
• Establishes interoperability between Clinical and access policies in the DHP.
and Preventative Health Information Systems
• Fosters Digital Health research (allowing
(points of service) via a Centralized Integration
for secure and private data for secondary
Technology.
uses) and innovation (allowing for a common
• Establishes common vocabulary, terminology platform upon which new interventions are
and data services and standards within the developed).
Health Sector.
• Establishes registries and supplemental

3.3.2 Managing Complexity
services for patients, facilities, providers,
The DHP manages the technical complexity
commodities, drugs, and other entities
identified in section 3.2.1 by defining a solution
referenced within the Health Sector.
based on the principles of Services Oriented
• Establishes a platform to support shared care Architecture25. This approach breaks complex
and referral services between Government and solutions into component services which can be re-
Private Sector care delivery settings. composed to accomplish different business goals.
• Establishes shared messaging services (via By following this approach, the complexity of the
operational support services) between solution can be mitigated by:
providers and clients. • Enabling an Evolutionary Approach: Services
• Establishes a platform for more consistent and and problem domains can be defined using
rapid capacity building via dissemination of a consistent process using the blueprint as
enterprise knowledge artifacts. a framework for establishing the solution
and technical view for each specific problem
• Improves the ability to perform analytical
domain. This means that the DHP will grow
processing a planning via the establishment
incrementally over time, allowing providers,
of a National Digital Health Information
implementers, and patients to adapt to each
Warehouse (NDHIW).
change incrementally.
• Establishes a common infrastructure for
• Using Standard Approaches: To maximise
SMART Health Systems using shared Clinical
service solution reuse, allowing implementers
Decision Support (CDS) services.
and integrators, over time, to focus on added
• Establishes a common infrastructure for capabilities of the DHP rather than wasting
the requisition/order and tracking of drug, time performing one-off integrations and
supplies, equipment between Local, Provincial mappings.
and National Levels.

• Service Encapsulation, Coupling and Cohesion: • Structural Interoperability: Establishes common,

By defining common problems within the minimum data elements are captured in a
enterprise, and designing the units with high consistent manner. This is often realised using
degrees of cohesion we can ensure that common interoperability structures such as
DHP remains loosely coupled allowing for Health Level Seven (HL 7) FHIR, DICOM, etc.
incremental growth and change. The NDHGS (2) sets forth guidelines for the
data elements to be captured by digital health
• Re-Use of Services: By ensuring that services
solutions. These elements should be adapted
expose atomic business functions in the
and referenced in logical views.
DHP, it is possible to re-compose services to
orchestrate solutions for different workflows • Semantic Interoperability: Establishes
and use cases. the “meaning” of the clinical data is
understandable not only between computer
3.3.3 Interoperability
systems, but business units and their staff.
The NEHR business driver must be built on the Semantic interoperability is of the utmost
foundation of interoperability to ensure that importance and the assets of the blueprint
data and processes are standardised between should establish a collective understanding of
organisations, software solutions and care settings. the data. For example, defining a KPI “number
This requires not only technical interoperability, of planned school outreach programmes” may
but also organisational interoperability (to ensure be ambiguous depending on the province,
processes across organisational boundaries). software vendor, or business unit which is
reporting these values.
Interoperability within the health domain is
complex. Health encompasses a wide variety of • Process Interoperability: Ensures that the
data structures (images, video, structured data, “actions” which should be taken by systems
documents), clinical and business processes (de- and organisations within the enterprise
duplication, merging, order flows, etc.) as well as are clearly articulated and understood.
privacy, security and governance requirements. All Defining common and acceptable triggers for
of which must occur in a semantically consistent interacting with the DHP is a key consideration
manner to ensure exchanges of health information of the solution to ensure that each software
are reliable, and safe26. solution, business unit, and province behave
is a consistent manner. For example, the
Work has already been performed in the National conditions under which client information
Digital Health Guidelines and Standards (NDHGS) should be updated in the national client
document to establish baseline interoperability registry (i.e., at birth, at death, primary
guidelines. These are further elaborated and residence change, etc) and the expected
specified in more detail in the accompanying interactions of connected systems.
operability plan and forthcoming interoperability The Lanka Interoperability Framework (LIFe)
profiles. At a high level, interoperability within the defines a set of open standards with the goal of
blueprint focuses on: facilitating interoperability between government
• Foundational Interoperability: Establishes the information systems. LIFe currently identifies
baseline connectivity such that one application baseline standards for land, personal, vehicle and
can securely and consistently communicate project coordination domains27. The adoption of
data to another application via a baseline set international standards for use in Sri Lanka within
of interchange protocols (File Transfer Protocol the health domain should, where possible, adapt
(FTP), HTTP, etc.) the definitions, and constraints on data elements
specified in LIFe. Standards and profiles developed

to support the DHP should also, where possible, be a new technology or standard becomes available
included in the LIFe catalogue of standards. (HL7 Version 5 for example), the same business
functions can be realised in this new standard as a
3.3.4 Scalability separate technical view.
Scalability can be described using several Additionally, the use of an enterprise application
dimensions28 which can be applied to enterprise integration architecture allows the DHP to support
integration environments. Using SOA design the adoption of new technologies while isolating
patterns, the DHP solution ensures that there clients from these changes. This permits the
is ample opportunity to scale the DHP across adoption of innovative technologies such as virtual
these dimensions. This section explores how reality, remote surgery, or digital pathology without
the scalability considerations for the DHP are destroying or changing connections with points
addressed in five areas: of service. To maintain generational scalability,
physical realisations of integration components
• Generational Scalability: The ability of the DHP (such as the data exchanges, shared infrastructure,
and its services to absorb and adapt as new security services, etc.) should not assume a “FHIR
standards, innovative technologies, or business only” environment. Heterogenous standards
units become available, without impacting environments using SYSLOG, Extensible Markup
previous services. Language (XML), HTTP, DICOM, and Limited
• Geographic Scalability: The ability of the Liability Partnership (LLP) are usually required and
DHP and its services to grow to support the DHP should permit the onboarding of these
new geographic regions and their related technologies.
governance and access requirements.
3.3.4.2 Geographic Scalability
• Heterogenous Scalability: The ability of the DHP
and its services to operate in an environment It is important since the DHP be designed in
where a variety of open source and proprietary a manner which permits sub-national scaling
software systems reside, on a variety of operation of certain services. Common use cases
platforms. for this type of scaling are:
• Administrative Scalability: The ability of the • Sub-national jurisdictions managing access
DHP and its services to grow to serve more credentials for users which they have hired
organisations and users in a manner which without the need of central administration
does not overburden or detract from existing doing so.
users or organisations.
• Sub-national jurisdictions managing their
• Functional Scalability: The ability of the DHP own reference lists for indicators, human
to add or onboard new business functions resourcing, or other permitted policies as
without disrupting existing business functions. appropriate, without the need of central
administration.
3.3.4.1 Generational Scalability
• Scaling of the NEHR to support performance
The separation of the blueprint into views ensures scaling of the repository service.
that the DHP specifications can be adapted
to support new technologies, standards, and The DHP proposes the separation and federation of
processes as they become available. For example, by services within the DHP at a component level. The
specifying the functionality of the NEHR repository decision of which components are scaled (such as
as business triggers, data elements, storyboards, the NEHR repository, Imaging repositories, etc.) will
etc. the NEHR can be realised in FHIR, however if depend on the workload and storage requirements

of each geographic area. Whether this is scaling is The administrative burden of onboarding a
performed at a physical level (i.e. separate servers), new institution should involve little more than
instance level (i.e., separate virtual machines) or at registration of the Institution’s security certificates
a software/data level (i.e., application or database (public/private key pair) to access NHDX services
scaling) is not specified here and will depend on the and setting appropriate application credentials.
capabilities of the software component in question.
The operation support systems identified in
3.3.4.3 Heterogenous Scalability the DHP solution are designed to assist in the
administrative scale-up of the DHP solution.
The underlying foundation of the proposed Document Management Systems to disseminate
solution is based on an open architecture29 which Standard Operating Procedures (SOPs), setup of
permits the scaling of the DHP over time within a an enterprise knowledge base, Central Learning
heterogenous manner by defining the behaviours Management System, and issue/helpdesk ticketing
and interfaces in a standard manner. The blueprint solutions should be deployed and leveraged
must support consumers of providers of DHP for each domain in the DHP. Having consistent
components can be implemented and realised by materials linked and referenced in the DHP ensures
a variety of vendor solutions, which should have no that, across the Enterprise, new Organisational and
impact on the functioning of the overall DHP. Human users can be trained efficiently.
While the blueprint encourages the use of open-

3.3.4.5 Functional Scalability
source technologies, use of proprietary (free or
commercial) technologies may be required. The Functional scalability ensures that new operations
blueprint makes no assumptions about the nature and components (or functions) can be added to the
of each component, and therefore must support a solution without impacting or changing existing
heterogenous environment. functions.
This open architecture is important as: • Encapsulation: Each service provided by the
DHP, should expect to receive all data and
• It allows new software solutions to be swapped
trigger event information required to perform
in or out of the DHP based on support
the desired business function. There must be
lifecycles, technical evolution, or applicability.
no assumption that a target or consumer of
• It fosters innovation by allowing Private Sector data “knows” information not included in the
Vendors as well as Open-source Communities interaction. The receiver should store and
to compete with one another in a consistent faithfully reproduce data which it has received.
framework.
• Loose Service Coupling: Each service within the
• It prevents vendor lock-in and platform lock- DHP is loosely coupled. Each service should
in (i.e., a Java/Tomcat based solution can be not have hard coded dependencies on another
swapped with a .NET/Internet Information service provider which is not documented in
Services (IIS) solution if appropriate, or vice- the DHP. Loose service coupling ensures that if
versa) a function is missing, replaced, or deprecated,
that other services should continue to operate
3.3.4.4 Administrative Scalability without hindrance.
The Digital Health Platform is designed to foster • Service Cohesion: Each service should support
onboarding and growth over its lifetime. Using open a high degree of cohesion, meaning that the
architecture and specifications, new Institutions service should implement only those functions
can be onboarded to the shared DHP infrastructure and operations within the enterprise for which
without impacting existing Institutions. they are the appropriate business module.

For example, the job of matching and merging 2. Security and Privacy: Which supports the
patients should be implemented within the protection of the DHP data by specifying the
Client Registry software, rather than a shared authentication and identification of users and
health record. devices, encryption and signing, and consent.
• Evolutionary Growth: Each service should be 3. Health Administration: Administrative concerns

maintained and implemented in a manner in the DHP. This encapsulates the identification
whereby new functions and API endpoints of locations, providers, clients, supplies and
can be added without changing or breaking logistical support.
previous functions. This can be done via
4. Health Delivery: Concerned with delivery
normative code changes on access points.
of curative and preventative clinical care.
If new functions need to be deployed which
Encapsulates concerns related to indexing,
modify previous behaviour, they should be
storage/retrieval, and non-repudiation of
exposed on new access points.
clinical data.
By implementing these attributes, the DHP in Sri
5. Operations Support: This domain is concerned
Lanka can be expanded to support new clinical
with the overall operations of the MoH and
domains (example: implementing a cancer care
related stakeholders and includes helpdesk,
repository, or donor/transplant matching services),
communications, training, etc.
onboard new or existing applications, or integrate
new functions. 6. Secondary Use: Concerned with the use of
data within the DHS for the purposes of public
3.3.5 Blueprint Architectural Domains health monitoring, research, planning and
policy development, and any other non-clinical
This section defines and discusses the logical use of data.
problem domains of the DHP. The blueprint seeks
These domains contain further areas of concern
to assist in the organisation of workgroups for
further development of the platform by separating which serve as the business case for components
concerns in a series of Business domains within the DHP.
(Figure 11).
1. Shared Infrastructure: Which is concerned with

the reliable transport, transformation, routing,
and delivery of information within the DHP
infrastructure.

Sri Lanka Digital Health Platform
Shared Infrastructure Security and Privacy Operations Support Health Administration Health Delivery Secondary Use
Messaging Certificates Help Desk / Support Patient Identity Curative Health
Birth / Death Health System

Transport Authentication E-Mail Facility Identity
Registrations Monitoring
Information
Terminology Consent Knowledgebases Provider Identity Hospital Care
Warehousing
Communications Document
Auditing Human Resourcing Primary Care Research
Gateways Management
International
Integration Services Access Control Project Management Logistics Radiology & Imaging
Reporting
Device / Drug / Laboratory & Medical Safety /

Record Location
Supplies (QVL) Diagnostics Policy Development
Orchestration Birth / Death Pharmacy & Drug
Decision Support Non-Communicable

Services Diseases
Enterprise Resource
Public Health
Planning
Communicable
Diseases
Immunizations
Public Health
Surveillance
Quarantine
Figure 11 : Business Domains and Functional Concerns of the Blueprint

Application Architecture | 49
4.
Application Architecture
4.1 Current State Health Information Management System, HFSMS:

Healthcare Facility Survey Management System,
The DHEAP included a conceptual classification of HHIMS: Hospital Health Information management
the systems and information flows in Sri Lanka and System, HIMS: Health Information management
is included in Figure 12 for context of the reader. System, HIS: Health Information System, HRMIS:
Human Resource Management Information
A complete list of current digital health intervention System, NBTS: National Blood Transfusion System,
in Sri Lanka can be found in Annex C, however the NCCP: National Cancer Control Programme.,
abbreviations for Figure 12 are also provided here NHRIS: National Human Resource Information
as a convenience to the reader. Management System, NMHS: National Mental
Health System, NSACP: National STD and Aids
ALC: Anti Leprosy Campaign, AMC: Anti Malaria Control Program, Private HIS: Private Health
Campaign, Cloud HIMS: Cloud Health Information Information System, QHMIS: Quarantine Health
management System, DenSys: Dengue Sentinel Site Management Information System.
Surveillance, DNMS: District Nutrition Management
System, eIMMR: Electronic Indoor Morbidity These systems share little direct information flows
and Mortality Register, ePIMS(TB): Electronic between systems. The primary existing digital
Patient Information Management System for information flows identified were between the
Tuberculosis, eRHMIS: electronic Reproductive HIMS and HHIMS to the Electronic Indoor Morbidity

50
Health Administration Health Delivery Suportive
|
Curative Preventative
NBTS
Essential Drug
Stock Alert ePIMS(TB) AMC eHRMIS NMHS
Tracker
Appointment LeIS QHMIS DenSys

HFSMS
Solutions
DNMS NCCP
HRMIS Telemedicine eIMMR
Solutions
Injury
NSACP
Surveillance
NHRIS HIS
Centrally Managed
...
Cloud HIMS
HIMS
LIS

HHIMS
Private HIS
Institutionally Managed
GP
Solutions /
EMRs
Figure 12 : Current State Conceptual Architecture

Points of Service
Preventative Solutions Hospital Information Systems

Secondary Use
District Nutrition Management SWASTHA / Hospital Information
System Management System Electronic Indoor Morbidity and
Mortality Register
DenSys / Dengue Sentinel Site Hospital Health Information
Surveillance Management System
Injury Surveillance System
Leprosy Information System Private Hospital Information

(LeIS) Systems
Health Administration
Cloud Health Information National Human Resource

National Mental Health System
Management System Information Management System
Electronic Reproductive Health Curative Solutions Human Resource Management

Information Management System
Electronic Patient Information Information System
Management System for TB
National Cancer Control
Health Delivery Repositories
Programme

National STD and Aids Control
Program National Blood Transfusion
System
Lab Information Systems Private EMRs / GPs

Quarantine Health Management
Information System
OpenMRS
Figure 13 : Current Application Architecture State (Blueprint Nomenclature)

Application Architecture |
51
52 | Application Architecture
and Mortality Register (eIMMR). Classifying these and clarity. In the actual implementation, it is
current state assets using the enterprise domains expected that all actors communicate using
of the blueprint, the current state of the blueprint the common infrastructure and avoid direct
is illustrated in Figure 13. communications with actors (even if the summary
diagrams illustrate a direct relationship).
4.2 Proposed Future State
The intent is that the NHDX will assume the
The proposed solution illustrated in Figure 14, corresponding receiver role of the actor pair. For
is a refinement and further specification of the example, the actual actor relationships between
proposed architecture in Figure 9, (a landscape systems could be as illustrated in Figure 15.
oriented copy of this diagram is included in
However, documentation will use a simplified form
Annex E).
as shown in Figure 16, to clarify the intent of the
diagram. Since the inclusion of the audit repository,
4.2.1.1 Separation of Service Definition from
NHDX, and identity provider are assumed to be
Service Implementation
omnipresent for all transactions their inclusion is
The documentation in the blueprint uses not needed on all diagrams.
component definitions as the basis for functional
descriptions and dependencies. The blueprint 4.2.2 Points of Service
makes no supposition about the specific software
products which will be used to implement the The term Point of Service is used in the context of
components and services described, rather it seeks the blueprint and DHP to describe any application at
to describe the functional role that each play within which a user consumes services from the DHP (see
the DHP. Section 2.4.5). This section describes the general
considerations of points of service applications
In the physical realization of this infostructure, within the DHP.
multiple software packages can work together as a
single logical DHP component, or a single software Points of service represent the primary entry and
package can implement multiple functional viewpoint for data in the DHP. This means that
components. For example: an API gateway, special care should be taken when considering
application firewall, and dedicated queueing points of service for integration into the DHP:
solution may be combined to realize the NHDX.
• The DHP is only as secure as the weakest link,
Standards and integration patterns within the in the chain of trust. Software running within
blueprint document are informative and are used hospitals which are easily accessible physically
to illustrate patterns the blueprint will leverage for represent a heightened security risk. Points
information interchange. The Interoperability Plan of service which interact directly with the
and Interoperability Profiles are to be developed blueprint architecture should be physically
as supplemental documents which outline the secured to prevent their removal.
detailed specifications for information interchange • The lack of electronic medical records systems
between components. due to hardware failure is a serious threat to
the smooth operation of clinical data capture
4.2.1.2 Infrastructure Diagrams
and use. Efforts should be taken to ensure
Diagrams in this section, and in the solutions views that appropriate backup hardware is available
should exclude common infrastructure elements for end users of the DHP (including network,
within the DHP (such as the NHDX, identity provider, terminals and servers).
SSL termination, etc.) to increase their readability

Points of Service Shared Digital Health Platform
Hospital Information Systems

National Health Data Health Administration
Health Information Management Exchange
Systems (HHIMS/HIMS/
Coordination Services Institution
SWASTHA/OpenMRS) Client Registry Provider Registry
API Management Registry
Terminology
PACS/RIS
Services
Medication / Equipment
HR Management
Drug Registry Registry
Private Sector HIS Logging Record Location
& Indexing
Health Delivery
LIMS Business Process Shared Data Repositories
Execution
Messaging
Curative Solutions NEHR Record Diagnostic Disease &
Repository Imaging Program Data
Electronic Patient Information Occupancy /
Capacity ePrescribing
Mediation Document Inventory &
Laboratory Data
National STD and Aids Control Repositories Logistics
Program
Finance &
Private Health Sector Validation Care Guidelines Decision Support
Insurance
Hospital Information System
Secondary Use
Electronic Medical Record Error / Retry
Secondary Use Cases
Preventative Solutions De- Programmatic

Research Planning
Identification Performance
Governance and Compliance
District Nutrition Management Load Balancing KPI

DHIW
System Definitions
(Warehouse)
Policy Public Health
DenSys / Dengue Sentinel Site ETL / ELT Dashboards
Development Surveillance
Surveillance Publish /
Subscribe
Leprosy Information System
(LeIS) Security & Privacy Services Operational Support Systems
Electronic Reproductive Health Metadata Helpdesk / Document

Certificate
Exchange Time Keeping
Information Management System Services Support Management
Audit Repository

Programme Consent E-Learning Knowledge Bases
Service Discovery Identity Provider
Management
Others
Consumer / Future Innovations

Common IT Infrastructure Services
Personal Health Records Push Monitoring Performance
SMS Gateways Payment Services E-Mail Services
Notifications (SIEM) (APM)
Digital Health / NEHR Viewers
Infrastructure
Telemedicine Solutions
Lanka Government Cloud Lanka Government Network National Data Exchange
Principles
Business Technical
Evolutionary Innovation & Information Privacy & Security Use Open Interoperability
Value for Money Patient Centred Standardisation Re-Use Services Scalability Focus
Change Partnership Sharing By Design Standards Focus
Legislation and Policy
Figure 14 : Conceptual Application Architecture

53
Authenticate User Identity Provider
Point of Service Register NHDX Register Master Patient Index

Patient Patient
Audit Record
Record Audit Record Audit
Repository
Figure 15 : Technical Actor Relationships
Like all components of the DHP, points of service ● Look up demographic and historical patient
are opaque to the blueprint. This means that condition summary information in the DHP
the blueprint does not make any prescriptive for patients during appointments and/or
architectural requirements of any one point of admission
service, other than for its interaction with the
● Retrieve last known medication lists and
broader health enterprise. Additionally, the points
conduct drug-drug interaction checking
of service discussed in this section are exemplary,
during medication prescription
continuous development of digital health initiatives
across Sri Lanka will continue to evolve and this list ● Retrieve previous lab results and/or relevant
will become outdated. diagnostic images
● Contribute admission notes, discharge

4.2.2.1 Hospital Information Systems summaries and referral notes
There are many Health Information systems (HIS) in The DHP proposed by the blueprint augments
the country that belong to curative and preventive the functionality of the already designed and
sectors. Also, within the same hospital there can be implemented HIS within these hospital systems.
patient care Information systems for clinical care For example, the use of OpenMRS in multiple
as well as managerial health information systems clusters with their own health services for patient
for administrative activity in the hospital. Further, management, data sharing between OpenMRS is
there are number of hospital information systems envisioned to be unimpeded by the DHP. Rather,
related to clinical care of the patient in Sri Lanka. All the DHP would augment these OpenMRS instances
such systems will make extensive use of the DHP, by allowing their connectivity to other solutions
with many relevant use-cases of both retrieving and (such as Hospital Health Information Management
contributing information to the DHP. For example, System – HHIMS, or Cloud Hospital Information
the DHP can be used by the HIS systems to: Management System - cHIMS). Additionally, the
Point of Service Register Patient Master Patient Index
Figure 16 : Simplified Actor Relationship

scope of data differs, whereas communication viewers which will retrieve, and display all known
between OpenMRS instances primarily focuses longitudinal information about a patient in a single
on the OpenMRS dataset and use case (detailed view. Specialised “Apps” can be created to make use
hospital logs, detailed temperature, and care data), of the standardised data and provide intelligent in-
the DHP focuses on summary data for major events context analysis and notifications based on patient
(such as a discharge, or referral between systems). metrics.
4.2.2.2 Curative Sector Solutions 4.2.3 Shared Infrastructure
Although HIS are also considered to be curative, The shared infrastructure domain is described
additional curative systems exist in Sri Lanka, in Figure 17 and specified further in this section.
including the Electronic Indoor Morbidity and For reference, the components of the conceptual
Mortality system (eIMMR), the Accidents and architecture included in shared infrastructure
Emergency Information System (AEIS) and future domain are illustrated in Figure 14.
proposed ones such as Telemedicine Solutions and
Emergency Information System. As these systems Shared infrastructure domain primarily addresses
are connected to the DHP and data begins to flow concerns with:
through the platform, opportunities exist to speed • Ensuring messages delivered to the DHP
up the flow of information for health administrators. are reliably executed, retried, and tracked,
For example, near real time dashboards can be ensuring that transactions are not executed
created to summarise data and reports in a fraction twice on retry, relaying errors, etc.
of the time that was previously taken. Opportunities
• Services which ensure that the semantic
to link data from different data sets will become
meaning of messages are understood by all
available, offering new dimensions of analytics that
Digital Health Services operating within the
were not possible in the future and will allow for
DHP.
the development of evidence-based policies.
• Communications gateways and common
4.2.2.3 Preventative Sector Solutions infrastructure for sending notifications to
administrators, clinicians and providers
Preventative solutions will interact with the DHP
including SMS, push notifications and emails
to contribute and retrieve valuable information for
gateways.
citizens and providers. Preventative solutions in Sri
Lanka include the Electronic Reproductive Health • Transportation of messages to/from data
Information Management System (eRHIMS), the services including proxying, message relays, etc.
District Nutrition Monitoring System (DNMS), the
• Service coordination:
Electronic Mental Health Management Information
a. Business process execution allowing for
System (eMHIMS) and the Web based Immunization
complex workflows to occur within the DHP
Information System (WEBIIS). For example, patients
can be linked by a Master Patient Index inside the b. Terminology resolution, definition,
DHP so that care providers can receive meaningful validation, and mapping.
submissions of data from all these systems and have c. Establishing linkages between orders
it linked into a single longitudinal view of the patient. (request for something), promises (intent
to act), and fulfilment (event occurrence)
4.2.2.4 NEHR Viewers / Personal Health which cross boundaries.
Records (PHR) Systems
• Error reporting and retry of failed messages
In the future, given appropriate consent, it will be
• Enterprise service bus functions such as
possible for patients and providers to use DHP
publish and subscribe management

• Access logging and basic API access control • Transport of data between trading partners in
the DHP,
In Sri Lanka, many of these services within the
• Encryption and decryption of message
domain of shared infrastructure is provided
payloads as they are sent or received,
via the Lanka Government Cloud (LGC) and the
Lanka Government Network (LGN). Additionally, • Logging of messages received and sent (such
ICTA provides a national data exchange (NDX) as HTTP logs),
which provides additional support for messaging,
• Terminating Transport Layer Security (TLS)
interaction, and API coordination.
connections.
Sri Lanka Telecom (SLT) also provides shared

The NHDX is required to support multiple messaging
infrastructure services, and several solutions
formats and standards including:
(such as the SWASTHA drug information system)
are hosted on the SLT infrastructure. The security • HL7 Fast Health Interoperability Resources
services domain describes a mechanism for node (FHIR)30 for general purpose clinical data.
authentication which will permit the interchange • HL7 Version 1 messages over secured
of data in a secure manner between these two Minimum Lower Layer Protocol (MLLP) where
environments. FHIR is prohibitive (such as integrating legacy
or proprietary solutions)31
4.2.3.1 National Health Data Exchange (NHDX)
• IHE Aggregate Data Exchange (ADX) profile
The National Health Data Exchange serves as the
• IHE Cross Community Document Sharing (XDS)
primary integration on-ramp into the DHP. The
using ebXML for sharing Radiology Reports,
NHDX provides services related to:
and other structured clinical documents32
• Message routing
• NEMA DICOMWeb33 (which includes Web
• Mediation Access to DICOM Objects – WADO34 and Query
• Validation by ID for DICOM Object - QIDO35) for sharing
PACS or RIS information to/from the DHP.
• Error logging & retry
• GS1 Business Messaging Specification (BMS)36
• Service Discovery & Metadata Exchange for logistics inventory reporting, and stock
• Logging order request and fulfilment.
• Load Balancing • Consistent time protocols using/exposing

Network Time Protocol (NTP) to allow for
• Publish & Subscription Management
enterprise synchronisation of time across the
• API Access Control enterprise.
• IHE Audit Trail and Node Authentication (ATNA)

4.2.3.1.1 Messaging Services
• OpenID Connect (OIDC)37 and Open
The messaging services provided by the NHDX Authentication (OAUTH)38 standards for
primarily are concerned with the receiving and authentication purposes.
sending of structured messages using standards-
based interchanges from points of service to those Additionally, the NHDX should consider that this
other services within the DHP. The messaging list will change over time as new technologies and
services are responsible for: methods of integrating health and supporting data
arise. The NHDX should be implemented in such a
• Exposing an API endpoint to points of service
way that other binary TCP protocols, HTTP based
solutions,
REST and SOAP protocols can easily be integrated.

National Health Data Exchange Coordination Services
Terminology Registries
Order Fulfillment
Services
API Management Logging
Record Location Business Process

& Indexing Execution Health Delivery
Messaging Mediation
Repositories
Validation Error / Retry
Secondary Use
Health Information
Publish /
Load Balancing Warehouse
Subscribe
Metadata Security & Privacy Operational Support

Service Discovery
Exchange Services Systems

Push Monitoring Performance
Figure 17 : Shared Infrastructure Components

57
4.2.3.1.2 Mediation Services using JSON Web Encryption, MIME Encoding,

etc.) then the NHDX would be unable to
Mediation services of the NHDX include any validate the payload, however, can validate the
steps which are required to ensure that message wrappers for the content.
integration formats, patterns, and data are
reconciled prior to message processing continuing Clinical validation of the message contents
within the DHP. Mediation services include: (example: last menstrual period for a male) would
be a large undertaking at the NHDX level, and
• Filtering, removing, or appending appropriate
instead these types of business rule validations
message data to outbound messages,
should be performed by clinical expert systems
• Queueing the message to ensure reliable
(i.e., the NHDX should contact some expert system
delivery and allowing for retry of message
to validate the clinical content, or the repository
errors,
servicing the data should perform the validation).
• Caching, or storing messages to improve The NHDX can perform such validation either
performance or ensuring execute once (i.e., by sending the transaction to the appropriate
prevent duplicate execution of triggers), service, or by issuing a validation39 operation where
• Rewriting or augmenting URLs or pointers supported.
where appropriate for outbound data to
ensure that points of service don’t attempt 4.2.3.1.4 Error and Retry
query of back-end services.
The error handling and retry functionality of the
4.2.3.1.3 Validation NHDX is responsible for classifying and gathering
error information relayed from the back-end
The NHDX is responsible for the validation of repository service which produced the error, and
messages which it receives. The validation of relaying this to administrators.
the message at the NHDX level focuses only on
transport, structure, and terminology whenever a Messages which resulted in an error within the
repository service cannot perform this validation. NHDX will be queued for later administrative retry.
Examples of validation which can be performed at For example, when a discharge summary is received
the NHDX level are: by the NHDX and the NEHR record repository
is offline, the NHDX should try to resubmit the
• The message trigger event is appropriate, and
message later.
a business process, destination repository, or
service is known (message can be routed) Errors and inability to route, mediate, or interpret
• The message structure is complete and messages should be available to administrators
matches the expected contents of the class of the NHDX to diagnose issues and perform
of message (i.e., message header is present, corrective actions. Additionally, the NHDX should
message payload is present, digital signatures support administrative alerts on transactions that
are present) fail due to infrastructure issues (rather than clinical,
or business issues).
• Validation of digital signature of the submission
of the message (i.e., the message has not been
4.2.3.1.5 Service Discovery & Metadata Exchange
tampered with since it was sent)
• Validation of the syntax and structure of the Within a standardised, complex enterprise
message against schema or structure profile environment (which the DHP will represent), it is
important that services and clients can understand
• If the message contents are encrypted
where services are within the enterprise. The role
separate from transport layer (for example,

of the service discovery and metadata exchange and auditing of transactions is based on the
component is to facilitate: requirements established in logical views and
should be performed with the NHDX as the receiver
• Service Discovery: Permitting clients /
and as the sender (i.e. receiver with the point of
consumers of the component to obtain a list of
service, and sender with the backing service).
services which are provided by the enterprise,
and where these services are located. 4.2.3.1.7 Load Balancing
• Metadata Exchange: Permitting clients/
consumers of the component to obtain a Load balancing of transaction requests and
structured listing of the security policies, throttling of messages coming from client systems
message formats, data requirements, etc. is an important performance characteristic which
must be provided by the NHDX.
Because the DHP represents a heterogenous
environment with multiple standards, there are Intelligent load balancing is a preferable future
several proposed mechanisms which provide this state, however the blueprint proposes simple
functionality: DNS based load balancing such as round-robin.
Additionally, the NHDX will also perform operations
• HL7 FHIR Capability Statement,40 to ensure the safety of the DHP including:
Implementation Guide41 and • Service throttling and/or restriction when
StructureDefinition42 resources which describe intensive messaging load is placed on the DHP,
a FHIR endpoints metadata, allows API
operations, etc. • Ensuring the payloads submitted to the DHP
via the NHDX are within an appropriate size
• OpenID Connect Discovery43 which allows limit,
authentication clients to discover the policies
(scopes), authorization endpoints and • Ensuring that when one node of a backing
functions of the identity provider infrastructure service within the DHP is down, the message
in the DHP. is routed to another node which is available
(i.e., failover)
• OpenAPI44 which allows any REST based API to
expose metadata and discovery information in The exact method of load balancing will depend on
in a structured format the specific architecture of the products used for
implementation of the NHDX, which is out of scope
The blueprint proposes that the DHP infrastructure of this blueprint document.
expose the details of service discovery and metadata
exchange in the format most convenient, however, 4.2.3.1.8 Publish and Subscribe
the DHP should expose all rest services metadata
The NHDX implementation should seek to support
using OpenAPI44. For example, a FHIR REST service
a publish and subscribe (pub/sub) functionality. A
within the DHP will expose endpoint and security
publish and subscribe pattern allows applications
authorization information on the OpenAPI endpoint
to be subscribed to events which meet a certain
as well as relevant FHIR resources for conformance.
criteria. When a trigger is executed which matches
this subscription, the subscriber is notified with
4.2.3.1.6 Logging
this information. For more information about this
All DHP transactions must be logged and audited. pattern in FHIR, the Subscription45 resource may be
The logging functionality in the NHDX describes consulted.
the logging of access requests against the NHDX,

4.2.3.1.9 API Access Control • Logical Observation Identifiers Names and

Codes (LOINC)50
The NHDX will perform API access control. This
control will be performed using the following A terminology service allows for the management
techniques: of these standardised codes by MOH administrative
staff. The services for the terminology service can
• The API access token in the content of HTTP
then be used by any service in the DHP to:
messages will used to determine access control
rules for the application, and in the future, users. • Validate a concept’s use in a particular
context is permitted (for example: restricting
• Client certificates submitted with the request
immunisation terminology codes to only those
by the sending node to authenticate the
used in country)
node.
• Provide lookup of value sets for population
DHP components behind the NHDX will apply of local code lists in software, or in user
appropriate business logic checks and access interfaces.
controls based on the access token and any client
• Provide mapping functions for lookup of
assertions included on requests.
alternate codes in different code systems
(for example: mapping an ICPC code to ICD)
4.2.3.2 Terminology Services
• Provide workflow support for the review,
PoS solutions across the country often use different,
approval, translation, and integration of new
and custom terminologies (sometimes referred to
concepts into existing value sets.
as data dictionaries), to computationally describe
health data. Records in one system may indicate
4.2.3.3 Record Locator / Index
the patient being administered “amoxicillin”
using a custom code where another may indicate The record locator service provides indexing (or a
“amoxycillin” with a different code. Without table of contents) to health information within the
common terminology, the semantic meaning of DHP. This is useful since, as the DHP evolves, the
records may not be matched. index can provide:
A terminology server assists in the harmonization • Linking between disease specific repositories
of these terms by providing standardized code lists of information within the DHP context
and services for the transformation of data. • Pointers to binary large objects (BLOBs)
which cannot be submitted to a central DHP
The terminology services provided within the DHP
repository, but must be directly retrieved from
represent a shared set of infrastructure services
source (such as CT or MRI image data from a
for the management, dissemination, validation,
RIS or digital pathology information)
and coordination of terminologies in use within the
DHP. Terminologies identified for use in Sri Lanka • Linking between discrete data submissions (like
Digital Health systems include46: FHIR or CDA resources) and binary document
submissions (like images or PDFs)
• Systematized Nomenclature of Medicine
Clinical Terms (SNOMED-CT) – Where possible, The record locator saves the DHP from performing
use of the Global Patient Set (GPS)47 is repeated queries against multiple repositories of
encouraged. information, permits federation of the repository
• International Classification of Disease (ICD) information, and allows evolutionary growth (by
Release 1048 (ICD Release 1149 is being adding additional repositories of information rather
investigated) than upgrading one large repository “in place”).

The concept of a record locator mimics the In keeping with the principle of loose coupling and
functionality of a Document Registry in the IHE XDS service cohesion, clinical workflows, decision logic,
profile51 and should contain: or infrastructure processes (like de-duplication,
matching, merging, etc.) are better left to specific
• The metadata / identification of the patient for
expert systems or domain repositories since they
which the information is linked,
are designed with specific business functionality in
• The location of the repository and specific mind with guidance from experts in that domain.
data (registry identification / URL and data
identification), Additionally, attempting to coordinate a clinical
flow across multiple repositories can introduce
• Select metadata about the linked data such as
anti-patterns such as the need for distributed two-
timestamps, type of information (discharge,
phased commits of information (example: POST
referral, transfer, etc.), and metadata which
to service A succeeds, but POST to service B fails,
may be queried,
service A requires a “rollback”).
• The source of the information (facility,
Rather, the goal of common business process
organisation, health worker, or patient), and
execution is to coordinate cross-service calls with
• A digital signature or checksum of the original atomic business operations. This may include steps
data to allow for verification. to validate messages, cross reference data, and/or
notify secondary repositories.
Early implementations of the blueprint where
a single data repository is implemented (such 4.2.3.5 Common IT Infrastructure Services
as the NEHR Record Repository) can forego the
implementation of a record locator – however as Throughout the assessment phase of the digital
multiple repositories are implemented, the role of health blueprint’s development, there was a
the locator becomes ever more important. consistent identification of common features/
functions which points of service, and DHP services
4.2.3.4 Business Process Execution would need to leverage. Common IT infrastructure
services of the DHP will service these needs in the
Business process execution function of the future to reduce duplication of effort and cost, and
common infrastructure is responsible for should include:
the operationalisation of business workflows
• Push Notification services – providing secured
within the DHP enterprise. This is aligned with
APIs for issuing push notifications directly to
the orchestration services provided within an
applications in the MOH and secure instant
enterprise service bus which is used to:
messaging infrastructure.
• Coordinate service calls within the DHP which
• SMS Gateways – providing consistent integration
require multiple service calls,
point between digital health solutions and the
• Execute conditional message passing based on SMS notification network. Common gateways
programmed business rules, would reduce cost in negotiating short codes
• Perform compensation actions when service with telecom providers, provide consistent APIs
coordination fails. for digital health solutions for sending SMS
notifications, and permit the consistent auditing
The business process execution functionality and logging of communications sent to patients
within the common infrastructure could be used to and providers.
execute clinical processes, however this represents
• Payment Services – providing consistent
a misuse of such a service a shared infrastructure
payment services where digital health
context.
solutions require the processing of monetary

transactions with banking or insurance • ICTA provided Lanka Government Payment

payment infrastructure. Such use cases Service (LGPS) or pay.gov.lk fulfilling the role of
for this include co-pays, deductibles, cash Payment Services
payment for non-covered services or devices, • LGN E-Mail or the (currently in development)
payments for supplies, etc. Government Email Solution fulfilling the role of
E-Mail Services
• E-Mail Services – the creation of an e-mail
• ICTA provided LGC SOC (currently in
infrastructure for use within the health sector
development) fulfilling the role of SIEM monitor.
would provide a major improvement in the
security and protection of official information
4.2.4 Health Administration
used in the delivery of health care. Providing
official e-mail addresses to staff, providers, The conceptual components of the health
officers, and administrators allows for administration domain are illustrated in Figure 18.
monitoring of content sent for official purposes,
allows the protection of information between The health administration domain is primarily
mailboxes, and allows for allow-listing or concerned with the identification of resources
block-listing for accounts and two-factor which are used in the support of delivery of health
authentication. Additionally, setup of common care. This domain encompasses:
e-mail infrastructure (a private SMTP and IMAP • Identification of Patients/Clients
server) would allow digital health services to
• Identification of Health Workers
send e-mails to patients and providers from
official MOH e-mail addresses. • Identification of Institutions
• Security Information Event Management (SIEM) – • Identification of Medications and Implantable

infrastructure is used to monitor operating Medical Devices
system and application events generated by
• Human Resources Management
DHP service infrastructure and is a common
component used in many network operation • Logistics Support
centres. This infrastructure allows operations
4.2.4.1 Client Registry
staff to monitor security events (such as invalid
login attempts, repeated requests, or system The DHP represents a patient centric enterprise
faults) and quickly correct these. architecture which is responsible for the integration
• Application Performance Management (APM) – of health data across disparate health solutions.
infrastructure is used to monitor the health and Patient centric means that the DHP must track the
availability of virtualised infrastructure. APM identification of different types of recipients of care
solutions can often alert operations staff when (both Sri Lankan citizens and non-citizens such as
service quality is degraded (response times, foreign dignitaries, workers, and medical tourists).
or compute resources are too high), or when To ensure that the correct data is assigned and
components of DHP services are unresponsive linked to the correct recipient of care, it is important
(such as databases being in a degraded state, in that the DHP have a known registry of all recipients
recovery, etc.) of care for which health information is being
captured.
Several initiatives have already begun which should
be reused and leveraged to fulfil these functional The role of a client registry within a healthcare
components, for example: enterprise is well defined52,53 , at a high level the
client registry in Sri Lanka is expected to:
• ICTA provided GovSMS service fulfilling the role
of SMS Gateway

Accept registrations of new patient information registries offer linkage to provider’s service delivery
records (citizens or visitors) capabilities (i.e., dermatology, oncology, or others)
which can be used for matching providers with
• Manage the registration of patients within the
patients in need of those capabilities specific
digital health enterprise (i.e., death, change of
specialist medical care.
residence, updates to demographics)
• Provide identification cross referencing to/from The primary responsibility of a provider registry is
a consistent enterprise identifier well defined55,56 and can generally be summarised
as:
• Provide restricted demographics query
functionality (see description below) • Accepting official registrations and updates
from official sources like the Sri Lanka Medical
• Provide linking, merging and un-merging
Council (SLMC) and Sri Lanka Nursing Council
functionalities as duplicate registrations are
(SLNC) who enlist the individual names who
detected and reconciled
can carry out specific health are delivery
The MPI should implement the minimum dataset54 process.
and be capable of cross-referencing the following • Providing a linkage between providers and
identifiers to an enterprise unique identifier: the roles that provider plays (i.e., primary care
• Citizen Identification Number physician, oncologist, tertiary care facility,
immunisation clinic, or others)
• Sri Lanka Identification Number (SLIN)
• Cross referencing of provider identifiers to an
• Personal Health Number (PHN) enterprise identifier for each provider.
• Passport Number (for foreigners) • Providing queries for PoS to understand the
active status of the provider (i.e. revocation of
Because the client registry contains sensitive
license to practice).
demographics and identity for patients, queries
should be restricted in the following manners: • Discovery of health providers (persons or
organisations) based on their registration
• Enforce minimum number of search
details (such as address, telephone, name, or
parameters (i.e., must query by Name +
services).
Gender + District or PHN + Gender), and
• Enforce a maximum number of search results The provider registry in the DHP should implement
(i.e., maximum of 20 results), and the minimum dataset57 for providers, and should
be capable of cross referencing the following
• Disallow general “wildcard” searches or bulk
identifiers with an enterprise unique identifier with:
queries/synchronisation.
• Professional Registration Number and Issuer
4.2.4.2 Provider Registry • National Identification Number (NIC)
The distribution of health records across • Sri Lanka Identification Number (SLIN)
organisations and services necessitates the • Other individual provider identification
consistent identification of authorized professional numbers, for example:
to carry out specific task according to a specific
job role described by the legislations. This is the a. Eg. Private Health Services Regulatory
primary role of the provider registry (sometimes Council number
called as health provider directory, or health b. Passport Number (for foreign or visiting
worker registry). Additionally, many health provider providers)

Health Administration Registries
Master Patient Institution

Index Registry
Coordinatio
n Services
Provider Registry HR Management

Health Data
Exchange
National
Health Delivery
Repositories
Secondary Use
Health Information
Warehouse
Security & Privacy Operational Support

Services Systems
Figure 18 : Health Administration Conceptual Components
4.2.4.3 Institution Registry the Ministry of Health (including national, apex,

base, teaching, primary care and specialist
The health institution registry is responsible for hospitals) and the Private Health Sector
the maintenance of a country-wide manifest of Regulatory Commission (PHSRC),
public and private facilities for which data may be
• Provide query capabilities allowing other
registered in the DHP. The role of an institution or
digital health services to locate service delivery
facility registry is well defined in other standards59,
locations based on their attributes.
and can be summarised as:
• Collect, store, and disseminate an authoritative The institution registry in the DHP should implement
master facility lists (MFL) the minimum dataset specified for Sri Lanka60 and
should provide functionality for cross referencing
• Provide classification and registration of
local identifier for facilities (obtained from source
services offered in each facility to allow for
registration systems for facilities) with a unique
service discovery,
enterprise identifier.
• Cross reference facility registration records and
identification from disparate sources such as

4.2.4.4 Medication & Device Registry The primary functions of the equipment registry
are:
The registration of a central drug registry is of
• Collect, store, disseminate registration
high importance for providing a definitive list of
information of new consumables and
reference medications and devices which may be
equipment stock items which are approved for
referenced within the NEHR or procedure records.
use in Sri Lanka.
A medications and device registry will be used • Provide query and lookup for services within
to track the substances (supplements, vaccines, the DHP allowing those services to link data
therapeutics, or other) and medical devices within logistics inventory reports, facility
(pacemakers, prosthetics, insulin pumps, etc.) assignments, and stock orders/despatches/
which can be ordered, delivered, prescribed, and arrivals to registered equipment.
administered within the country.
• Provide a master list of device regulatory
The primary functions of such a drug registry are: information including status (pending, active,
withdrawal, etc.), manufacturers, and suppliers.
• Provide consistent identification of drugs and
materials beyond simple codes (which merely The implementation of the equipment and supplies
classify a type of drug, rather than a particular repository will implement appropriate HL7 FHIR68
product) resources, and may support messages such as GS1
BMS Product Recall66 and Item Data67 transactions.
• Provide classification of medications using
standardized codes (WHO ATC61, SNOMED CT62,
CVX63, RxNORM64)
4.2.5 Health Delivery
• Provide detailed information about the The primary purpose of the DHP services contained
form, ingredients, and size/quantity of the within the health delivery business domain services
medication, the needs of managing information and processes
which facilitate the delivery of care. Examples of
• Provide linkages with types of registered
data and services within the delivery of health care
drugs with manufactured products which
are:
can be ordered and tracked through cross-
organisation logistics workflows, • Admissions and discharges to/from hospitals
within Sri Lanka
• Allow for rapid withdrawal of products and lot
numbers based on manufacturer guidance. • Referrals to specialised care providers, or
transfers between hospitals
The implementation of the medications and
drug repository will implement appropriate HL7 • Diagnoses and treatment of non-
FHIR65 resources as a baseline, and should include communicable and communicable diseases
support for appropriate logistics support messages • Pharmaceutical workflow coordination
such as GS1 BMS Product Recall66 and Item Data67 (prescription, foundry, dispense, administration
transactions. and status)
4.2.4.5 Equipment & Supplies Registry • Chronic disease management and coordination
• Immunisation and prophylaxis information

The ordering and reporting of non-substance
supplies (such as syringes, scalpels, bandages, etc.) • Transplant wait-listing and donor matching
within the DHP necessitates the implementation of processes
a supplies registry to track inventory, ordering and • Laboratory procedure orders, specimen
delivery, and withdrawal of supplies. collection and tracking, and result reporting

• Diagnostic Imaging orders, imaging results, and 4.2.5.1 National Electronic Health Record
diagnostic reports (NEHR) Repository
• Nutrition and dietary management, planning
The minimum dataset for a standing, shared
and follow-up
patient summary was defined in the NDHGS69. The
• Patient summaries representing the current goal of the NEHR Record Repository is to provide
health status of the patient (family history, the necessary storage and retrieval capabilities for
social health status, behavioural analysis, etc.) these data summaries.
• Public health and health promotion The format and content and transaction profiles for
• Disease surveillance, quarantine monitoring the NEHR Repository will require extremely detailed
and contact tracing documentation, and these will be contained in
NEHR interoperability profiles and logical design.
• Conditions, health problems and concerns
• Allergies, intolerances, and adverse events At a high-level, the role of the NEHR is:
• Vital signs observations (weight, height, • Facilitate the storage and amendment of a
conditions) shared patient’s summary record whenever
the patient is admitted to outpatient, special
The components within this domain are illustrated clinicals, public health settings, specialist
in Figure 19. setting or other settings.
These concerns are managed within the health • Facilitate the query of the patient’s shared
delivery subject area, which provides: summary information from the NEHR
repository on demand of a consuming
• Shared Data Repositories: Which are used to
application.
store structured, clinical information about the
patient including the NEHR Record Repository, • Adhere to, and protect, data disclosures using
Imaging Repositories, Disease and Domain the security tags which have been applied to
repositories. These repositories require the the data records.
use of heterogenous data formats based on
The NEHR Repository will act as the foundational
their domain, so the DHP defines a pattern
piece of a shared health record for the patient,
of multiple repositories (like PDFs, DICOM
providing patient medical summaries in a
WSI images, digital pathology systems, and
standardised format. The information flows
genomics) to facilitate this requirement.
and types of data which are stored in the NEHR
• Decision Support Services: Which are used to Repository are outlined in section 5.2.3. The
provide clinical decision support to systems preferred method of representing data within the
by proposing actions which should occur in NEHR is HL7 FHIR R4, the details of which will be
order to adhere to a best practices, or relevant produced in technical views (implementation
clinical protocols. guides).
• Care Guideline Repositories / Clinical
Knowledgebases: For storing the definition of 4.2.5.2 Imaging Repositories
clinical protocols in machine readable and
human readable forms. The shared imaging repositories within the DHP
are designed to store and disseminate the result
• Inventory and Logistics Services: The digital of diagnostic imaging studies performed within
capturing, management, and reporting of stock Sri Lanka such as radiology, pathology, and
levels, ordering and despatching stock. ophthalmology.

Registries
Health Delivery Repositories

Coordinatio Shared Data Repositories
n Services
NEHR Record Finance /
Imaging Data
Repository Insurance
Document Inventory & Disease /

Repositories Logistics Domain Data
Health Data
Exchange
National
Occupancy /
Decision Support Care Guidelines
Capacity
Secondary Use
Health Information
Warehouse

Services Systems
Figure 19 : Health Delivery Domain Conceptual Components
The DHP proposes alignment with the pattern design view and interoperability profile. Figure 20
defined in the IHE Cross Enterprise Document provides an illustration of the IHE XDS-I profile with
Sharing for Imaging (XDS-I)70 and the RESTful a mapping to services/components within the DHP
Web-Based Imaging Access (WIA)71 profile. In for context of the reader.
this pattern, imaging reports and manifests are
shared via the NHDX to the imaging repositories 4.2.5.3 Disease & Program Specific Repositories
in the enterprise. These manifests are registered
in the record locator with select metadata (such The evolutionary nature of the blueprint and DHP
as provider, organisation, patient identity, type of it proposes means that new features and areas of
study, title, etc.) where compatible points of service concern must be integrated into the architecture
(such as EMRs, PHRs, viewers, etc.) then query for without disruption or change to existing solutions.
and retrieve manifests and radiology reports and The DHP proposes disease specific repositories of
point to the diagnostic imaging repositories (DIR) information to be created in addition to the NEHR
where the images reside. repository. The rationale for this is:
• Isolation of software solutions to fit the clinical

Additional details about the DIR design should be
use case (best tool for the job),
developed as part of the diagnostic imaging logical

• Isolation of standards based on their maturity In electronic health records systems, documents
and suitability for a particular purpose, are prepared from discrete health events within
the point of service system, then validated by the
• Existing software in use in Sri Lanka already
provider, optionally digitally signed, and submitted
implemented along disease and programs,
as a single, in-context submission to the shared
• Specialised validation logic for a particular infrastructure.
disease or program can be separated in
HL7 CDA (Clinical Document Architecture) defines
smaller solutions instead of a large monolithic
three types or levels of codification for clinical
solution,
documents73:
• Differing scopes of data can be facilitated – for
• Level 1 – Metadata about the document is
example, the storage of individual child health
codified such as patient identity, provider
records by the Family Health Bureau may
identity, classification of the document
contain information which is important for
(discharge, referral, radiology report, etc.) a
child care beyond the scope of the NEHR.
title and other metadata. The content of the
The DHP proposes using a registry of records document, however, is binary.
(the record locator) with metadata and pointers • Level 2 – The metadata from level 1 is codified,
to the various repositories of information (NEHR and structured information about the sections
Repository, Domain Repositories, etc.). This pattern of the document are also present (discharge
mimics the IHE XDS72 architecture and allows for medications, vital signs, problems/conditions,
a single table of contents to reference multiple primary concern, etc.) however the content of
repositories which are more well suited for their the sections can be un-structured.
domain of expertise.
• Level 3 – The entirety of the document structure
4.2.5.4 Clinical Document Repositories is encoded such that discrete data elements
can be computationally read and semantically
The role of documents within a health enterprise interpreted.
is important as they provide wholistic, validated,
and complete representations of an event as HL7 FHIR provides a modernisation of CDA74 via
the originating provider documented it. Clinical the Document resource, which is proposed as the
documents are a useful documentation pattern for: primary method of submitting documents to the
DHP.
• Summarising encounters or visits by an
institution (examples: discharge summaries, Because of the usefulness of clinical documents,
visit summaries) and their ability to represent original summaries
• Summarising or providing rationale for a of clinical events, the DHP proposes the
diagnosis or condition (example: diagnostic implementation of clinical document repositories
note) which can be used to store these structures.
• Summarising information between modalities The IHE Mobile access to Health Documents (MHD)75
(example: radiology report based on and Mobile Health Document Sharing (MHDS)76
ultrasound capture) profiles provide a useful pattern for storing this
• Representing signed, stand-alone medically information within the DHP. Figure 21 shows how
legal documentation from a provider which the MHDS and MHD profiles from IHE logically map
cannot be altered, transformed, or changed onto business services within the DHP.
(although, derivative information can be
extracted, the original document cannot be
changed)
Metadata for Master Patient Index

image manifests (Identity Source)
Patient Identifier Registration
Query
Source Images Record Locator / Index Point of Service
for
from modality Image
(Image Registry) (User)
Manifests
Register Pointer to Manifest Retrieve Manifest
Diagnostic Imaging
Image Repository
Repository or PACS Store Manifest Image manifests
(Image Repository)
(Image Source) only
Retrieve Images (CMOV or WADO)
Figure 20 : XDS-I Image Exchange in DHP
4.2.5.5 Inventory and Logistics Data There are HL7 FHIR resources for logistics, however
the GS1 business messaging specifications (BMS)77
The ability to deliver health care within a care
represent a more widely adopted and mature
setting depends heavily on the availability of
series of interchanges for logistics and should be
supplies for medication, surgical equipment,
implemented as part of logistics and inventory
syringes, and more. Understanding stock usage
processes in future.
patterns between organisations, and facilitation of
electronic ordering within a standardised pattern of 4.2.5.6 Care Guidelines Repository
exchange is a useful function of a health enterprise.
The care guidelines repository is intended to
The inventory and logistics data services of the DHP represent a storage solution of consistent care
are responsible for: guidelines and clinical protocols for use within Sri
• Collecting, managing, or producing inventory Lanka. The DHP considers both non-computable
reports for service delivery points throughout care guidelines (PDFs of clinical assessment tools,
Sri Lanka including reporting of stock-outs procedures, etc.) and computable care guidelines
(where care could not be delivered due to lack (CCG)78.
of supplies).
Evolutionary development of the care guidelines
• Facilitating solicited (order) and un-solicited repository should consider the implementation of
(despatch without order) supply of equipment, sharing for non-computable care guidelines using
materials, drugs, and devices to service delivery appropriate resources (such as FHIR documents or
points. a knowledgebase system), and future development
• Collecting information about breakages, loss, of CCG capabilities when sufficient maturity of the
and wastage of supplies to optimise use and DHP is attained.
reduce direct cost of replacement.
The implementation of CCGs such as WHO’s SMART
• Improving the stock management and Guidelines79 should be facilitated by distributing
distribution of materials within Sri Lanka for L2 (human readable) guidelines using the non-
health settings – allowing for predictive stock computable methods and L3 (machine readable)
management (preventing stockout situations). artifacts using FHIR Libraries80.

Master Patient Index

(PMIR Patient Id
Registry)
Patient Identifier
RegistrationReference
Point of Service Find Document

(MHDS Document References / Record Locator / Index
Consumer) Lists
Register Document
Retrieve Document Reference
Point of Service Clinical Document

Provice Document Repository
(MHDS Document Bundle
Source) (MHDS Document
Registry)
Figure 21 : MHD and MHDS in the DHP
The contents of this repository will include: 4.2.5.7 Clinical Decision Support Services
(CDSS)
• Implementation guides which contain the
overall narrative and technical descriptions of
The storage of care guidelines within the care
the standardised guidelines for Sri Lanka
guideline repository is a first step to the tracking
• Definitions and conformance statements of intelligent health systems. While robust points
for the structure of data which needs to be of service implementations can be expected to
captured from points of service. directly consume and execute/adhere to these care
guidelines, the blueprint proposes the DHP expose
• Libraries80 of clinical decision support rules
necessary services for execution of CDSS rules by
which can be executed by DHP services or
all services within the DHP.
points of service at the point of care.
• Standardised performance indicators The clinical decision support services exposed by

which can be used by the DHIW and KPI the DHP should operate as a type of CDS-as-a-
repository to disseminate the measures which service pattern, which is defined in the CDS Hooks81
implementations are expected to report or architecture.
trace.

4.2.6 Secondary Use • Automatic reporting and calculation of

secondary use data directly from points
The secondary use domain encapsulates all of service, registries or repositories using
functionality which uses clinical data for purposes definitions managed by the secondary use
other than delivery of care. The electronic Indoor system. This pattern is like an ETL process,
Morbidity and Mortality Register (eIMMR) is a except each software system computes the
primary example of a secondary use service data from its own data store and prepares a
currently leveraged within Sri Lanka, however other summary report to the DHIW.
secondary use solutions exist for programmatic and
• Automatic capture of secondary use data via
monitoring purposes. These should be harmonised
the national health data exchange based on
to provide a consistent implementation within the
subscriptions the DHIW has with the NHDX.
DHP.
• Manual electronic capture of secondary use
The primary purpose of secondary use components: data via questionnaires which are populated by
• Capture and definition of key performance administrative users. This pattern is useful for
indicators (KPI) for health systems monitoring administrative or non-clinical use cases such
and evaluation, as functional status of equipment, planned
outreach sessions, and others.
• Use of pseudonymised or anonymised discrete
records data for clinical research, measuring 4.2.6.1 Digital Health Information Warehouse
the efficacy of novel interventions, contact (DHIW)
tracing, or other use cases,
Existing systems serve the role of secondary use
• Public health monitoring such as outbreak
repository including the eIMMR, and programmatic
detection, defaulter tracing, dropout tracking,
monitoring data via various DHIS2 implementations.
• Drug and device recalls, tracking where a The blueprint proposes the establishment of a
particular drug or device has been used and unified digital health information warehouse,
needs to be recalled and/or replaced, responsible for the storage and tracing of health
• Geographic Information Systems (GIS) use data events within the DHP.
cases for plotting coverages, wait times, service The responsibilities of the DHIW include:
availability.
• Storage of measure values82 and health system
The conceptual services which compose the status questionnaire responses83 submitted to
secondary use domain, and sample use cases of the DHIW service via the NHDX
secondary use data are illustrated in Figure 22.
• Population of data directly from NHDX
Secondary use data will be collected in a variety of subscriptions as data flows through the
ways to populate the DHIW, some of which mimic enterprise
patterns of use in Sri Lanka today, these include: • Receipt of aggregate data exchange (ADX)
measurements from databases.
• Extraction of data from shared registries
and repositories via an ETL process (extract, • Disclosure of indicator measure values via APIs
transform and load) whereby historical (ADX, or HL7 FHIR Measure Reports82) which
events for a reporting period are queried can be used by authorised third-party sources.
after recordation and the DHIW populated.
This pattern is useful for trailing indicators or There are several proposed methods of the capture
population of new KPI from historical data. data and population of the DHIW in future state of
the DHP, some of which mimic current data capture

Registries
Coordinatio
n Services
Secondary Use
Health Delivery Secondary Use Cases

Repositories
Research Planning
Policy
Dashboards
Development
Health Data
Exchange
National
Public Health Programmatic

Health Information Surveillance Performance
Warehouse
KPI
ETL
Definitions
De-Identification

Services Systems
Figure 22 : Secondary Use Domain Conceptual Architecture
methods used in Sri Lanka. These information flows 4.2.6.1.1 Extract Transform Load (ETL) Services
are documented in section 5.2.4.
While the distribution of computable KPI to be
The physical design of the DHIW is out of scope of completed by software solutions is possible, it is
the blueprint, however a variety of strategies will be understood that not all software may be capable
employed depending on the use case of the data of performing these tasks. For this reason, the
marts such as: blueprint includes a provision for use of extract,
transform and load (ETL) 85 services.
• Traditional RDBMS (Relational Database
Management System) warehouse schema ETL jobs are defined by data analyst teams and
with defined data marts using a standardised written in software which supports the bulk loading
practice such as Data vault84 modelling. and transformation of data from source systems
• OLAP (Online Analytical Processing) cubes using either database extraction, or SOAP / REST API
extraction. The process then performs calculations
• HL7 FHIR MeasureReport and Questionnaire
and transformations (such as pivoting, aggregating,
response storage and retrieval
etc.) and loads the result into the target database
• An implementation of the District Health via database calls or API calls.
Information System Version 2 (DHIS2) software

4.2.6.1.2 KPI Definitions Repository • Patient identification systems.

• Public health monitoring and assessment.
The blueprint proposes the implementation of a
• Confidential patient-safety reporting (e.g.,
repository which can be used to allow the central
adverse drug effects).
line ministry of health to define indicators for which
they would like PoS or the DHP infrastructure to • Comparative quality indicator reporting.
capture. • Peer review.
• Consumer groups.
These definitions should be managed and
• Medical device calibration or maintenance.
maintained by a KPI definitional repository which
is used to express the standardised computation of The information flow and process for de-
these indicators from software in use in Sri Lanka. identification is described in further detail in section
The form of these definitions could be: 5.2.6.3.1.
• Narrative form such as a Wiki or PDF,
4.2.7 Security & Privacy
• Executable form such as Clinical Quality
Language (CQL)86 or Structured Query Language Security and privacy concerns are a cross cutting
(SQL)87 functionality of all services within the blueprint
and its ultimate implementation in the DHP.
• As FHIR definitions such as:
In the modern world, network and software
a. Measure88 - for data which can be computed vulnerabilities mean that services and points of
directly from FHIR resources service cannot simply rely on the DHP and NHDX
b. Questionnaires89 - for data which cannot security, and each service is expected to adhere to
be computed but must be captured on a relevant technical principles related to privacy and
regular cadence (example: regular reporting security (see Functional Principles of Digital Health
of cold storage functionality) Solutions).
The definition of these artefacts can be downloaded The shared services related to privacy and security
by the capable points of service, registries, and are illustrated in the context of the broader digital
repositories to produce necessary measures to the health platform in Figure 23.
health information warehouse. The primary concerns of the privacy and security
components of the DHP are:
4.2.6.1.3 Data De-Identification
• Certificate Management used as the basis
Whenever a third party requires individually for cryptographic digital signatures, node
identifiable data for programme objectives, a authentication, and encryption of data.
process of de-identification should be performed.
• Authentication Services to ensure application
and (in the future) identity and access control
The de-identification service within the secondary
of DHP resources.
use domain will provide services for the appropriate
de-identification of data based on requirements of • Consent Services used to track the opt-in or
how the data will be used. ISO/TS Standard 2523790 opt-out of patients and enforcement of tagged
describes the objectives of de-identification, and policies.
includes: • Common Auditing services, vital to ensure
appropriate access to health data, investigating
• Secondary use of clinical data (e.g., research).
misuse, and providing patient’s summaries of
• Clinical trials and post-marketing surveillance.
who is accessing their data.
• Pseudonymous care.
• Consistent timestamping services

Registries
Coordinatio
n Services
Health Delivery
Repositories
Health Data
Exchange
National
Secondary Use
Health Information
Warehouse
Security & Privacy Services
Certificate
Time Keeping
Authority Operational Support
Audit Repository Systems
Consent
Identity Provider
Management
Figure 23 : Security & Privacy Domain Conceptual Architecture
4.2.7.1 Time Keeping / Consistent Time 4.2.7.2 Certificate Services
When integrating health data and security events The principles and design of the blueprint relies
between nodes on different infrastructure on cryptography to protection of data at rest, in
hardware, and between organisations, it is of vital transit and for digital signatures (establishing trust
importance that a consistent “official” time be kept of data). The DHP should provide services related
within the enterprise. to functions which support this including:
• A Certificate Authority (CA) which is responsible

The DHP proposes either the implementation of a
for issuing, revoking, generating, and managing
time server, or the adoption of a consistent third-
encryption certificates using RSA public/private
party time server (such as time.windows.com).
key architecture93
This service should adhere to the Network Time
Protocol (IETF RFC1305)91 and the considerations • A key distribution service (KDS) which allows
for an enterprise timekeeper is described in IHE services to obtain public keys for validation
Technical Framework92. of signed data following the JSON Web Key94
specification. The key distribution service
should be publicly available and should use the
JSON Web Key Set95 pattern.

4.2.7.2.1 Security Certificates • Provide privacy access logs which indicate what
user accessed which data and why.
Creating or adopting an existing certificate authority
is a relatively straightforward and provides benefits • Inspect daily activity for unusual events such as
such as: too many login failures by a user, requests for
data from unusual places, etc.
• Authentication of device nodes96 can be handled
via TLS which provides a robust mechanism • Prove that the users are following policy to
for blocking access to the DHP services to access only appropriate data.
unauthorised nodes (or devices which lack an • Perform investigations on inappropriate
appropriate certificate). accesses.
• The MoH can issue, and revoke encryption
Audits differ from application logs in that an audit
certificates used for data transmission and
is not merely a free-text stream of application or
storage.
systems events, rather they represent structured
• Intermediate certificate authority can be used and curated notifications of events which impact
to delegate the issuance and revocation of the security, privacy, and data integrity of the
certificates. DHP. The goal of the security audit repository is to
• Trust for digital identity can be established via answer:
the certificate chain. • What event occurred?
• Digitally signed data can be trusted (or not • When did the event occur?
trusted) based on the issuer of the certificate
• Who (what people, organisations, users, devices,
used to sign data (example: digital health card
applications, etc.) was responsible for the event?
signatures97).
• Which resources were impacted by the event?
The chain of trust for the DHP can be based and
delegated based on provincial and central areas of Points of Service within the DHP are required to
concern as illustrated in Figure 24. keep localised audit trails within their own system
software and should provide standardized APIs for
4.2.7.3 Audit Repository query of those audits when requested.
That NDHGS defines the need for all digital health Additionally, events in all interoperability profiles
solutions to maintain an audit log of all creation, will indicate when PoS systems are required to
read, update, and deletion of health information98. send client side-audits to the central DHP audit
The blueprint strongly proposes the DHP provide a repository. Certain classes of events will require
centralised audit record repository at the earliest order to aide in inappropriate access detection.
possible stage of the DHP development. These may include access to auditing failed
searches, events where a security or consent block
Audit repositories are vital within a health system
was triggered, etc.
as they provide a complete list of logical security
and data events which occur within the enterprise The IHE ATNA (Audit Trail and Node Authentication)
and allow for investigation and tracking of user profile provides detailed documentation of the role
activity for compliance and patient privacy audits. and use of an enterprise audit repository within a
A well-supported audit repository within the DHP health enterprise99 and the blueprint recommends
allows administrators to: implementation of an audit repository which
• Produce privacy accounting and disclosure supports one or more of the following interchange
reports which indicate to whom and when data standards:
was disclosed.

Government Root
CA
MOH Issuing Cert
Dompe Access LRH Access Private Hospital

Certificate Certificate Access Cert
Figure 24 : Certificate Chain of Trust
• IETF RFC3881 over SYSLOG (UDP or TCP)100 digitally signed (to prevent tampering) from a
centralised identity provider using the credentials
• NEMA DICOM Audits101
issued to the PoS using OpenID Connect104 and
• HL7 FHIR AuditEvent102 resources (preferably OAUTH 2.0105. This implementation should be
using a standardised profile such as the RESTful
compatible with SMART on FHIR106 and IHE Internet
ATNA profile from IHE103)
User Authorization (IUA)107.
The logical information model of the structure and
The DHP will initially use a web of trust pattern for
contents of audits is discussed in further detail in
user authentication to reduce the complexity of
section 5.2.4.
deploying a centralised enterprise single-sign-on
infrastructure. In this model, the presence of an
4.2.7.4 Identity Provider
application key, and node authentication certificate
The Digital Health platform uses a services-oriented will only be issued to PoS solutions which have been
architecture whereby requests will be transmitted validated to properly authenticate user credentials.
between software solutions via API service calls. A signed user assertion will be provided by PoS
This requires that each API know the identity of the solutions until enterprise SSO can be established
calling application to apply specialised business for the DHP.
rules, access controls, or privacy controls.
4.2.7.4.1 Application Authentication
The DHP will use a bearer token strategy to facilitate
the transmission of authentication context between The issuance and revocation of API keys individually
services. The bearer token will be generated and on each solution with the DHP would be time

consuming, a prone to issues (revoking access 4.3 Evolving the Blueprint

requires that all access is revoked). The identity
provider is proposed by the blueprint to be the Technology is an ever-evolving discipline, and
central manager of application identity and API the DHP should evolve as new technologies
keys. The revocation of an API key on the identity and integration techniques arise. The structure
provider would also result in immediate revocation of the blueprint and its supporting documents
to all services in the DHP. This flow is illustrated in (as described in section 2.3.1) separates the
Figure 25. concerns related to the blueprint into subordinate
documents. This allows the documented function
4.2.8 Operational Support of the DHP components to evolve independently.
Operational support systems are vital pieces There will, however, be requirements for changing
of an enterprise as they assist in the effective the enterprise architecture over time, and the
management and use of personnel resources blueprint proposes a mechanism to integrate
within the MOH. The operational support services and manage change (illustrated in Figure 26).
identified within the DHP describe services which This structure also applies to the development
the MOH and ICTA provide which are not directly interoperability profiles and other assets. The
related to the sharing of health information. These proposed structure foresees three working groups
services, however which can leverage the shared aligned with the business domains in the blueprint:
security infrastructure.
• Health Administration: Concerned with those
The operational support concerns include: components in the Health Administration
domain
• Learning Management Systems (LMS) which to
provide e-Learning courses to staff, providers, • IT Infrastructure, Privacy & Security: Concerned
administrators, and other users of the DHP. As with the components in the Shared Infrastructure
the DHP functionality grows, new policies are and Privacy & Security domains of the blueprint
enacted, or general business processes, and new • Health Delivery & Secondary Use: Concerned
technologies invented the change management with the components in the Health Delivery,
will be an important factor facilitated by the Secondary Use and DHIW domains of the
LMS. blueprint.
• Helpdesk(s) and issue ticketing systems are a
The blueprint also proposes three cross-cutting
key piece of any operational enterprise software
review committees to coordinate activities between
solution. It is important to ensure that operators
these working groups:
of points of service solutions have a solution
where they can raise issues, and follow-up on • E-Health Standards Review & Coordination
the status of those tickets. Committee: Comprised of Architecture Review
• Enterprise Knowledgebases & Document Board (ArB), Privacy, Security & Ethics Review
management solutions are important for the Board (PSErB), and the Health Systems
management and dissemination of policies, Management Review Board (HSMrB). These
circulars, technical documentation, or public groups provide review and input and guidance
documentation whilst maintaining a complete to the three working groups.
set of version history for documents. • Implementable Technology Specification Group
(ITSG): Aligns the conceptual and logical views
with the implementation technologies.

78
|
User Point Of Identity Audit

NHDX
Agent Service Provider Repo

DHP Operation
Get Access Token
Validate API Token
Audit Authorization
Access Token

Request + Bearer Token
Figure 25 : Client Credentials Flow

MOH Other Ministries
Governance HIU
E-Health Steering
Committee
Certification & Conformance Group

Coordination Committee (EHSRCC)
E-Health Standards Review &

ArB
Implementable Technology
Specification Group (ITSG)
Blueprint Implementation
Blueprint Development
(C&CG)
PSErB
IT Infrastructure, Privacy & Security
HSMrB
Health Delivery & Secondary Use
Figure 26 : Blueprint Modification Structure
• Certificate & Compliance Group (C&CG): If necessary, the responsible working group will
Concerned primarily with developing measures consult relevant stakeholders (implementers,
of compliance for implemented components vendors, ministries, etc.) to validate the
(quality assurance). requirements of the change.
The change management process begins with

Once complete, a draft is reviewed by the ArB,
the submission of a change request from one of
PSErB, and HSMrB, followed by a final review by
the working groups, or from an implementation
the EHSC/HIU. If no changes are required a new
partner, vendor, or institution.
version of the blueprint document is published. If
changes are identified, they are re-routed through
The ArB should then review the change request
the change management process. If no changes are
during a regular meeting, and will identify the most
required to the draft, then a new, amended version
responsible assignee for the implementation of the
of the blueprint is published. An overview of this
change. The scope of change is then classified:
proposed process is shown in Figure 27.
• Simplification: A change to an existing component
Implementation of new components will follow
which is intended to clarify its meaning.
a realization plan (in the same pattern as the
• Incremental Change: A new component or an initial implementation of blueprint components).
addition an existing component or section which Changes or modifications to existing parts of the
does not impact its role or functioning. blueprint will manifest as new versions running
• Re-Architecture Change: The change represents alongside the existing components until the
a rewrite or change of an existing component previous version may be retired (i.e. all services
which changes the way it or the blueprint have been updated). This keeps with the principle
operates. of Evolutionary Development.

80
Blueprint Change Management Process
|
Phase
Changes Required
New Version of
MOH/HIU Architecture
Yes Blueprint
Approval
MOH
EHSC / HIU /
Changes Required
No Changes Required
Identify
Responsible Classify Scope Architecture
ArB
Business Domain of Change Simplification / Review
& Working Group Clarification
Implement Draft for Review

simplification in
the blueprint
Incremental Change
/ Rearchitecting
New Function or Business,
Feature is required Application,
Begin Analysis of

which is not Technical
present in the Changes Required
Architecture
blueprint Updates
Working Groups
Stakeholder
Engagement
Change to
blueprint to
Requirements
support
Validation
implementation
Groups
project
Stakeholder
Figure 27 : Blueprint Change Process
Information Architecture | 81
5.
Information Architecture
5.1 Current State Nutrition, Mental Health, Cancer, and others.

Disease surveillance includes active and passive
The current state information architecture was surveillance for communicable diseases, vaccine
adapted from the Digital Health Enterprise preventable disease, and other vector borne
Architecture Plan (1) and summarised in this diseases.
document for completeness (Figure 28). It provides
a high-level overview of the structural design of Surveys are conducted by Ministry of Health
shared health information in Sri Lanka. The primary including the Service Availability and Readiness
information convergence points are the MOH and Assessments (SARA), the STEPwise non-
non-MOH ministries for scoping data and depicts communicable disease risk factor survey (STEPS)
both electronic and paper-based information and facility surveys. Additionally, surveys are
systems. conducted by other ministries such as the
Demographic Health Survey (by Department of
The public sector’s preventative service information Census and Statistics).
streams have matured for over a decade, and the
information channels can be logically grouped The primary method of electronic data capture
into programmatic and surveillance information. within Sri Lanka is the Health Information
Programmatic information follows program Management System (HIMS) SWASTHA and the
specific monitoring activities such as Immunisation, Hospital Health Information Management System

82
|
Non-Health Ministries Ministry of Health
Department of Census & Statistics
Preventative Health
Information Architecture
Health Statistics Information Systems

VSU-RGD
(eIMMR) Drug & Stock
Management
Electronic Health
Public Sector
CRVS System
Records (EHR) HRMIS
Special surveillance
Surveillance on select diseases
Cloud
Surveys HIMS HHIMS OpenMRS Systems
HMIS Sentinel site
Surveys (e.g. SARA, surveillances
STEPS)

PHSRC
Client oriented
Health Insurance health information
Information Systems Private Sector
systems (mobile
Health Systems
apps, health
In Scope of DHP
Private Sector
management apps)
Out of Scope DHP
Figure 28 : Baseline Information Architecture

Health Delivery
Privacy and Security Services

Event Link
Role Granted To Policy
Episodes of Care
Protects Protects
Patient Subject Of Event

Assigned
Serves
Providers Performs
Derived From
Secondary Use
Organisation Employes Health Worker
Occurs At
Measures Drives Reports / Dashboards
Operates Works At
Provides
Supplies Consume
Defines Drives

Health Institution /
Capability Provides Owns / Holds
Facility Medication / Drug Medical Device
Indicators / KPI Surveys /
Defines
Definitions Questionnaires
Figure 29 : Enterprise Data Entities and Relationships

Information Architecture |
83
84 | Information Architecture
(HHIMS) which are responsible for gathering Government insurance programs like the National
information within the public government curative Insurance Trust Fund (NITF) have more loose
settings. Summary records are generated from information flows to/from public and private
these and sent to the electronic Indoor Morbidity healthcare institutions, and these are linked by
and Mortality Record (eIMMR) either in an the Ministry of Finance. The Private Health Sector
automated or manual method of generation. Regulatory Commission (PHSRC) supports the
linkage of information statistics from private
Other disease specific registries are maintained institutions to the MOH.
with various levels of organisation which were not
evaluated within the current state analysis (such as 5.2 Proposed Future State
stroke, vascular registry, Chronic Kidney Disease
(CKD) and others). The solution proposed by this document in section
3.3, organises areas of concern within a series of
Information flow of curative and preventative
business domains. These business domains provide
services is interspersed with information provided
an overall grouping of logically related functionality
via supportive services. These include blood
for a future state digital health platform.
transfusion services, and other data streams
such as laboratory information, drug & stock
5.2.1 Enterprise Entities & Relationships
management, administrative information, human
resources, education and training, and financial
The enterprise blueprint provides an enterprise
information which is directly provided to MOH.
view of logical information entities and their relation
These flows have a weak association with those in
to one another. Figure 29 and Table 2 provides
the curative and preventative health sectors.
an illustration of the high-level enterprise entities
considered for management within the DHP and
5.1.1 Private Sector / Insurance logical relationships to one another.
Private sector actors play an important role in the The responsibility for managing the components
health information ecosystem of Sri Lanka. Private of the logical data model lay with the business
sector solutions provide mortality and morbidity services defined in the DHP.
data to the eIMMR system and are linked with
various client-oriented health information systems
deployed within private health institutions. It is
important to identify private health insurance
industry currently contains a rich source of verified
health data which flows between providers and
policy holders. These flows are not linked to the
MOH or any government bodies.

Table 2 - Enterprise Data Entities and Relationship
NDHGS
Entity DDescription Service(s)
Ref [2]
Role Governed roles which a user, or health Identity Provider

worker plays within the enterprise (i.e.,
General Staff, Patient Administration, HIV
Specialist, etc.)
Policy A defined access or action policy which are Identity Provider,

granted to roles and assigned to sensitive Consent Management
patient data within the DHP (examples: Service
General Information, Taboo Information, No
Secondary Use, VIP Data, etc.)
Patient The recipients or clients of care. Master Patient Index 7.2
Providers A logical grouping of organisations and Provider Registry 7.4

people from whom care is received by a
patient.
Health Worker Physicians, Nurses, Medical Officers, Provider Registry 7.4

Community Health Workers, Specialists, or
other medical (and non-medical) people
who provide health services.
Organization NGOs, Private Medical Corporations, and Provider Registry
units of the MOH (DDG Dental, DDG MS 1,
DDG PHS 1, etc) which provide health
services to patients. This may also include
organizations that provide healthcare
supporting services such as facility
and equipment maintenance services,
transportation services for patients and
supplies, dietary services, etc.
Health Healthcare institutions such as hospitals, Facility Registry 7.3
Institution / clinics, private imaging clinics, dental clinics,
Facility or other locations where services are
delivered to patients.
Capability A standardised description of a service, Provider Registry, Facility
certification, speciality, device/modality, Registry
surgery theatre, or other capacities that a
provider or facility must deliver to a patient
(used primarily in service discovery)
Supplies Materials which can be ordered, dispensed, Medication / Drug
installed, or used for the delivery of care Registry, Medical Supply
(used for consistent inventory tracking, Registry
ordering, etc.)
Medical Device A medical device which is installed or used Medical Supply / Device
to care for a patient such as prosthetics, Registry
insulin pumps, pacemakers, stomas, and
other such devices.

NDHGS
Entity Description Service(s)
Ref [2]
Medication / A substance which can be prescribed, Medication / Drug
Drug administered, or dispensed to a patient. Registry, Inventory and
Logistics Data
Event A Health Care Event ("Event") is a healthcare NEHR Repository, 7.7
act of service or clinical interaction that is Medical Imaging
worth noting. An event normally represents Repositories, Disease /
the performance of some health service Domain Repositories,
activity, possibly in accordance with a Document Repositories
request or service definition. An Event
can be an isolated interaction or a part of
a multi-step workflow, process or clinical
guideline. An Event can be in the past,
present or future.
The DHP is used to track Events which

should, will, did or did not occur to the
patient and which are clinically relevant
for sharing between care settings and
providers, or relevant for reporting
purposes. These can be requests (orders),
best practices (CDSS), scheduled events
(intend to occur), occurred events, goals, or
documents/summarisations which describe
such events.
Event Link Links which occur between Event

occurrences. These are used to track clinical
order management (from request, to
promise to fulfilment), stock flows (order,
despatch, and receipt), links between visits
(for chronic care, or disease care), as well as
hospitalisation (admission to discharge)
Measures Values which are aggregated from care DHIW
delivery events or captured discretely via
surveys and questionnaires upon which
management decisions are made.
Surveys / Defined facility, organisation, or provider DHIW
Questionnaires questionnaires for secondary use (example:
number of operational fridges, planned
outreach sessions, etc.) which must be
gathered manually.
Indicators / KPI The definition of measures which are to be KPI Repository

observed from the health system. These can
be computed indicators/KPI, or indicators
which are collected manually from health
institutions via surveys.

Repository / Audit
PoS NHDX IdP
Registry Repository
Get Access Token (API Key)

+ User Assertion
Access Token + Identity Token

+ Signed User Assertion
Prepare Payload +
Sign Payload
Submit Payload +
Access Token
Payload + Access Token
opt
Validate Access
Token
Perform Business Function
Operation Result Audit Operation
X
Off-Ramp Mediation
Operation
Result +
(opt.) Signature
opt
Sensitive Operation
Prepare Audit + Sign
Submit Audit
+ Access Token
Audit + Access Token
Figure 30 : General Information Flow of Data Through the DHP

5.2.2 General Pattern of Information 6. The registry or repository service will perform
Flows in the DHP whatever business tasks is needed to execute
the instructions in the payload.
The pattern of exchange between systems within
7. After completing the operation, the
the DHP will vary depending on the profiled
registry or repository will audit that it has
standards used. However, regardless of the
completed requested task and will return the
business trigger, and/or standard used, there
appropriate response to the NHDX.
is a general pattern of information flows for
transactions between applications within the DHP. 8. The NHDX will perform any off-ramp
This pattern of information flow within the DHP is mediation which includes:
illustrated in Figure 30. The overall process flow is: a. Logging the response / result,
1. Obtain an authentication token from the b. Validating the message response,
central identity provider with appropriate c. Masking or removing internal tracking /
scope (for the application, or user depending correlation data.
on the authentication context) 108.
9. The NHDX will return the result of the
2. Generate the payload to be sent to the server operation (the acknowledgement) to the
and digitally sign the payload using the device original point of service application which will
(and optionally the user’s) signing credentials. then perform whatever business function it
3. Call the NHDX service endpoint with: desires.
a. The device’s issued client certificate 10. If indicated in the interoperability profile, the
(client TLS), Point of Service audits the operation on the
NHDX.
b. The identity token obtained from the
identity provider,
5.2.3 Health Events
c. The message header information if
appropriate (trigger event id, message id, The NDHGS (2) document defines the minimum
purpose, etc.), dataset for the NEHR. The minimum dataset for
d. The signed data payload. the NEHR is primarily focused on the following key
4. The NHDX will perform necessary on-ramping transactions:
/ receive mediation such as: • Healthcare Encounter (Admission, Visit)
a. Validating the message structure • Laboratory Test Results
b. Validating the API access for the • Imaging Examination Results
requesting system • Medication Administrations
c. Logging the message receipt and • Medication Dispensing
identification
• Procedures
d. Notifying subscribers of the message
• Discharge Summary
receipt
• Death Declaration
e. Adding internal tracking or correlation
data The blueprint considers these transactions and
5. The NHDX will route the message to one their component data elements, as the basis for
or more appropriate repository or registry further extension to an enterprise information
services keeping the original authentication model for health event entities in the blueprint
context (bearer token) intact. shown in Figure 31.

Events
Diagnosis / Problems Imaging Event Links

Location / Facility
Allergies & Intolerances Condition Imaging Requisition

Encounter
Fulfills
Occured At
/ Recorded At
Imaging Examination Documents
Adverse Reaction Pregnancies Results In
Result
Appointment
Medication / Drug Documents
Cause of Death Behavioral Risks Medical Images

Comsumes Transfer / Referral
Health Risk
Performs / Family / Social History
Admits / Assessments
Health Worker Laboratory Care Plan
Discharges /
Authors / Documents
Enters Lab Results
Documents
Manages Pharmacy
Organisation Specimen Collections Fulfills Documents
Referral Note
Vaccine Administration Requires
Regular Medication
(Immunization)
Subject Of Lab Orders
Discharge Summary
Documents
Patient Is A Leads to Dispense
Surgery Diagnostic Report
Uses Fulfills
Documents
Medication
Prescription
Administration Procedure Request
Medical Device Fulfills
Procedure
Figure 31 : Event Information Model
The concepts which are extensions of the NEHR • The source of the transaction (the sending
model are illustrated in lighter colours, and high- system’s IP address, and security identifier).
level relationships are shown between relevant
• The destination of the transaction (the recipient
entities.
system’s IP address, and security identifier).
5.2.4 Security Audits • The user who made or initiated the event.
• Any proxy or routing information (the contents

The information model for security is illustrated in of any forwarding information) as it allows
Figure 32, and based on several sources include for tracing back to the original source of the
IETF RFC-3881109, NEMA DICOM Section A.5110, and request.
HL7 FHIR111.
Additionally, an audit must identify an audit source,
The focal entity for the audit event is a description which describes the system which detected the
of the event that occurred. This includes the event (the registry, the NHDX, the repository, etc.)
exact timestamp that the event was detected, the which provides context as to the origin of the audit.
transaction that was performed, the classification
of the event operation (create, read, update, delete, Finally, audit events should include the list of system
or execute), the classification of the event (query, objects or resources which were impacted in the
run job, import, export, etc.). event. The object impacted relationship should
contain the identification of the object which was
The audit events are linked to the security identities impacted (its resource id), the nature of the change
which were involved in the performing of the event. (see 5.2.6.3), and any other classification data which
These are important for identifying “who” was helps identify the object.
involved in the event and the nature of the role in
the event. Audits will typically have the following
actors specified:

Objects
Requestor
User Identity Event Link Event
Objects Patient Health Worker

Device/Node Identity Security Identity Actors Audit Event Impacted
Organisation Location / Facility
Application Identity Medication / Drug Medical Device

Source
Figure 32 : Logical Information Model for Audits
The list of events which trigger audits should be 5.2.5.1 Secondary Use Information Flows
specified in the solution views for each transaction 5.2.5.1.1 Submission of Aggregate Data
with the DHP infrastructure, as well a common
system event such as: In this pattern, an information source (such as
HHIMS or the NEHR Record Repository) downloads
• The service or software has been started or
or otherwise obtains (and is configured) with one or
stopped.
more KPI definitions from the KPI definition registry
• The service or software has begun or stopped and sends appropriate data to the DHIW (in FHIR
recording audits. parlance this is a Measure112 definition).
• A user has authenticated themselves or logged
This pattern of data flow matches the current flows
off.
from HHIMS, HIMS and CloudHIMS to the eIMMR
• Attempts to perform invalid executions are with the exception that the target is a general
performed. purpose DHIW solution (i.e., all aggregate indicator
• The service or software configuration has been reports are sent to one DHIW rather than multiple
changed or modified. aggregate reporting systems), and that indicators
are sent via the NHDX. Additionally, the use of
digital signatures should be used to indicate that
5.2.5 Secondary Use
values submitted have been reviewed and “signed”
As described in section 4.2.6, there are a variety as accurate.
of methods in which information may flow from
On a regular basis, source system will use this
primary points of service applications to the digital
definition to compute or calculate the output values
health information warehouse for subsequent
based on information which is stored within its own
use in a variety of secondary use cases. These
data store. The results of this calculation are then
information flows mimic current information
sent as aggregates to the DHIW.
flows between disease specific programmes, and
the Hospital Information Management System
This information flow should use ADX113, HL7 FHIR
(HIMS) SWASTHA, Hospital Health Information
Measure Report 114 resources.
Management System (HHIMS) and Cloud Hospital
Information Management System (cHIMS) to the
5.2.5.1.2 Submission of Questionnaires / Surveys
electronic Indoor Morbidity and Mortality Register
(eIMMR). This pattern aligns with manual data capture of
indicators within for programmatic and surveillance
tracking. In this pattern, a central repository of
surveys (in FHIR parlance Questionnaires115) is
obtained by a compatible digital health solution.

KPI
Repository DHIW
Repository
Get KPI Definition
Computable KPI Definition
Calculate Values
Post Aggregate
Values
Figure 33 : Automated Aggregate Data Exchange Pattern
Compliant KPI
User NHDX DHIW
EMR Repository
Get
Questionnaires
Get Relevant Questionnaires
Questionnaires Questionnaires
Complete
Questionnaire
Questionnaire
Response
Post KPI Values /
Questionnaire Response
Figure 34 : Survey Population of DHIW

Repository DHIW ETL
Records Matching X during Y
Records Matching X during Y
Compute
Post KPI Value
Figure 35 : Using ETL to Populate DHIW
A user then completes the survey for the reporting 5.2.6 Information Management
period and submits the completed survey Principles
(QuestionnaireResponse116) to the NHDX for
population of data within the DHIW. 5.2.6.1 Data and Information Policies
The information which is created, amended, and
5.2.5.1.3 Extraction, Transform, Load (ETL)
disclosed does not exist in a policy vacuum, and the
Another information flow from a source repository creation and use of sensitive information should be
within the DHP to the DHIW is the use of traditional considered whenever data is exchanged between
ETL patterns. organisational boundaries. All participants within
the DHP should define and share information
In this pattern, a dedicated ETL provider service will policies related (but not limited) to:
query data from one or more repositories within
• Data Sharing Policy: Documentation related to
the DHP on a regular cadence and will perform
the intended use of information stored within
aggregations, de-identification, pseudonymisation
the DHP, and the expectations of quality.
or other processes before pushing data to the
Additionally, data sharing policies should
DHIW.
set forth constraints or grants on disclosure,
delegation of responsibility, and requirements
5.2.5.1 Near-Real-Time Reporting
for auditing and accessibility.
Another pattern of populating secondary use data • Data Retention Policy: Documentation and
Near-real-time calculation of KPI values directly tagging related to the archival and disposal of
from events which occur through the NHDX or data within the enterprise. This includes how
service bus using subscriptions on the service bus long, for example, data is relevant to reside in
(example: whenever a positive diagnosis of Dengue the patient’s record, as well as the expectations
is suspected, the public health program is notified). of retention within points of service. Policy
should also set forth appropriate methods
The blueprint proposes using FHIR Subscriptions117
for archival, retrieval, and destruction of data
for management of subscriptions. The notification
based on events (death, birth, etc.), time limits
of the backing system (in this case the DHW) is a
(delete within 5 days of download or transfer)
rest hook or push notification target.
or use limits (delete immediately after using).

Compliant
User NHDX Repository DHIW
EMR
Create
Data of Interest Record of
Interest
Record Data
Acknowledge Acknowledge
Subscription Check
Post Record Data
Figure 36 : Near-Real-Time Reporting
• Disclosure Labels and Policies: Data stored • Where did the object originate from? (it’s
within the DHP in the NEHR or other provenance)
registries and repositories should have • What was the intended purpose of the data?
security and policy labels appended directly
to the information (as an example, FHIR The format and structure of this metadata will
defines security labels for data118). All depend on the originating structure, for example
participants on the DHP must adhere to HL7 FHIR resources use the Meta property119 on a
these tagged disclosure policies and should resource, whereas DICOM objects use metadata
take appropriate action (masking, redaction, elements120. Regardless of the originating format
removal, etc.) to appropriately enforce these and structure, metadata which is received,
policies. Disclosure and security labels MUST generated, and disclosed to points of service should
NOT be removed from information when be stored and associated with the original data to
downloaded locally within a PoS. which it was attached whenever it is transferred.
Further technical discussion about consent 5.2.6.3 Information Lifecycle Management

directives and disclosure/capture policies is
contained in section 6.2.10. Information, which is provided to the DHP,
whether in the NEHR or other repositories and
5.2.6.2 Maintenance of Metadata registries, follow a common lifecycle. Whenever
auditing access, disclosure, or updates to clinical
Metadata refers to information about a primary set
information within the DHP, it is important that
of data which provides additional information on a
audits, processes, and logs understand the lifecycle
resource such as:
event which occurred.
• What is the version of the resource which has
been accessed? IETF RFC3881121 provides a complete series of states
for the lifecycle of health information, and a useful
• What was the last time the resource was
modified? subset is summarised in Table 3.
• What is the status of a business workflow being

actioned on this piece of information? (Is it
approved, preliminary, etc.)

Table 3 - Information Lifecycles
Lifecycle Stage Description Examples

Creation / Origination The clinical information was created based Recording Weight of Patient
on a real-world event or observation.
Import / Copy of Original The clinical information was created as a NHDX receiving information
copy of another record. from an EMR
Amendment The clinical information was amended with User corrects a lot number of a
updated values. Whether the original copy vaccination event.
exists will depend on the capability of the
repository storing the data. Since triggers
and third-party systems should have been
notified of the original and already taken
actions on it, it is important to understand
the amendment or change of data over
time.
Verification The clinical information was verified by a A physician has reviewed the
third-party system, or solution. data and has certified it to be
true.
Translation The clinical information is not as The NHDX upgrades a message

represented in its original form, however, from FHIR R4 to FHIR R5
is a translation of the information
format. This is useful from a medical/
legal perspective since it indicates that
a computer process (or third party) has
changed the structure of the data from
original.
Access The clinical information is being accessed A matching process in the MPI
by a system process, job, ETL, for internal reads a clinical record for its de-
processing. duplication logic.
De-Identification The clinical information represents An extract of sample data for a

a copy of an original where research study.
identifying information was removed,
pseudonymised, or fuzzed to protect the
identity of the subject of care.
Aggregation or Derivation The clinical information was aggregated Generating an indicator

into a derived form (if referencing the measure from a KPI definition.
derived data, the information was derived
from a source)
Export / Copy to Target The clinical information is being exported A PACS sending an image to
and sent to another system (in original another point of service.
form)
Disclosure The clinical information was being A patient record which appears
disclosed to an outside system, user, in a demographics query
organisation, etc. initiated by a physician.
Archiving The clinical information has been archived Data through a retention
as part of a data retention or backup service has been removed from
procedure. primary storage to an offline,
long-term backup archive.

Logical Deletion The clinical information has been flagged An observation entered in error
as “deleted” and does not appear in is withdrawn.
live search results and is not available
for discovery by users or services. The
information still exists in the physical data
storage technology.
Permanently Erased The clinical information has been purged Data about a patient is purged.
from the physical data storage. It is no
longer available.
5.2.6.3.1 De-Identification
DHIW (Warehouse)
Warehouse Record
De-Identification AEFI Event: 2022-07

Source Record Process Vaccine: SII OPV Lot#123
Discrete Data Marts
Patient: XXXXX, Male, 2022-03
AEFI Event: 2022-07-29
Vaccine: SII OPV Lot#123
Patient: Chandra, M, 2022-03-04
# of AEFI Events: 1
ETL
Aggregate Data # of Males with AEFI: 1
Marts AEFI Events 0-6 months: 1
Figure 37 : Data Flow for De-Identification
Whichever techniques are employed however, to different repositories, registries and points of
de-identified data can still be full of identifying service will degrade over time unless care is taken
information and will still need extensive privacy to prevent this.
protections. The design and operation of any de-
identification profile or system must be validated For example, one can imagine a scenario for a
and monitored. pancreatic cancer diagnosis. In the NEHR, such a
diagnosis would contain:
The NDGS identifies the need for de-identification
• Codes which indicate the diagnosis, finding
procedures in 6.2.2 however does not specify the
site, prognosis, etc. (ICPC, ICD, etc.)
methods of this de-identification due to the varied
secondary uses of data. A comprehensive practical • A link to the patient identity (in the Master
approach to the de-identification of data is provided Patient Index)
in the IHE De-identification Handbook122.
• A link to the organisation which authored the
5.2.6.4 Referential Integrity Between Services diagnosis (in the Provider Registry)
• A link to the facility/location where the

In an enterprise environment where information
diagnosis was made (in the Facility Registry)
is exchanged between organisations and systems,
referential integrity of data becomes increasingly • A link to a treatment/care plan
difficult. Links contained in events which point

• A link to the person who entered the data, A consumer of this information would have only
a partial picture of the health event. This problem
performed the test, authored the result
is especially difficult to maintain if using HL7 FHIR
report
outside of SOA patterns124.
• A link to the diagnostic image order,
result, reports which was used to form the To mitigate this type of condition, the blueprint
diagnosis (in the source RIS/PACS) proposes that all exchanges of information and all
data storage within the DHP services will:
If these links are stored on different solutions,
they may become unavailable over time due to a • Encapsulate all the data submitted to the
variety of reasons: DHP in a single transaction bundle (see
section 6.2.5)
• The software solution may be temporarily
unavailable (due to maintenance, • Avoid using permanent erasure of data, and
configuration change, etc.) provide logical deletion of data (i.e., prevent
discovery of old data, however, allow direct
• The data may have been archived and/or retrieval, where possible)
purged for retained information, or may
have been logically deleted and is no longer • Store summary or snapshot data of the
available123 referenced data and provide narrative
description information for the reference125
• The data may have been moved or its
security tags/policies changed since the • Store and reproduce the entirety of the
original reference to the remote server was resource/record text (i.e., structural data will
made and the reader system may not have be unavailable, but in-context narrative is
access to the updated resource (under the available)126 when queried, so that a human
new security policies) reading the information can be provided
a complete context of the event which
occurred.

Technology Architecture | 97
6.
Technology Architecture
This section describes the technical and functional 6.1.1 Privacy and Security Control by
principals for components within the blueprint. Design
6.1 Technical Principles A Citizen should have full awareness and be in

control of the collection, processing and use of
This section describes the technically oriented health data related to them. Where possible data
architectural principles that are to be used when should be shared through links that refer to the
designing solutions based on the blueprint. original source of the data, or APIs that can provide
Solutions that align to these principles offer a near real-time access, rather than the use of data
fundamental level of compliance to the blueprint replication techniques to reduce duplication and
architecture. Components, services, or applications storage of copies of data in multiple locations.
that are not in alignment with these principles will Avoiding storage of unnecessary copies of data
considered be non-conformant to the Enterprise assists in data governance by providing a “single
Architecture Blueprint. source of truth” and helps to protect privacy
by limiting data proliferation and unnecessary
exposure.

98 | Technology Architecture
Specifications for data and information exchanges 6.1.2 Use of Open Standards and Open-
must clearly identify the privacy and security Source Software
considerations of the data exchange, and should
include mitigations (auditing, access control, Services and information exchanges within the
policies, etc.) to guide implementation. All enterprise should be based on Open Standards127
technology solutions should utilise AAA security wherever possible. Implementations shall make use
- Authentication, Authorization, and Accounting of Free/Libre and Open- Source Software (FLOSS)
as a security framework that controls access to where available128. Open Data for research and
computer resources, enforces policies, and audits quality improvement to authorized parties where
usage. Systems should keep a detailed audit log suitable should be shared. Applications will provide
of access, and disclosure to/from the enterprise Open APIs to authorized parties where suitable.
infrastructure. Role-based user security controls
and the ability to convey the identity of the end Solutions must support open standards and
user performing an action should be integrated platform independent protocols to provide long
into all digital health solutions to ensure privacy, term stability and interoperability whenever
confidentiality, and ethical use of the digital health possible. Designs should prioritize the creation
platform. of interoperable vendor-neutral solutions. All
components of the blueprint should leverage well
Health information should only be used with documented, non-proprietary, and Open Standards
applicable permissions and consent, and systems using platform independent protocols (such as
should use a common (centralized) authentication HTTP, XML, JSON, etc.)
architecture where possible, as opposed to a local
authentication scheme. Regional or domain specific Wherever possible, openly available data and
data hubs can be established to service groups integration standards and technologies should be
of smaller facilities with limited infrastructure. used as specified without customization. If this is
Institutions that store information on behalf not possible, adaptation of the standard (using
of another legal entity should enter into a data profiling or extension) can be done. Custom, ad
sharing agreement to establish terms and use of hoc, or single-purpose data integration interfaces
that information. should be discouraged. Reuse and improvement
of existing assets (specifications, designs, software
All technology solutions should be encrypted at source code, components, etc.) is encouraged
rest and in transit. This is especially important for maximum utilization of available resources.
where network traffic crosses organizational or Leveraging expertise and building from successes,
jurisdictional boundaries. Exceptions to encryption documenting, sharing, and making use of best
can be made on a case-by-case basis if required, for practices and reusable artifacts, components,
example servers communicating on a private local services, and processes across the entire ecosystem
network in a protected data centre. To protect the is highly encouraged.
integrity of the healthcare system, systems must
employ safeguards to defend against the broadest 6.1.3 Interoperability Focus
possible range of vulnerabilities.
The blueprint promotes the adoption and use
The minimal amount of information should be of appropriate interoperability standards (both
collected to achieve the immediate clinical or technical and business) to enable quality, consistent
business outcome – unnecessary or unused data across the enterprise and with outside trading
information should never be collected or stored. partners. This necessitates that all digital health
components and solutions focus on interoperability
as a key consideration of their design.

Interoperability standards will be defined for the 6.1.6 Line of Business Systems are
correct use case, context, or workflow and will Expert Systems
include structured data and terminology. Ensuring
consistent business processes and data between When designing the enterprise architecture and
organisational units ensures that information is domain specific applications, the line of business
captured/validated in a common way. systems (e.g., Master Patient Index, Facility Registry,
eIMS-SL, etc.) should be considered the authority in
6.1.4 Re-Use Shared Business Services their domain, as they are assumed to be designed
in consultation with the clinical and administrative
Stakeholders will collaborate to select and define, experts within their domain. The role of the
where possible, reusable, and sharable common central infostructure is primarily to orchestrate,
services to support functionality across the translate, reliably deliver, and govern exchange
enterprise and across health domains to help the between these expert systems. Where possible, the
citizens of Sri Lanka. infostructure should not attempt to re-create the
business processes of a clinical or administrative
Whenever possible, components and solutions domain. This separation of concerns greatly
within the digital health ecosystem will utilize reduces complexity of the integration environment.
existing service components rather than re-
implementing custom services to achieve the same 6.2 Functional Principles of Digital
business objectives. Digital health solutions should
Health Solutions
also seek to expose and share their data with the
DHP infrastructure. This section introduces the minimum common
functional principles of components operating
6.1.5 Leverage Virtualized and Cloud within the infrastructure that is developed within
Design Patterns the digital health solution.
All technologies within the digital health enterprise 6.2.1 Non- Repudiation of Information
should seek, whenever possible, to virtualize
all implementations using appropriate shared A patient’s national electronic health record (NEHR)
infrastructure and/or cloud-based technologies. represents a collection of discrete data events
Use of cloud-based technologies whenever possible which are contributed to the digital health platform
should promote the accessibility, scalability, cost by a variety of providers and systems. This data is
efficiency and monitoring of resource use. also used to drive health measurements and key
performance indicators (KPIs), clinical decisions and
Shared infrastructure reduces costs of migration, other business functions upon which erroneous,
improves security through centralized control, false, or modified information may have an adverse
and improves scalability through the ability to impact.
dynamically assign resources as needed. Data
sharing agreements should be developed with The principles of non-repudiation of information,
any third party managed service that houses when used ensure:
health information, and the physical location and I. Accurate and correct as reviewed by a medical
subsequent legal jurisdiction(s) of the data storage professional prior to submission
should be clearly articulated. Designs must also
II. Originates from a known, identified source
consider resiliency in the case of network outage or
and the data in the enterprise matches the
loss of internet access and offer contingency plans
data submitted from the source.
for inevitable cloud outages.

Has a known provenance/origin which identifies considered (e.g., instead of using a proprietary
the context in which the data was created? solution such as Amazon S3 storage, use
an open alternative such as WebDAV so the
6.2.1.1 Non-Repudiation of Emission solution can be migrated if needed)
● At a design level, there should be no

It is therefore important that data submitted to
assumptions made based on the presence of
the patient’s NEHR is validated prior to submission
another system or solution being available
and signed. This mechanism is known as non-
(e.g., the Provider Registry should attempt
repudiation of emission (NRE) and ensures the data
to avoid hard dependencies on the Client
has been verified and certified it to be true. The
Registry – rather it should rely on the NHDX
digital signature ensures that data is not altered
bus or message passing interface to facilitate
after verification by the submitting provider.
connections such as this)
6.2.1.2 Non-Repudiation of Origin
6.2.3 Identifier Management
It is important to understand the origin of data after
The ability to resolve the identity of entities and
it is submitted to the enterprise. Understanding the
events uniquely is a key challenge in achieving
provenance and of data (where it originated from,
interoperability between multiple systems.
the reason why it originated, etc.) is paramount to
Information systems that operate within the
validating information which may be incorrect and
confines of a specific organisation can assign
performing follow-up with the submitter.
and manage identifiers within the scope of that
It is also important that data submitted by the organisation. However, once those systems
sender is known to be submitted by the origin start communicating and sharing information
and has not been altered since submission. This across those organisational boundaries to the
is known as non-repudiation of origin (NRO) and broader enterprise, the possibility of information
ensures that the data originated from a known duplication and concerns about shared entities and
source. events quickly becomes a problem.
This issue is especially acute in the health sector,

6.2.2 Portability for Digital Health
where a history of compartmentalised (or siloed)
Services
systems, regional consolidation, and devolution
It is important, while designing any of the digital of responsibility for service delivery, and the
health services which comprise the digital health subsequent outcome of facility and information
platform, that those systems are designed in a system rationalisation.
manner which prevents architecture assumptions
Use of enterprise identifiers for entities in the health
or platform dependencies. For example, designing
infostructure is a foundational concept. The Patient
a solution to only work on Google Cloud by using
UID, Institution UID, Medication UID, and Provider
GScripts or with proprietary Microsoft Azure APIs
UIDs are managed by the Client Registry, Institution
would represent a lock-in of that system to one
Registry, Medication & Device Registry and Provider
environment which may or may not be under the
Registry respectively. Enterprise identifiers should
control of the Ministry of Health of Sri Lanka.
be meaningless but unique numbers (commonly
When designing services or health solutions, care referred to as MBUNs) never to be disclosed to
should be taken to ensure that: users, rather used for internal linkages only.
● Proprietary operating environments and Business Identifiers like National Identity Card
services are avoided, and generic alternates are (NIC), Sri Lanka Institution Number (SLIN), Personal

Health Number (PHN) is issued and captured by identities for the clients, providers, facilities,
other systems. These should be comprised of etc.
at least two parts when conveyed to the digital
● New enterprise identifiers should only be
infrastructure – a system source identifier and an
generated for new clients/patients registered
entity identifier.
in the DHP, and should not be pre-generated,
change or be retired unless by an internal
All digital health services which are participants
MPI function of the client, provider, or facility
in the DHP should strive to use proper identifier
registries after appropriate EMPI matching
management of providers, facilities, patients,
functions have been performed.
organisations, materials, etc. Often, solutions
will identify entities using an internal primary key ● One physical entity (a person, a facility, an
and they will use this primary key for referencing organisation, a material, etc.) should have one
data. Services within the DHS should use, where and only one enterprise identifier. If a physical
possible, business identifiers as the source of truth entity carries multiple identifiers (for example,
for identification of resources rather than local multiple identifiers from licensing authorities)
“primary keys” from source systems. they will be linked to the one enterprise
identifier for the object.
6.2.3.1 Enterprise Identifiers within the DHP
Specific details about the design and use of
The digital health solution should strive to use enterprise and business identifiers can be found in
common, internal enterprise identifiers which are the Interoperability Plan.
used only within the DHP and linked to external
identifiers using cross referencing functions of 6.2.4 Follow Standards and
the Client, Provider, Facility, and other registries.
Interoperability Plan
The following guidelines should be used when
designing enterprise identifiers: Digital Health solutions should follow the
Interoperability Plan for Sri Lankan digital health
● The generation of new enterprise identifiers
standards wherever possible129.
must be handled only by the enterprise registry
responsible for maintenance of the identifier Interoperability Profiles (see section 2.3.2) will
(for example: enterprise client identifiers define:
should only be generated by the enterprise
● Trigger events which define when the point of
client registry)
service applications should contact the shared
● The enterprise identifiers should be DHP infrastructure and for what purpose.
meaningless, unique identifiers (for example a
● Behaviours of the DHP services and the point
UUID) which contain no personal identification
of service applications consuming those
information in the identifier.
services
● The enterprise identifiers should not be
● Expected auditing and security requirements
used external to the DHP or by systems not
(authorization and authentication) of the point
participating in the DHP. This means that the
of service and DHP service.
enterprise identifiers should not appear in user
interfaces, point of service systems, etc. ● Expected data elements for each trigger event
and the associated minimum data set which
● Enterprise identifiers are governed by the
accompanies the trigger event.
issuing system, only the system which has
generated the enterprise identifier should Additionally, a Technical Guides (physical views)
be permitted to update primary or “golden” within the DHP blueprint will define:

● The concrete standards being used (example: 6.2.5 Encapsulation of Data Submitted
FHIR JSON R4, DICOM, etc.)
Whenever submitting data to an enterprise, the
● The concrete validation instructions expressed contents of the message may be transmitted,
in the relevant standards selected (example: wrapped, queued and retried, etc. Because of this,
XSD, FHIR IG, etc.) with the exception of queries and reads, digital
● Physical locations of services (examples: API health services should refrain from using (RESTful)
endpoints, OAUTH scopes, etc.) CRUD (Create, Read, Update, Delete) methodology
when creating or amending data on the DHP.
● Concrete security expectations (contents of
audits, OAUTH patterns, auditing messages, APIs used in the DHP should ensure that they:
etc.)
● Include message header information which
6.2.4.1 Normalisation of Data identify the trigger event, the clinical rationale
(if required), and a unique message identifier
There is a medical and legal liability introduced (to correlate responses, and retries).
by systems which transform, translate, or modify
● Include in the message human readable
clinical data submitted by point of service systems.
summaries of the data referenced in the
It is important that what a clinician has signed
clinical act including patient, provider, facility,
as being true (see section 6.2.1) should not be
medication, and terminology display names.
modified. However, it is also important that this
information be extractable and/or computable by ● Include contextual information as a snapshot
any consumer of DHP data while maintaining the of “current state of truth” at the time of
proper context. the event. For example, if submitting
discharge information from a hospital visit
It is therefore important that data in source systems the submission should include the visit,
be normalised according to the interoperability summary observations, procedures, prescribed
profiles prior to submission of this data to the DHP. medications, etc. within the submitted bundle.
This normalisation should ensure:
● Responses should include the request
● Data submitted is unambiguous (see section message identifier for which the response
6.2.5), complete and in context as the source is acknowledging to allow enterprise
system (and submitting system understands it) services to correlate requests and responses
asynchronously.
● All terminology used aligns to the correct terms
An example of this pattern in HL7 FHIR is the
specified in the interoperability plan (i.e., use of
Message exchange pattern130.
ICD10, SNOMED, LOINC, etc. as appropriate)
6.2.6 Performance Targets

● All structures used conform to the minimum
data sets specified in the trigger event Performance targets in the future should cover
definitions both curative and preventive, including both public
and private institutions. For example, there are
● A human readable representation of data is
more than 1,600 institutions in the state health
submitted alongside the structured data (i.e.,
sector alone in Sri Lanka which have the potential
what the clinician sees is what is signed and
to use the DHP infrastructure to share vital clinical
submitted)
data between organisations. To be useful in a
clinical environment the system must be available,
reliable, and responsive, as well as aligned to clinical
business processes.

6.2.6.1 Performance of DHP Services ● SSL Termination: HTTPS (HTTP over SSL) ensures
that data is encrypted when it is transmitted
DHP services will be composed and orchestrated in
between nodes. However, there are many
a variety of workflows within the DHP infrastructure.
instances within an enterprise architecture
It is therefore vital that services operating within
where the physical network is secured (via
the DHP are available 24 hours per day, 7 days
VPN, VLAN isolation, etc.) and where TLS adds
per week, with greater than 99.9% uptime and can
additional burden to transactional processing
respond to transactional queries (reads) within
between internal DHP services. SSL termination
appropriate timeframes (typically less than 2
offloads encryption overhead and should
seconds is considered appropriate).
when the DHP traffic transits a network that
This general performance metric can only be is physically secured, via lower layer network
reliably controlled within the DHP infrastructure infrastructure (such as VPN or SSH tunnels), or
itself. It is recommended that the following design transiting already encrypted channels (such as
techniques be explored and included in the design encrypted queues).
and deployment of DHP services: 6.2.6.2 Performance between DHP and Points
● Caching: The DHP should use, where possible, of Service
short-term caches which can service reads
Performance targets are subject to a variety of
without the need of orchestrating or contacting
factors including the size of the data payloads, the
persistence layers. The most difficult part
network bandwidth between the point of service
of caching is the expiration and eviction of
applications and the DHP, and the load on the DHP
objects which become “stale” from the cache,
infrastructure. To ensure timely access to national
and this becomes much more difficult in a
health record (NEHR) data from the DHP within
heterogenous environment. Cache durations
points of service, the following strategies should be
should be configured based on the type of data
employed:
and should (where possible) use appropriate
versioning and/or tagging to allow for ● Pre-fetching of Data: Many clinical events can
validation of a cache object prior to return. be pre-fetched from the DHP using a variety
of data sources including cohort/catchment
● Performance Clustering: Where possible DHP
attributes (i.e., patients in my village, patients
services should be stateless, but where that
assigned to me, etc.), intent or appointments
is not possible services should also include
(i.e., patients who are scheduled to present),
methods of sharing states between nodes to
or on trigger events (i.e., admission to hospital,
allow for clustering of services. Strategies for
etc.). Such pre-fetching should be implemented
clustering include round-robin or intelligent
where clinically safe and should be audited
load balancing between application servers,
and secured appropriately. Pre-fetching can be
and the use of synchronous replication of data
especially effective for large datasets such as
tiers.
medical imaging.
● Failover Clustering: All DHP services must
● Compression of Data: Whenever points of
be deployed in a manner which allows for
service request data from the DHP, they
failover clustering. Such clustering is required
should (where supported) request that the
for maintenance of individual DHP services
DHP compress response payloads. While this
without introducing outages in the broader
introduces a slight computational overhead on
DHP infrastructure. Additionally, in the case of
the DHP and the PoS application, it significantly
a single hardware or software failure, a backup
reduces network overhead when connection
node remains available for servicing requests.
speeds are low.

● Efficient Transfer of Large Objects: The size of ● Service desk and official communication
data payloads varies dramatically between information
clinical domains in healthcare. Special attention
should be paid when developing solution 6.2.7 Authentication
guides and technical guides for various
domains to take data sizes. For example, while Services which comprise the DHP should require
patient demographic data is quite small (on the use of authentication context sharing to
the order of a few kilobytes), files for various perform duties between their services. It is
modalities of diagnostic imaging files can expected that all services in the DHP will accept and
range from a few megabytes to hundreds of appropriately use identity assertions via a bearer
megabytes or a few gigabytes per transmission, token infrastructure (or appropriate session token
and images from high resolution digital shared with in messages of other formats such as
pathology systems are often several gigabytes the MSH-8 of HL7v2 traffic).
per file. When specifying the data transfer of
As per IETF RFC 6750131 “…any party in possession of
large objects, profiles should use established
a bearer token “(a “bearer”) can use it to get access
methods of transferring large binary objects
to the associated resources (without demonstrating
and refrain from transports requiring text
possession of a cryptographic key). To prevent
encodings.
misuse, bearer tokens need to be protected from
disclosure in storage and in transport.”
6.2.6.3 Support Agreements
The DHP should provide a centralised identity
All digital health solutions and points of service
provider which allows PoS applications integrating
connected to the DHP, and services within the DHP,
with the DHP to obtain access tokens for message
must have in place service level agreements (SLAs).
passing. This will require authentication of
Such agreements should establish:
applications (via a valid client identity and client
● Appropriate performance measures including secret) and assertion of a user identity. The identity
response time requirements to users to/from provider shall produce for the point of service
the DHP and internal services application:
● Availability requirements including downtime ● An access token which relates to the session
impacts and mitigations established for the transaction with the DHP
● Maintenance contacts and support plans including:
(maintenance windows, communication o Access grants (scopes)
pathways for downtime announcements, etc.)
o The identity of the bearer (application or
● Business Continuity Plan which identifies how user)
clinical users will continue to deliver services in o The intended audience of the token
the case of an outage
o The expiration (not after) time
● Backup and Disaster Recovery plans including
● An identity token which includes structured
measures for RTO (Recovery Time Objective),
information about the security principal
MTO (Maximum Tolerable Outage), and RPO
including:
(Recovery Point Objective)
o The issuing identity provider
● End user support plans (if applicable) and
o Issuance time and expiration time (not
administrative/operational support plans
before and not after)
● Operational Contingency Plans
o The name, e-mail, and telephone number of
the user

o The identity of the application which was token to scopes will be performed centrally in the
authenticated identity provider for the DHP (emitting permitted
scopes of access).
● A refresh token which should be used to
extend the session
The enforcement of these directives/authorisation
is to be handled by the DHP service rather than
All DHP services are expected to validate the access
centrally. This allows each service to identify
token with the identity provider from which the
and handle appropriate enforcement methods
token was issued. The access tokens and identity
including:
tokens should be digitally signed by the identity
provider so that DHP services can verify the ● Masking, redacting, or removing sensitive data
authenticity of the access token.
● Rejecting or blocking actions
The authentication of device nodes is best practice ● Elevating or flagging audits

between point of service applications and the
● Notifying relevant security personnel
NHDX. This authentication should be used to
validate that:
6.2.9 Auditing and Accountability
● The software on the device and the device itself Tracing
has:
o A proper security environment established All DHP services which provide a functionality to
the DHP, or which consume data from the DHP
o Standards interfaces have been properly
are required to keep a structured audit trail134. This
implemented and validated (passed
audit trail must be validated before integration with
conformance testing)
the DHP, and it must contain, at a minimum:
o Appropriate business processes have been
put in place at the PoS location ● The nature of the audit event (login, create,
delete, etc.)
● The device from which the request originates is
trusted within the enterprise ● The standardised trigger event which was
executed (create discharge summary, refer
● The device from which the request originates patient, etc.)
has not been revoked or failed re-validation
after expiration of access credentials. ● The full date and time that the event occurred
● The device from which the request is made is ● The actors who were involved in the
using TLS interchange including:
o Identification of the source machine (which

Typically, these layers of security are implemented initiated the interchange)
using dual-PKI (public key infrastructure) certificates
for node authentication132, and OpenID Connect for o Identification of the target machine (the
application and user authentication133. recipient of the interchange)
o Identification of the human user (if

6.2.8 Authorisation appropriate)
The authorisation of security principles to o Identification of the process name,

application functions within the services of the DHP classification, etc.
is expected to be highly specific to the use case and
● A list of all objects which were created,
service (example: a client registry will have different
modified, disclosed including:
authorisation requirements than the national EHR).
The authentication token and authorisation of that

o Identification of the object which was ● Policy Enforcement: Performed by the DHP
impacted service (such as client registry, NEHR, etc.) to
o The type of the object (user, patient, take context appropriate action. Actions could
document, etc.) include:
o The nature of the data lifecycle for the object o Masking data which is sensitive (i.e.,
(amended, disclosed, deidentified, etc.) modifying HIV ART numbers)
● The query executed (if appropriate) including: o Removal of sensitive data
o The query parameters which were used to o Disclosure of sensitive data with additional
search the service auditing
Each trigger event definition in the logical view will o Alerting of appropriate authorities
identify specific audit requirements of the producer
This framework should also be used by
and consumer including:
administrators reviewing data exports for non-
● Trigger event identifiers health delivery use cases such as research, justice
● Objects expected to be in the audit system investigations, etc.
● The roles and codes of the actors involved

6.2.11 Transaction and Message Control
Security audits shall be performed on all information
The DHP must provide reliable delivery, retry,
systems before connecting to the DHP (i.e. prior to
error handling, queueing, and acknowledgement
issuance of a device or application credential for
functions regardless of whether the transaction is
DHP access)135,136.
pass-through or orchestrated.
6.2.10 Informational Consent Directives

To support this function, all messages submitted
The DHP will store sensitive personal health to the DHP must contain in appropriate message
information (PHI) and it is important that the wrappers (HTTP headers, FHIR Provenance and
directives related to the disclosure or use of this Message Header resources, etc.) which contain:
PHI be stored in a fashion which identifies clear ● The originating organisation and facility
directives by the patient for the use of this data. The
● The application instance which generated the
consent directive service in the DHP is a repository
information (e.g., HHIMS running at Dompe
which will be used to store documentation (or
Hospital)
directives) of the patient in relation to the use of
their data in the DHP. XML Access Control Markup ● Transaction and trigger event identifiers
Language (XACML)137 architecture components
● The patient or subject(s) of care to which the
should be used as a framework for enforcement of
message applies
consent directives within the DHP. The architecture
is summarised in Figure 38: ● The author(s) (i.e., who captured the data and
prepared it)
● Policy Information: Data and security tags which
are used to identify which policies exist, their ● The data enterer where appropriate (i.e., who
definition, and to which object these policies transcribed the data into the computer)
apply. ● The performer(s) where appropriate (i.e., who
● Policy Decision: Performed by the identity performed the medical intervention)
provider to establish a list of scopes for an ● Authenticator (i.e., who signed the data as
access session using policy information tagged being accurate)
on the identity provider source.

Policy Information:
Disclosure Request - Policy definitions (identifiers)
- Association of policies to
patients
- Association of policies to data
Informs
Informs
Policy Decision: Policy Enforcement:

- Evaluate policies associated - Action the policy decision
with patient in context of access Dictates (mask, redact, remove, etc.)
token. - Log disclosure or amendment
- Determine policy grant or deny of data
Protects
Disclosure
Response
Figure 38 : Policy Information, Decision and Enforcement
● An assertion of the user who interacted with Consider, for example, a point of service (PoS)
the EMR to create and send the message contacting the DHP to post a document to the
NHDX. Such a transaction from the point of view of
Messages received by the DHP should be considered the PoS is opaque, however the DHP would rely on
transient data structures. The payloads of these the orchestration of several services to achieve the
structures are to be extracted and persisted as business goal (illustrated in Figure 39).
appropriate, however persistence of the entire
messages themselves is discouraged (beyond Because these services in the DHP are independent
functions for retry or audit). units of functionality, any number of errors may
arise:
6.2.12 Error Handling and Retry
● Data / Business Errors: Issues related to
incorrect data or incorrect business processes
The DHP uses a service-oriented architecture
including:
whereby services are orchestrated and/or
composed to solve a particular business problem. o Nonsensical data submitted (i.e., last
This architecture, while flexible, presents a challenge menstrual period observation for a Male
when handling errors as there are multiple tiers in patient)
which errors could occur.
Digital Health Platform
Client Application (PoS) Messaging Tier Business Logic Tier Data Tier
(Presentation)
Data
Data Tier
Client Application
(Example: HHMIS)
Data
Figure 39 : Service Orchestration and Composition in the DHP

o Incorrect procedure or battery codes (i.e., DHP errors may require further investigation into
incorrect specimen collected for requested the cause of the issue and may require manual
test) intervention by an administrator or data quality
o Business process codes (i.e., submitting a personnel.
lab result for an order which does not exist)
Whenever a DHP service encounters any of these
Business errors typically require user intervention types of errors, it is important that this feedback be
to correct and require the PoS to alert the user and relayed to the PoS application which invoked the
capture new data. service. The DHP service component and DHP should
relay errors to the PoS application in a structured
● Infrastructure Errors: Issues related to the
physical environment on which the service is form with as much detail as possible (rather than an
unstructured exception handling page).
running including:
o Network issues The structure of the exception will vary depending

on the standard used to initiate the interchange (for
o Server faults
example: FHIR interfaces should use the Operation
o Power grid failures Outcome138 resource). Whatever the format of the
exchange, the exception structure should contain:
o Update or Operating System configuration
issues ● A system error code which allows for a
computable method of resolution (for example:
Infrastructure errors can typically be resolved PostgreSQL error code, stop code, etc.)
automatically by retrying the operation after the
● An indication of the severity of the exception:
underlying issue has been corrected.
● Application Errors: Issues related to the o Information: The transaction was processed
application logic of the service itself including: by the component of the DHP successfully,
however there is contextual information
o Incorrect implementation of application for the end user about the transaction (for
logic example: Patient ID has been replaced with
o Incorrect understanding of messages sent to new ID)
the service o Warning: The transaction was processed
o Database consistency issues successfully, however there may have
been some modifications to the way the
Application errors typically require an update to transaction occurred. (For example: ICD9
the business logic, or service code to correct and code X has been retired, use ICD10 code Y)
can typically be corrected with a retry once the
o Error: The transaction could not be processed
application is updated.
successfully. There was a business,
● DHP Errors: Issues with the completion of the infrastructure, application or DHP error
operation because of logical errors within the which prevents the operation from
context of the entire digital health platform completing.
including:
● Underlying cause of the exception in structured
o Inability to resolve necessary information form. The exception result will have a primary
issue (example: Record could not be found)
o Security issues such as access rights or
with an underlying cause (example: Could not
permissions issues
resolve patient information) which itself may
o Missing or incomplete service problems have a further cause (example: Database is
Offline).

After relaying this information to the PoS system, should include relevant codification of the issue
the solution must decide on appropriate action and its severity on the transactional processing of
which could include: the request.
● Re-submitting the errored request later
If possible, exceptions should “bubble”139 through
automatically
the DHP service layers and should halt processing
● Display an error message to the user requiring (i.e., an exception in the Client Registry should
a correction stop processing in the business logic tier, then
via the integration tier back to the PoS). If using
● Notifying a system administrator of the issue
asynchronous processing of messages such as in
Implementations of DHP services should ensure the case of an Enterprise Service Bus140 (ESB), it
that exceptions are raised at the appropriate tier, is expected that the integration layer (the NHDX)
as close to the exceptional cause as possible, and persists information about the exception it has
received from a service.


Realising the Blueprint | 111
7.
Realising the Blueprint
The blueprint described in this document provides The goals of the blueprint are to build upon what
a framework and guidelines for digital health has already been accomplished in Sri Lanka with
system design and decision making. It describes previous investments by incorporating existing
the overall shape, structure, and methodology systems wherever possible and designing for future
of the development of the national digital health reuse. It is expected that the implementation of the
infostructure for Sri Lanka. This section is intended blueprint will not be done as a single large project,
to provide guidance on getting started on realising rather it will be developed incrementally over time
the blueprint, moving from blueprint to project as resources become available.
planning and eventually to implementations.
The blueprint presented in this document has also
This section will identify the stages of evolution been designed to be “future-proof”, in the sense
that will be encountered and identifies some of that it is flexible enough to support new priorities
the core building blocks and activities that can for health care service delivery and to be able to
be started right away. It also provides a map of reflect new digital health functional opportunities.
the dependencies between the major blueprint The approach described here will align with and
components to be realised on the way to the full enable health system transformation to guide
digital health environment and provides concrete digital health investments over the long term.
next steps forward in the prioritised action plan.

112 | Realising the Blueprint
7.1 Stages of Evolution
Digitisc Connect Share Inform Innovate Transform
Figure 40: Recommended approach to realising the blueprint
The recommended approach to realising the continuously further out to patients/clients and
blueprint is summarized as six broad stages141 of clinicians in the extended circle of care, as well
evolution in the Figure 40. as organisations such as licensing bodies and
government departments as required. While the
These generalized stages are discussed in the fundamental connectivity and security is being
following section, and a more specific prioritised rolled out, design and development of the shared
action plan follows thereafter. health services components of the digital health
platform should be underway.
7.1.1 Digitising Clinical Information
7.1.3 Sharing Clinical Information
The first stage of evolution is to begin the process
of workflow digitisation, wherever and whenever Once digital workflows and connectivity are
possible. As part of this process, patient journeys, in place, the process of sharing will begin to
clinical workflows, etc. will need to be optimized happen naturally. Both structured processes
and streamlined, as proceeding with digitising and ad hoc communications will occur using
inefficient workflows will reinforce bottlenecks that clinical applications and communications tools as
poorly impact delivery of services. Digitisation in this providers consult with each other and ultimately
context is defined as adapting a system or process with patients. Sharing will eventually evolve to using
to make use of digital devices and networks. This more advanced clinical applications as components
can mean introducing and/or expanding the use of of the digital health platform are developed. For
digital devices and systems, electronic forms, and example, once key registries and subsystems are in
data capture throughout administrative and clinical place, development of advanced applications such
processes. This is also the first step to workforce as eReferral can begin.
capacity building through digital literacy and
involves on-boarding as many users as possible
7.1.4 Informing Health Decisions
to utilise digital technologies in the clinical and
administrative environments on a daily basis. Once systems and applications are digitally
connected, and information repositories are
7.1.2 Connecting Digitised Solutions created and can share information, users will
be able to interact with new levels of structured
The next (or if possible, in parallel) stage of digital information, allowing them to incorporate
evolution is to begin to connect people, institutions, information and evidence that supports informed
facilities, and systems across the health enterprise. clinical decision making. For example, an advanced
Secure, reliable connectivity and centralised national vaccination forecasting application can
authentication, authorisation and communications make use of immunization data collected by other
systems are a fundamental requirement to move applications such as EMRs. Through the use of
towards a more advanced digital ecosystem. standardized data structures and terminologies,
Connectivity and security should begin with care applications can share and make use of clinical
providers and administrators, then be extended information collected from other sources.

7.1.5 Clinical Innovation priority patient journeys. The DHP is designed

to be developed and deployed as resources
A fully realised platform with connectivity, become available, growing organically as more
structured interoperable data and clinical infrastructure and components are built and as
intelligence forms the platform to begin to innovate more external applications are connected. As
and support patients or consumers to improve implementations mature, specifications will evolve,
their own health using advanced, specialised functionality will grow, and the health system of Sri
applications and tools, while also enabling clinicians Lanka will begin to transform.
to provide better care.
7.2 Patient Journey Stories
For example, one innovation currently under
development by WHO are Computable Care
The blueprint will be realized in the context of
Guidelines (CCG) which helps close the chasm
user stories which following the life of a fictional
between what we know are the evidence-based
Sri Lankan family as they interact with the health
best practices and what is done for individual
system across Sri Lanka. These stories represent
patients. CCGs provide a standards-based way
typical user journeys that a Sri Lankan family might
to describe and to share the minimum data set
take as they interact with the different programmes,
that should be collected during an encounter, the
and health facilities during their lifetime. The family
workflow that is to be triggered based on collected
consists of 5 members, who interact with a potential
content as well as the reportable health system
future state DHP deployed in Sri Lanka (Figure 41).
management indicators that may be automatically
generated from the encounter. These stories are used as the basis for realizing
the blueprint in a phased manner, and comprise of
Importantly, CCGs provide us with a mechanism
clinical events related to:
to track and monitor care delivery activities. The
innovative digital health solutions created on the • Non-communicable diseases such as diabetes
platform provide person-centric context based and cancer illustrating the care of a patient
on the CCG’s data set, and these support care as they visit a variety of health centres for a
continuity and quality assurance and support a variety of treatments over time.
future culture of patient-centred care. • Communicable diseases such as TB, Dengue,
COVID which result in a series of treatments
As stated by Robert Kish142, “an engaged patient is
and diagnostic procedures requiring cross
the blockbuster drug of the century”.
agency participation with preventative and
curative sectors.
7.1.6 Digital Transformation
• Pregnancy, birth and childcare which result in
Finally, a fully realised platform will provide the new registrations of persons in Sri Lanka linked
information and analytics to enable data-driven to one another and cases with children who
decision making and give administrators the ability lack National Identity Cards (NIC).
to truly transform the health system. It should
be noted that the development of a national The stories illustrate the cross-system use of the
digital health platform is not a single top-down DHP, while allowing blueprint implementation to
construction project, rather it is an iterative and be expressed in terms of patient use and clinical
incremental activity that evolves to support high outcomes.

Diabetes
Piyasena
Lung Cancer
Somawathi
Communicable Disease
Saman
Pregnancy
Kamala Birth
Immunization & Child Wellness
Sanduni
2026
2025 2027
Figure 41: Patient journey stories
7.3 Blueprint Implementation The roadmap will be developed by selecting a

Roadmap series of patient journeys which are of key strategic
importance to the MOH. These journeys are used
The blueprint is a conceptual architecture document to derive a minimum set of components which can
which provides a high-level conceptual view of the be implemented related to the blueprint over time.
future state of the proposed digital health platform. From the roadmap, workpages will be developed
Although this section provides some actions that which may occur in parallel to increase the
should be taken towards realisation, the blueprint velocity of realisation of the blueprint components
is not intended to be a detailed project plan or Regardless of the specific user journeys selected for
roadmap. implementation, common blueprint components
have been identified for initial implementation:
Additional considerations from the other design
artefacts for the digital health transformation will • Establishment of a common PMO, finalisation
be described in a separate roadmap document of documents and plans.
including: • Digitisation of points of service applications so
they may contribute and consume data to/from
• Considerations for interoperability profile
the DHP.
development and component specifications.
• Key infrastructure including underlying
• Considerations for procurement of physical
infrastructure (compute and network
hardware and software.
resources).
• Considerations for onboarding experts and • Implementation of security services identified
human resources. in the blueprint (certificate services, audit, time
keeping, etc.).
The roadmap will set out objectives and timelines
including dependencies, milestones, deliverables, • Integration services contained within the NHDX
and responsible persons for the implementation (messaging, API management, etc.).
and realisation of the blueprint and its component • Registries which facilitate the consistent
pieces. The high level activities for the realisation and authoritative identification of resources
of the digital health blueprint is illustrated in used within the digital health platform (client
Figure 42. registry, provider registry, institution registry,
terminology services).
Immediate Short-term Medium-term
• PMO • Build and integrate NHDX based • Expanded training and capacity
on dependency map building
• Networks & secure connectivity
• Build minimum viable product of
• Workstations • Data quality and validation
NHDX based on priority Patient
• Expansion of Hospital Information Journeys • Expanded analytics and reporting
System
• Assess and plan integration of
• NHDX Cloud procurement • Performance management
legacy point of service systems
• NHDX Interop Layer Design • Expand hospital information • Surveys / feedback
• Develop Registries, vocabulary system functionality (integrate
lab analysers into lab information • Disaster recovery
service, etc.
system, etc.)
• Governance • Integration with strategic systems
• Incorporate coding systems
• Communications plan
into legacy health management • Continue to expand NHDX based

• Public and private stakeholder systems on newly defined Patient journeys
engagement and use cases
• Design advanced NHDX
• Helpdesk functionality (eReferral, Patient
Portal, etc.)
• Training centres
• Implement Help Desk, operational
supports
• Training and capacity building
• Design reporting and analytics
|
Figure 42 : High Level Roadmap

115
The remainder of services in the blueprint can then Included below is a summary of project activities
be additively implemented within the blueprint which have been identified as strategic by the MOH:
over time as patient journeys are documented and
• Digitise
prioritised for implementation.
a. Personnel Recruitment Activities
The blueprint realisation roadmap document i. Hiring of developers, architects,
further describes the phases of realisation and managers, etc. to scale-up necessary
implementation. talent (recruitment) via ICTA.
ii. Establishment of a Programme
7.3.1 Existing Project Alignment Management Office.
At the time of this writing, the Ministry of Health b. Improvements to the Hospital Health
Sri Lanka is currently undertaking several major Information Management System (HHIMS)
projects for the enhancement of digital health i. Procurement of workstation hardware
systems, workforce enhancement and aggregate for registration clerks, clinicians, nurses’
and reporting systems. These projects include stations, radiology workstations and
an upgrade of the Hospital Health Information related networking equipment.
Management System (HHIMS), a wide scale ii. Procurement of localised server
deployment of OpenMRS, and the implementation infrastructure required for hospital
of an upcoming drug management information hosting of data and functions.
system called “SWASTHA”.
iii. Integration between the lab module (LIS)
and existing analyser equipment.
These projects will begin alignment to the blueprint
via adoption of common blueprint principles. iv. Establishing business continuity and
disaster recovery plans for updated
The largest portion of current project activities HHIMS.
involve digitisation of health records within the
c. Harmonisation of Digital Records
HHIMS, expanding infrastructure and connectivity,
and sharing of information a subset of use cases i. Establishing common terminology for
between points of service. The focus on these use within digital health solutions using
activities primarily resides within an upgrading standardised code sets (such as ICPC-2
and implementation of HHIMS which is a point of and ICD-10 coding systems).
service solution within the DHP. This work is being
ii. Enhancing governance of hospital and
aligned with blueprint functional principles and
digital health solutions via Standard
services and provides an impactful starting point to
Operating Procedures (SOPS) and
realising the blueprint for broader use cases.
procurement plans for hospitals.
Other activities being undertaken focus on d. Strengthen Digital Health literacy

the establishment of registries, harmonising
i. Design training modules for trainer of
terminology, and the profiling and definition of APIs
trainer scenarios related to the hospital
into the digital health blueprint. These activities
information management upgrade
are an opportunity for implementing the required
including ICD10 and ICPC2 coding.
dependent blueprint assets within the scope of
a concrete problem being solved. For example, a ii. Train HIU staff on integration between
desire to implement e-Referrals between HIMS, existing modules for health intervention
HHIMS and the cloud based HIMS would require (such as DHIS2) and the central
the implementation of blueprint services (see infrastructure.
section 7.4.1).

iii. Train frontline hospital health staff f. Establish a public reporting pathway
on basic ICT literacy and hospital whereby select statistics can be published
information systems processes/ on the Ministry of Health Website (starting
workflows. with primary care morbidity data).
e. Measuring the Impact of Digital Medical This list is not an exhaustive plan for blueprint
Records realisation. Such realisation may take more than a
i. Create a data validation methodology decade to fully complete. The blueprint will serve as
to ensure digital health solutions are a guidepost for future activities, funding requests
and investment in digital health interventions
being appropriately used.
within Sri Lanka (see section 2.5.7).
ii. Measure the satisfaction of primary
and secondary care digital health 7.3.2 Interoperability Plan
systems (clinicians and administrators)
to develop and validate SOPs and As detailed in the blueprint (section 2.3.2), each
guidelines. service will require the further definition of
transactions, trigger events, and domain specific
• Connect interoperability profiles for implementation. The
a. Establish connectivity for clinics and order in which these solution and technical views
hospitals with each other and with central will be developed will be detailed in the companion
infrastructure using 4G / 5G. Interoperability Plan document.
b. Establish a National Help Desk and related This process will require inputs from multiple
functions (starting with HHIMS use cases stakeholders across various groups in the the
and SOPs). MOH, ICTA, private vendors, and operators. The
Interoperability Plan is a separate document which
• Share
accompanies the blueprint and describes:
a. Establish common registries required for
• The governance of standards and
the operation of health information systems
interoperability adoption in Sri Lanka.
in Sri Lanka (focus on Hospital Health
Information Management System - HHIMS). • The processes used to adapt and measure
conformance to standards.
b. Establish integration strategy for SLUID.
• Cross-standards guidance to be considered
c. Establish / Pilot an e-referral solution when implementing and using interoperability
leveraging the blueprint infrastructure profiles.
(example: between OPD and hospital
• An initial series of interoperability profiles
systems).
which need to be adapted for Sri Lanka.
d. Establish / Define standards-based APIs and
integration profiles in line with the blueprint 7.4 Blueprint Dependency Map
between private sector and public sector
institutions to the national level. Regardless of the maturity of the end-state
functionality, key infrastructure components
e. Develop / Pilot the integration of
must be in place for any digital health platform
information from disease program
to function. This is like requiring power and water
information systems with HHIMS using the
plants built before housing and apartments in a
NHDX and/or NEHR functionality.
city.

The realisation of the blueprint into the full DHP Divisional Hospital, receives an amputation at
may take a decade or more to complete, and rarely NHSL, and receives post-surgical care at Gampaha
does such a complex task occur in one single, district general hospital surgical and medical clinic.
large project. Rather, the implementation of the
blueprint will evolve through independent projects, The dependency map included in the blueprint can
each leveraging or requiring portions of the digital then be used to establish which components of the
health platform to solve concrete digital health blueprint need to be implemented first to support
problems. this use case as illustrated in Figure 44.
Figure 43 provides an overall dependency mapping 7.5 System Implementation

of the entire blueprint systems architecture.
The diagram illustrates how each service to be When implementing specific components or
implemented in the blueprint depends on other systems, there are essentially four approaches
services and is intended to provide an informative for obtaining software to satisfy the system
guide to understand the order of operations of requirements collected during the design phases
implementation. The diagram is simplified for described above.
illustrative purposes and does not show direct
dependencies. The preferred approach is to adopt common off the
shelf (COTS) software (open source, or commercial)
For example, a project which requires the use of the and applying configurations and extensions to
Master Patient Index would require implementation perform the desired function. If adoption of
of the NHDX, an Identity Provider, Timekeeper, and software is not possible, the adaptation of existing
an Audit Repository. The dependency between open source solutions in a frugal manner should
Master Patient Index and Identity Provider is not be attempted before commencing a “from scratch”
explicitly illustrated because the dependency of the custom software. This approach is often labelled
NHDX by the MPI indicates this. adopt, adapt, develop.
While the diagram establishes an overall

7.6 Operating Environments
dependency tree, the reader should be mindful that
an indication of a dependency may not represent
In a complex enterprise such as a national
an entire implementation of the dependent service,
digital health system, several system operating
rather only a subset of functionality for that service
environments are normally established. The
may be required. Like the DHP itself, each service
blueprint proposes that four working environments
may have its independent lifecycle and evolution.
be established for the DHP and its components:
For example, the establishment of an identity • Development: Established primarily for the
provider (IdP) may require certificate services, purpose of developing new functions.
however only the functionality of certificate services • Testing: Established for the purpose of testing
as defined in section 4.2.7.2 sufficient to support components, performing quality assurance and
the IdP are required. conformance and compliance validation with
synthetic data.
7.4.1 Dependency Map for Diabetes • Staging: A configuration which mimics the
Patient Journey production environment and is populated
with anonymized copies of data for the
The initial implementation of the DHP will involve a purposes of training, issue resolution, and
patient journey using Piyasena through his diabetes final pre-production validation. The staging
care. During this encounter, he receives care at environment’s configuration should closely
Pugoda Primary Care Unit, is referred to Dompe match that of the production environment.

Helpdesk / PM
eIMS NASCP HHIMS Private EMR
Services
ePIMS TB Private HIS eIMMR

Enterprise
Digitize E-Learning
Knowledge Bases
Terminology Document
Services Management
HR Management SMS Gateways E-Mail Services SIEM
Audit Repository
Connect APM
ETL Time Keeping Identity Provider Certificate Services
Equipment
DHIW / HMIS NHDX
Registry
Business Process Medication / Drug

Execution Registry
KPI Definition
Repository Master Patient
Facility Registry Provider Registry
Index
Share
Legend
Record Locator/ Financial / Inventory &
NEHR Repository
Index Insurance Logistics Data Blueprint

Component
Disease / Domain Document Software

Repositories Repositories
Imaging
Project
Repositories
Consent
Management
Hardware
Inform
Depends
Secondary Use Care Guidelines Clinical Decision A B
Cases Repository Support
Optional
A B
Innovate Transform
|
119
Figure 43 : Blueprint Component Dependencies

• Production: Containing the actual personal • Reference Implementations: A software package

health information and components operating or system that implements the detailed
in a “live” environment and is substantially specifications for new standards, components,
larger than the other environments and which serve as a reference for implementers
implement much more stringent security, to understand how software solutions in the
monitoring, redundancy, and scaling broader DHP will interact.
configurations. • Sandbox Environment: An open environment
with less stringent access requirements that
7.6.1 Strategic Environments mimics the actual production environment in
its features with fake, but exemplary data. The
Beyond the various environments used for the sandbox is used to showcase the functionality
ICT operations lifecycle, many jurisdictions have of the DHP to the broader public and allow
created additional environments for strategic software developers and users to explore and
purposes. Two such examples are: innovate on the technologies implemented.

Helpdesk / PM
eIMS NASCP HHIMS Cloud HHMIS
Services
Enterprise
ePIMS TB Private HIS eIMMR Knowledge Bases
E-Learning
Terminology Document
Services Management
HR Management SMS Gateways E-Mail Services SIEM
Audit Repository
APM
ETL Time Keeping Identity Provider Certificate Services
Equipment
DHIW / HMIS NHDX
Registry
Business Process Medication / Drug

Execution Registry
KPI Definition
Repository Master Patient
Facility Registry Provider Registry
Index

Record Locator/ Financial / Inventory &
NEHR Repository
Index Insurance Logistics Data
Disease / Domain Document

Repositories Repositories
Imaging
Repositories
Consent
Management
Secondary Use Care Guidelines Clinical Decision

|
Cases Repository Support

121
Figure 44 : Diabetes Project Dependency Map

122 | References
References
1. Sri Lanka Healthcare Spending 2000-2023 [Internet]. Available from: https://www.macrotrends.net/

countries/LKA/sri-lanka/healthcare-spending
2. Sri Lanka Health System Review. Available from: https://apps.who.int/iris/bitstream/hand

le/10665/342323/9789290228530-eng.pdf
3. Annual Health Bulletin 2017.pdf [Internet]. Available from: http://www.health.gov.lk/moh_final/english/

public/elfinder/files/publications/AHB/2020/AHB_2017.pdf
4. Link the digital health implementation to the enterprise architecture. In: Digital implementation
investment guide (DIIG) Available from: https://apps.who.int/iris/bitstream/hand
le/10665/334306/9789240010567-eng.pdf
5. THE NATIONAL POLICY ON HEALTH INFORMATION OF SRI LANKA [Internet]. Available from: http://
documents.gov.lk/files/egz/2017/6/2023-44_E.pdf
6. Link the digital health implementation to the enterprise architecture. In: Digital implementation
investment guide (DIIG) [Internet]. [cited 2023 Aug 17]. Available from: https://apps.who.int/iris/
bitstream/handle/10665/334306/9789240010567-eng.pdf (COULD NOT FIND THE EXACT SOURCE)
7. THE 17 GOALS | Sustainable Development [Internet]. [cited 2023 Aug 17]. Available from: https://sdgs.
un.org/goals
8. THE NATIONAL POLICY ON HEALTH INFORMATION OF SRI LANKA [Internet]. Available from: http://
documents.gov.lk/files/egz/2017/6/2023-44_E.pdf
9. The Common Approach to Federal Enterprise Architecture, May 2, 2012. Available from: https://
obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/common_approach_to_
federal_ea.pdf
10. TOGAF | opengroup.org. Available from: https://www.opengroup.org/togaf
11. Canada Health Infoway CE. EHRS-Blueprint. Version 2. Available from: https://www.infoway-inforoute.ca/
en/component/edocman/resources/technical-documents/391-ehrs-blueprint-v2-full
12. OpenHIE . OpenHIE Architecture Specification. Available from: https://ohie.org/architecture-specification/
13. National Digital Health Blueprint Report for Public Comments | Ministry of Health and Family Welfare
| GOI [Internet]. Available from: https://main.mohfw.gov.in/newshighlights/national-digital-health-
blueprint-report-public-comments
14. IHE International [Internet]. Profiles. Available from: https://www.ihe.net/resources/profiles/
15. Organization WH, Union IT. Digital health platform handbook: building a digital information
infrastructure (infostructure) for health. World Health Organization; 2020.
16. Kelley E, Zandi D, Krishnamurthy R, Mehl G, Novillo D, Muneene D, et al. Digital Health Platform
Handbook: Building a Digital Information Infrastructure (Infostructure) for Health. :VII.
17. Evaluation of Electronic Health Information Systems (HIS) [5] https://arch-lk.health/dmsf/files/3/view
18. 2023-44_E.pdf [Internet]. [cited 2023 Aug 17]. Available from: http://documents.gov.lk/files/
egz/2017/6/2023-44_E.pdf
19. 9789290228530-eng.pdf [Internet]. [cited 2023 Aug 17]. Available from: https://apps.who.int/iris/
bitstream/handle/10665/342323/9789290228530-eng.pdf?sequence=1&isAllowed=yl
20. NDHGS v2.pdf [Internet]. [cited 2023 Aug 17]. Available from: http://www.health.gov.lk/moh_final/
english/public/elfinder/files/publications/list_publi/NDHGS%20v2.pdf

References | 123
21. Xu, Shen, Toby Rogers, Elliot Fairweather, Anthony Glenn, James Curran, and Vasa Curcin. “Application
of Data Provenance in Healthcare Analytics Software: Information Visualisation of User Activities.” AMIA
Summits on Translational Science Proceedings 2018 (May 18, 2018): 263–72.
22. National eHealth Guidelines and Standards [ NeGS ] [Internet]. Available from: http://www.health.gov.lk/
moh_final/english/public/elfinder/files/publications/list_publi/NDHGS%20v2.pdf
23. Personal Data Protection Act, No. 9 of 2022 [Internet] . https://www.parliament.lk/uploads/acts/gbills/

english/6242.pdf
24. “GDPR Data Controllers and Data Processors,” July 29, 2020. https://www.gdpreu.org/the-regulation/key-
concepts/data-controllers-and-processors/
25. Erl T. SOA Principles of Service Design [Internet]. [cited 2023 Aug 17] Available from: https://www.
arcitura.com/wp-content/uploads/2017/09/Erl_SOABook3_Ch03-2.pdf
26. Interoperability in Healthcare | HIMSS [Internet]. [cited 2023 Aug 17]. Available from:
https://www.himss.org/resources/interoperability-healthcare?gclid=CjwKCAjw5_
GmBhBIEiwA5QSMxKvLOlaYEArk77l8UEfRh02gTCDHVomwTAW_0cRQR3kGu6OC9wS95RoCJPUQAvD_
BwE
27. About LIFe [Internet]. [cited 2023 Aug 17]. Available from: https://life.gov.lk/index.php?option=com_
content&view=article&id=19&Itemid=142&lang=en
28. El-Rewini H, Abd-El-Barr M. Advanced Computer Architecture and Parallel Processing. John Wiley & Sons;
2005. 66 p.
29. II CAE. Concise Encyclopedia of System Safety: Definition of Terms and Concepts. John Wiley & Sons;
2011. 494 p.
30. Index - FHIR v4.3.0 [Internet]. [cited 2023 Aug 17]. Available from: https://www.hl7.org/fhir/R4B/
31. Linhalis R. Mllp transport specification.PDF. [cited 2023 Aug 17]; Available from: https://www.academia.
edu/31534279/Mllp_transport_specification_PDF
32. Cross-Enterprise Document Sharing - IHE Wiki [Internet]. [cited 2023 Aug 17]. Available from: https://wiki.
ihe.net/index.php/Cross-Enterprise_Document_Sharing
33. DICOM [Internet]. [cited 2023 Aug 17]. DICOMweb. Available from: https://www.dicomstandard.org/
using/dicomweb
34. DICOM [Internet]. [cited 2023 Aug 17]. Retrieve (WADO-RS). Available from: https://www.dicomstandard.
org/using/dicomweb/retrieve-wado-rs-and-wado-uri
35. DICOM [Internet]. [cited 2023 Aug 17]. Search (QIDO-RS). Available from: https://www.dicomstandard.
org/using/dicomweb/query-qido-rs
36. GS1 XML standards 3.5.1 - GS1 XML | GS1 [Internet]. [cited 2023 Aug 17]. Available from: https://www.
gs1.org/standards/gs1-xml/3-5-0
37. Final: OpenID Connect Core 1.0 incorporating errata set 1 [Internet]. [cited 2023 Aug 17]. Available from:
https://openid.net/specs/openid-connect-core-1_0.html
38. Hardt D. The OAuth 2.0 Authorization Framework [Internet]. Internet Engineering Task Force; 2012 Oct
[cited 2023 Aug 17]. Report No.: RFC 6749. Available from: https://datatracker.ietf.org/doc/rfc6749
39. Resource-operation-validate - FHIR v4.3.0 [Internet]. [cited 2023 Aug 18]. Available from: https://hl7.org/
fhir/r4b/resource-operation-validate.html
40. CapabilityStatement - FHIR v4.3.0 [Internet]. [cited 2023 Aug 18]. Available from: https://hl7.org/fhir/r4b/
capabilitystatement.html

124 | References
41. ImplementationGuide - FHIR v4.3.0 [Internet]. [cited 2023 Aug 18]. Available from: https://hl7.org/fhir/
r4b/implementationguide.html
42. StructureDefinition - FHIR v4.3.0 [Internet]. [cited 2023 Aug 18]. Available from: https://hl7.org/fhir/r4b/
structuredefinition.html
43. Final: OpenID Connect Discovery 1.0 incorporating errata set 1 [Internet]. [cited 2023 Aug 18]. Available
from: https://openid.net/specs/openid-connect-discovery-1_0.html
44. OpenAPI Specification v3.1.0 | Introduction, Definitions, & More [Internet]. [cited 2023 Aug 18]. Available
from: https://spec.openapis.org/oas/latest.html
45. Subscription - FHIR v4.3.0 [Internet]. [cited 2023 Aug 18]. Available from: https://hl7.org/fhir/r4b/
subscription.html
46. National Digital Health Guidelines and Standards [2] Section 7.6 Available from :
http://www.health.gov.lk/moh_final/sinhala/public/elfinder/files/publications/list_publi/NeGS_v_1.pdf
47. GPS [Internet]. SNOMED International. Available from: https://www.snomed.org/gps
48. WHO. ICD-10 Version:2010 [Internet]. Who.int. 2010. Available from: https://icd.who.int/browse10/2010/
en
49. World Health Organisation. ICD-11 [Internet]. International Classification of Diseases 11th Revision. 2019.
Available from: https://icd.who.int/en
50. Download LOINC [Internet]. LOINC. Available from: https://loinc.org/downloads/
51. IHE ITI TF Vol1 [Internet]. profiles.ihe.net. Available from: https://profiles.ihe.net/ITI/TF/Volume1/ch-10.

html
52. IHE.ITI.PMIR\1:49 Patient Master Identity Registry (PMIR) Profile - FHIR v4.0.1 [Internet]. build.fhir.org.
Available from: https://build.fhir.org/ig/IHE/ITI.PMIR/index.html
53. Client Registry (CR) - OpenHIE Architecture Specification [Internet]. Ohie.org. 2023. Available from:
https://guides.ohie.org/arch-spec/openhie-component-specifications-1/client-registry
54. National Digital Health Guidelines and Standards [2] Section 7.2 Available from : http://www.health.gov.
lk/moh_final/sinhala/public/elfinder/files/publications/list_publi/NeGS_v_1.pdf
55. IHE ITI Technical Committee, IHE Healthcare Provider Directory (HPD) Supplement, August 28, 2020
Available from : https://www.ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_Suppl_HPD.pdf
56. OpenHIE Health Worker Registry (HWR) - OpenHIE Architecture Specification [Internet]. Ohie.org. 2023.
Available from: https://guides.ohie.org/arch-spec/openhie-component-specifications-1/openhie-health-
worker-registry-hwr
58. Sri Lanka Digital Health Roadmap [Internet]. arch-lk.health. [cited 2023 Aug 17].Available from: https://
arch-lk.health/dmsf/files/3/view
59. OpenHIE Facility Registry Implementation Guide [Internet]. Google Docs. [cited 2023 Aug 17]. Available
from: https://docs.google.com/document/d/1KaUPHQRiZ9hQ59Irp56oKayvVZbkWngTYkl2AZdafhw/
edit#heading=h.k2u17t4s364s
61. Anatomical Therapeutic Chemical (ATC) Classification [Internet]. www.who.int. Available from: https://
www.who.int/tools/atc-ddd-toolkit/atc-classification

References | 125
62. Drug or medicament [Internet]. snomedbrowser.com. [cited 2023 Aug 17]. Available from: https://
snomedbrowser.com/Codes/Details/410942007
63. IIS | Code Sets | CVX | Vaccines | CDC [Internet]. www.cdc.gov. 2018. Available from: https://www2.cdc.
gov/vaccines/iis/iisstandards/vaccines.asp?rpt=cvx
64. National Library of Medicine. RxNorm [Internet]. www.nlm.nih.gov. 2020. Available from: https://www.
nlm.nih.gov/research/umls/rxnorm/index.html
65. Medication - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/
medication.html
66. Product Recall | GS1 [Internet]. www.gs1.org. [cited 2023 Aug 17]. Available from: https://www.gs1.org/
standards/edi-xml-recall/xml-product-recall/3-3
67. Item Data Notification | GS1 [Internet]. www.gs1.org. [cited 2023 Aug 17]. Available from: https://www.
gs1.org/standards/edi-xml/xml-item-data-notification/3-3
68. Device - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/device.html
69. National Digital Health Guidelines and Standards guide [2] section 7.7 Available from :http://www.health.
gov.lk/moh_final/sinhala/public/elfinder/files/publications/list_publi/NeGS_v_1.pdf
70. Cross-enterprise Document Sharing for Imaging - IHE Wiki [Internet]. [cited 2023 Aug 17]. Available from:
https://wiki.ihe.net/index.php/Cross-enterprise_Document_Sharing_for_Imaging
71. Web-based Image Access - IHE Wiki [Internet]. [cited 2023 Aug 17]. Available from: https://wiki.ihe.net/
index.php/Web-based_Image_Access
72. IHE ITI TF Vol1 [Internet]. [cited 2023 Aug 17]. Available from: https://profiles.ihe.net/ITI/TF/Volume1/ch-
10.html
73. HL7 CDA | Rhapsody [Internet]. [cited 2023 Aug 17]. Available from: https://rhapsody.health/resources/
hl7-cda/
74. Documents - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/documents.
html
75. IHE.ITI.MHD\MHD Home - FHIR v4.0.1 [Internet]. [cited 2023 Aug 17]. Available from: https://profiles.ihe.
net/ITI/MHD/index.html\
76. IHE.ITI.MHDS\1:50. MHDS Volume 1 - FHIR v4.0.1 [Internet]. [cited 2023 Aug 17]. Available from: https://
profiles.ihe.net/ITI/MHDS/volume-1.html#1501-mhds-actors-transactions-and-content-modules
77. GS1 set of XML standards | GS1 [Internet]. [cited 2023 Aug 17]. Available from: https://www.gs1.org/edi-
xml/technical-user-guide/gs1-set-xml-standards
78. Computable Care Guidelines - IHE Wiki [Internet]. [cited 2023 Aug 17]. Available from: https://wiki.ihe.
net/index.php/Computable_Care_Guidelines
79. SMART Guidelines [Internet]. [cited 2023 Aug 17]. Available from: https://www.who.int/teams/digital-
health-and-innovation/smart-guidelines/
80. Library - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/library.html
81. CDS Hooks [Internet]. [cited 2023 Aug 17]. Available from: https://cds-hooks.org/
82. MeasureReport - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/
measurereport.html
83. QuestionnaireResponse - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/
questionnaireresponse.html

126 | References
84. Data vault modeling - Wikipedia [Internet]. [cited 2023 Aug 17]. Available from: https://en.wikipedia.org/
wiki/Data_vault_modeling
85. Extract, transform, load - Wikipedia [Internet]. [cited 2023 Aug 17]. Available from: https://en.wikipedia.
org/wiki/Extract,_transform,_load
86. Clinical Quality Language (CQL) [Internet]. [cited 2023 Aug 17]. Available from: https://cql.hl7.org/
87. ANSI/ISO/IEC International Standard (IS) Database Language SQL-Part 2: Foundation (SQL/Foundation)
«Part 2». 1999;
88. Measure - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/measure.html
89. Questionnaire - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/
questionnaire.html
90. ISO 25237:2017 - Health informatics — Pseudonymization [Internet]. [cited 2023 Aug 17]. Available from:
https://www.iso.org/standard/63553.html
91. Network Time Protocol (Version 3) Specification, Implementation and Analysis [Internet]. Internet
Engineering Task Force; 1992 Mar. Report No.: RFC 1305. Available from: https://datatracker.ietf.org/doc/
rfc1305
92. IHE ITI TF Vol1 [Internet]. Available from: https://profiles.ihe.net/ITI/TF/Volume1/ch-7.html
93. Jonsson J, Kaliski B. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1 [Internet]. Internet Engineering Task Force; 2003 Feb. Report No.: RFC 3447. Available from:
https://datatracker.ietf.org/doc/rfc3447
94. Jones MB. JSON Web Key (JWK) [Internet]. Internet Engineering Task Force; 2015 May. Report No.: RFC
7517. Available from: https://datatracker.ietf.org/doc/rfc7517
95. Auth0. Auth0 Docs. JSON Web Key Sets. Available from: https://auth0.com/docs/
96. IHE ITI TF Vol2 [Internet]. Available from: https://profiles.ihe.net/ITI/TF/Volume2/ITI-19.html#:~:text=The

Authenticate node transaction involves the exchange of,a baseline to ensure that interoperability is
possible.
97. SMART Health Cards Framework [Internet]. Available from: https://spec.smarthealth.cards/
98. National Digital Health Guidelines and Standards (NDHGS) 2.0 [Internet]. Available from: http://www.
health.gov.lk/moh_final/english/public/elfinder/files/publications/list_publi/NDHGS%20v2.pdf
99. IHE ITI TF Vol1 [Internet]. Available from: https://profiles.ihe.net/ITI/TF/Volume1/ch-9.htm
100. Marshall G. Security Audit and Access Accountability Message XML Data Definitions for Healthcare
Applications [Internet]. Internet Engineering Task Force; 2004 Oct. Report No.: RFC 3881. Available from:
https://datatracker.ietf.org/doc/rfc3881
101. A.5 Audit Trail Message Format Profile [Internet]. Available from: https://dicom.nema.org/dicom/2013/
output/chtml/part15/sect_A.5.html
102. AuditEvent - FHIR v5.0.0 [Internet]. Available from: http://hl7.org/fhir/auditevent.html
103. IHE ITI Technical Committee. IHE IT Infrastructure Technical Framework Supplement – Add RESTful Query
to ATNA [Internet]. Available from: https://www.ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_Suppl_
RESTful-ATNA.pdf
104. Explore all Specifications - OpenID Foundation [Internet]. 2023. Available from: https://openid.net/
developers/specs/

References | 127
105. Map of OAuth 2.0 Specs [Internet]. OAuth 2.0 Simplified. 2017. Available from: https://www.oauth.com/
oauth2-servers/map-oauth-2-0-specs/
106. HL7.FHIR.UV.SMART-APP-LAUNCH\Overview - FHIR v4.0.1 [Internet]. Available from: http://hl7.org/fhir/

smart-app-launch/index.html
107. IUA [Internet]. Available from: https://profiles.ihe.net/ITI/IUA/index.html
108. IUA [Internet]. profiles.ihe.net. [cited 2023 Aug 17].

Available from: https://profiles.ihe.net/ITI/IUA/index.html
Applications [Internet]. IETF. 2004 [cited 2023 Aug 17]. Available from: https://datatracker.ietf.org/doc/
rfc3881/
110. A.5 Audit Trail Message Format Profile [Internet]. dicom.nema.org. [cited 2023 Aug 17]. Available from:
https://dicom.nema.org/dicom/2013/output/chtml/part15/sect_A.5.html
111. AuditEvent - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].
Available from: http://hl7.org/fhir/auditevent.html
112. Measure - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].
Available from: http://hl7.org/fhir/measure.html
113. Aggregate Data Exchange - IHE Wiki [Internet]. wiki.ihe.net. [cited 2023 Aug 17]. Available from: https://
wiki.ihe.net/index.php/Aggregate_Data_Exchange
114. MeasureReport - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].
Available from: http://hl7.org/fhir/measurereport.html
115. Questionnaire - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].
Available from: http://hl7.org/fhir/questionnaire.html
116. QuestionnaireResponse - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17]. Available from: http://hl7.
org/fhir/questionnaireresponse.html
117. Subscription - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].Available from: http://hl7.org/fhir/
subscription.html
118. http ://hl7.org/fhir. Valueset-security-labels - FHIR v5.0.0 [Internet]. hl7.org. [cited 2023 Aug 17].
Available from: http://hl7.org/fhir/valueset-security-labels.html R ‌ esource - FHIR v5.0.0 [Internet]. hl7.org.
[cited 2023 Aug 17].
Available from: http://hl7.org/fhir/resource.html#Meta
119. 7 Registry of DICOM File Meta Elements [Internet]. dicom.nema.org. [cited 2023 Aug 17]. Available from:
https://dicom.nema.org/dicom/2013/output/chtml/part06/chapter_7.html
Applications [Internet]. IETF. 2004 [cited 2023 Aug 17].Available from: https://datatracker.ietf.org/doc/
html/rfc3881
121. Healthcare De-Identification Handbook - IHE Wiki [Internet]. wiki.ihe.net. [cited 2023 Aug 17]. Available
from: https://wiki.ihe.net/index.php/Healthcare_De-Identification_Handbook
122. Http - FHIR v5.0.0 [Internet]. www.hl7.org. [cited 2023 Aug 17]. Available from: https://www.hl7.org/fhir/
http.html#read
123. Services - FHIR v5.0.0 [Internet]. www.hl7.org. [cited 2023 Aug 17]. Available from: https://www.hl7.org/
fhir/services.html

128 | References
124. Services - FHIR v5.0.0 [Internet]. www.hl7.org. [cited 2023 Aug 17].Available from: https://www.hl7.org/
fhir/services.html
125. References-definitions - FHIR v5.0.0 [Internet]. www.hl7.org. [cited 2023 Aug 17]. Available from: https://
www.hl7.org/fhir/references-definitions.html#Reference.display
126. DomainResource - FHIR v5.0.0 [Internet]. www.hl7.org. [cited 2023 Aug 17]. Available from: https://www.
hl7.org/fhir/domainresource-definitions.html#DomainResource.text
127. Definition of “Open Standards” [Internet]. www.itu.int.Available from: https://www.itu.int/en/ITU-T/ipr/

Pages/open.aspx
128. National digital health guidelines and standards (NDHGS). 2.0 ed. Vol. 3.1.3. Ministry of Health;
129. National digital health guidelines and standards (NDHGS). 2.0 ed. Vol. 3.1.2. Ministry of Health;
130. Messaging - FHIR v5.0.0 [Internet]. [cited 2023 Aug 17]. Available from: http://hl7.org/fhir/messaging.html
131. Jones MB, Hardt D. The OAuth 2.0 Authorization Framework: Bearer Token Usage [Internet]. Internet
Engineering Task Force; 2012 Oct [cited 2023 Aug 17]. Report No.: RFC 6750. Available from: https://
datatracker.ietf.org/doc/rfc6750
132. IHE ITI TF Vol2 [Internet]. [cited 2023 Aug 17]. Available from: https://profiles.ihe.net/ITI/TF/Volume2/ITI-
19.html
133. OpenID Authentication Flows | HID Authentication Service | HID Global Corporation [Internet].
[cited 2023 Aug 17]. Available from: https://docs.hidglobal.com/dev/auth-service/integration/openid-
authentication-flows.htm
134. OASIS eXtensible Access Control Markup Language (XACML) TC | OASIS [Internet]. [cited 2023 Aug 17].
Available from: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
135. InfoQ [Internet]. [cited 2023 Aug 17]. Implementing Exceptions in SOA. Available from: https://www.infoq.
com/articles/lublinsky-soa-exception/
136. Digital Health Blueprint: Enabling Coordinated & Collaborative Health Care | Canada Health Infoway
[Internet]. [cited 2023 Aug 17]. Available from: https://www.infoway-inforoute.ca/en/component/
edocman/resources/webinars/2964-digital-health-blueprint-enabling-coordinated-collaborative-health-
care
137. Chase D. Forbes. [cited 2023 Aug 17]. Patient Engagement Is The Blockbuster Drug Of The Century.
Available from: https://www.forbes.com/sites/davechase/2012/09/09/patient-engagement-is-the-
blockbuster-drug-of-the-century/
138. InfoQ [Internet]. [cited 2023 Oct 7]. Implementing Exceptions in SOA. Available from: https://www.infoq.
com/articles/lublinsky-soa-exception/
139. Erl T. SOA design patterns. Upper Saddle River, NJ Munich: Prentice Hall; 2009. 814 p. (The Prentice Hall
service-oriented computing series from Thomas Erl).
140. Digital Health Blueprint: Enabling Coordinated & Collaborative Health Care | Canada Health Infoway
[Internet]. [cited 2023 Aug 17]. Available from: https://www.infoway-inforoute.ca/en/component/
edocman/resources/webinars/2964-digital-health-blueprint-enabling-coordinated-collaborative-health-
care
141. Kish, L. (2012) The Blockbuster Drug of the Century: An Engaged Patient. HL7 Standards: Available from:
https://www.hl7standards.com/blog/2012/08/28/drug-of-the-century/

Annex A | 129
Annex A - Directorates of the Line Ministry of Health

This section provides a summary of the Deputy Director Generals within the Line Ministry of Health and
their directorates, for the reference of the reader.
DDG Directorates
DDG Public Health Services I • Epidemiology Unit

• Quarantine Unit
• Anti Malaria Campaign
• Anti Filaria Campaign
• Anti Leprosy Campaign
• National Program for Tuberculosis and Chest Diseases
• National STD and AIDS Control Program
• Public Health Veterinary Services
DDG Public Health Services II • Family Health Bureau

• Health Promotion Bureau
• Nutrition Division
• Youth Elderly and Disable Unit
• State and Urban Health Unit
• Public Health Nursing
DDG Medical Services I • Tertiary Care Services

• Healthcare Quality and Services
• Registered Medical Officers
• Nursing (Medical Services)
DDG Medical Services II • Medical Services

• Private Health Sector Development
• Prison Medical Services
• Administration (MS I)
• Administration (MS II)
• Primary Care Services
DDG Planning • Planning Unit

• Organization and Development Unit
• Health Information Unit
• International Health Unit
• Policy Development and Analysis Unit
DDG Education, Training and • Training

Research • Research
• Nursing (Education)
DDG Dental Health • Dental Services

• Institute of oral health
DDG Logistics • Building (Administration)

• Building (Transport)

130 | Annex A
DDG Directorates
DDG Laboratory Services • Laboratory Services

• Medical Research Institute
• Blood Bank
DDG Investigation • Investigation I

• Investigation II
DDG Environmental Health, • Environmental Health, Occupational Health and Food Safety
Occupational Health and Food
Safety
DDG Administration I • Administration IV

• Administration V
• Administration VI
• Administration VII
DDG Administration II • Administration I

• Administration (Exam)
• Nursing Administration II
DDG Administration III • Administration II (Technical Administration)

• Administration III (Non-Technical Administration)
• Administration and Establishment
DDG Medical Supplies Division • Medical Supplies
DDG Biomedical Engineering • Biomedical Engineering Services

Services
DDG National Hospital, Sri Lanka • National Hospital, Sri Lanka
DDG National Hospital, Kandy • National Hospital, Kandy

Annex B | 131
Annex B - Stakeholder Engagement / Current State

Assessments Reviewed
Stakeholder groups completed a PowerPoint • Epidemiology unit
template which was used for prompting feedback. • Nutrition Division
The results of these were analysed and common
traits/requirements of these stakeholder groups • Quarantine Unit
and their systems are shown in Table 4. • Anti-Leprosy Campaign
• National Programme for TB and Chest Disease
The stakeholder groups for which there was a
(NPTCCD)
current state assessment performed prior to the
authoring of the blueprint were: • National Dengue Control Unit
• DDG Management Development and Planning • Antimalaria Campaign

Unit • National STD and AIDS Control Programme
• DDG Medical Services Unit I (NSACP)
• DDG Medical Services Unit II • HHIMS Project (Architecture Review)
• DDG PHS 1 Additional stakeholder groups interviewed after

• DDG PHS 11 the initial development of the blueprint are not
included in this list.
• DDG Laboratory
• DDG Dental Services (pending) The assessment attributes are labelled using X
• DDG Bio Medical Engineering Services where the current digital health solutions match
(pending) this attribute, P when the attribute has been
planned, and I where explicit descriptions of the
• DDG NCD
functionality is not provided rather, it is inferred.
• DDG Medical Supplies Division
• Family Health Bureau
• Health Promotion Bureau

132 | Annex B
Table 4 - Common Attributes of Current State Assessments from Selected Institutes
Anti-Leprosy Campaign
Health Promotion Bureau
Quarantine Unit
TB and Chest Diseases
National Dengue Control
Antimalaria Campaign
HHIMS (Architecture)
NSACP
Medical Services I & II
Planning Unit
Register and track Patient Demographic X X X X X X X X
Information for contact and follow-up.
Register and track discrete patient health care X X X X X X X

event data.
Patient Centric Design X X X X
Case Centric Design X
Track geographic location of patient for P X P

communicable disease tracing
Provides central level tracing of patient events X X X X

and sharing between providers in different
geographic regions.
Provides business-unit decision support services X X X X

related to follow-up, care planning, etc.
Enforce data level security to ensure patient P X

privacy is protected (i.e., protect data from
inappropriate disclosure or access based on role
or policy).
Enforce system level security to ensure only X X X X X X X X X

authorised users are permitted to access system
functions (i.e., username and password).
Generate aggregate indicators for preparing X X X X X X X X

management reports.
Used by clinicians while providing care. The X X X X

solution guides physicians in the execution
of their duties (rather than being used as a
documentation only system after the care
encounter has completed).
Used by administrative users (or non-clinicians) X X X

to input aggregated or administrative data
(rather than discrete clinical data events)
Generates comparative data with different X X X X

reporting periods (provides the basis for
comparative indicators)

Annex B | 133
Quarantine Unit
NSACP
Planning Unit
Adheres with NDHGS standards for data capture X I I
or exchange.
Accessible from different clinics, locations and X X X X I X X

communicates with central infrastructure (i.e.,
within the system patient data flows between
clinics).
Monitor the work of medical officers, nurses, or X X X

other providers in their daily duties (i.e., assign
work schedules, duty assignments, etc.)
Engage, disseminate, and monitor health X X

activities directly with patients. Patients are
provided tools for interacting with digital health
systems.
Disseminate and collect information to/from X X X

public health workers/officers for the monitoring
of public health concerns (communicable
diseases, quarantine, etc.)
Mission critical infrastructure/solution (i.e., X X X X X X

business processes are digitized, and outages
directly affect daily duties of users)
Share data across different software solutions I I X P

to promote monitoring of health system and
related activities (campaigns, outreach, etc.)
Monitors the public health status of foreigners X

and non-citizens.
Monitor the public health status (tests, X X X X X

communicable disease status, vaccination,
contacts, etc.) of citizens.
Require disclosure/conveyance of individual X X X X X

events over time of care of client or encounter
with client (individual observations, procedures,
etc.)
Require disclosure/conveyance of data in a X X

document form (discharge summary, referral
note, radiology notes, etc.)

134 | Annex B
Quarantine Unit
NSACP
Planning Unit
Track the status, delivery, and consumption of X P X I
consumables/stock/supplies.
Integrate data exchange with laboratory systems P X X

for diagnosis, specimen collection/registration,
and result view.
Integrate/track digital diagnostic imaging source X X

images and/or PACS solutions.
Track and follow-up longitudinal care (after X I X

primary intervention and/or treatment is
complete)
Uses standardised terminology to collect and X

codify data in a structured manner.
Exposes data via openly available (authorised) X X

APIs which can be used to retrieve/contribute
data to/from other systems
Implements standardised interfaces (HL7, FHIR, P I P

etc.) for data interchange
Track the human resources of the relevant X P I

business unit within the used environment
(name, employment, specialty, etc.)
Integrate data between differing care settings X I I

(specialty care, acute hospital care, emergency,
general practitioners, etc.)
Used to report important life event trigger X X X

events of patients to MOH (births and deaths)
Track the request, promise, fulfilment of drug X X X

orders (i.e., via a pharmaceutical module)
Share indicator data with central public health X P I

monitoring and reporting system (example:
DHIS2 or eIMMR)
Store security audit data which allows for system I

administrators to review the access, disclosure,
creation, and amendment of clinical data.

Annex B | 135
Quarantine Unit
NSACP
Planning Unit
Integrate with centralised registries for the I
sharing of patient, location, and provider
information
Requires non-repudiation of emission for X

data. Requires that data reported to MOH
matches data user understood was being sent.
Ensure that data has not been tampered after
validation.

136 | Annex C
Annex C - List of Current Digital Health Interventions in

Sri Lanka
The “Evaluation of Electronic Health Information Systems (HIS) for the Ministry of Health, Nutrition, and
Indigenous Medicine – Sri Lanka (2019)” [5] provided a list of all the digital health systems interventions in
use in Sri Lanka (Table 6 in that document). This information is summarised in this document below for the
reference of readers.
Acronym Name Scope Status Interchange

(2023) Standards
HRMIS Human Resources Management Information Institutional None
System
WebIIS Web Immunization Information System National None
eMHMIS Electronic Mental Health Management Information National HL7, ICD10
System
NHRIS National Human Resources Management System National ISO3166
HFSM Health Facility Survey Management System National ADX, ISO
3166
NBTSIS National Blood Transfusion National ADX
CRVS Civil Registration and Vital Statistics National ADX, HL7,
ICD10
QHRMS Quarantine Health Record Management and National ICD10
Surveillance Systems
eMSRS Electronic Monthly Statistics Reporting System National ADX
LeIS Leprosy Health Information System National ICD10
AEIS / Accident and Emergency Information System / OPD Institutional HL7, ICD10
OPDIS Information System
EIMS Electronic Information Management System National ICD10
(HIV)
HIMS- Health Information Management System Anti National ADX, HL7
AMC Malaria Campaign CDA
MSMIS Medical Supplies Management Information System National None
DNMS District Nutrition Monitoring System Sub-National ADX
HHIMS Hospital Health Information Management System National HL7,
DICOM, ICD
10
HIMS Hospital Information Management System Sub-National SWASTHA HL7, CDA,
DICOM,
ICD10
eIMMR Electronic Indoor Morbidity and Mortality Register National ICD10
eRHMIS Electronic Reproductive Health Management National HL7
Information System
Cloud Cloud Based Hospital Information Management In HL7

HIMS System Development

Annex D | 137
Annex D - Blueprint Service Detailed Dependencies
Service Depends On Optional Description / Rationale
Helpdesk / Enterprise Y Linking helpdesk services with an enterprise knowledgebase

PM Services Knowledge Base can improve IT efficiency by collecting resolutions to issues or
pointing to common resources.
Identity Y Providing a single sign on for helpdesk and project

Provider management services reducing the administrative overhead
of managing user credentials.
E-Learning Enterprise Y Linking training content to relevant content in an enterprise

Services Knowledge Base knowledgebase is useful for providing context and
operational support for training materials.
Identity Y Providing a single-sign-on for the learning management

Provider system or e-learning platform reduces administrative
overhead for user credentials.
Enterprise Y The enterprise document management service provides

Document document tracking, versioning, approval, and publishing
Management services which can be linked within the e-learning content.
Document Enterprise Y The document management system may benefit from an

Management Knowledgebase enterprise knowledgebase solution for providing links within
documents as well as publishing documents.
Identity Y Providing single-sign-on for the document management

Provider system reduces administrative overhead for user credentials.
Terminology Identity Y Providing single-sign-on for terminology definition, workflow,

Services Provider as well as the terminology APIs.
Identity HR Y Using the HRMIS (or various HR solutions) as a basis for the
Provider Management creation of new access credentials (on hiring) and revocation
of access credentials (on termination) is a best practice.
SMS Gateways Y Sending one-time-passwords (OTP), password reset

instructions, and telephone verification codes from the
identity provider reduces the need for independent solutions
to implement the same logic repeatedly.
E-Mail Services Y Sending one-time-passwords (OTP), password reset

instructions, e-mail verification codes, notifications of
inactivity or login, etc.
Audit N Provides a location for security audits (login/logout, session

Repository start/session extend/session termination) for the identity
provider.
Certificate N Required for the issuance of encryption certificates,

Services dissemination of public keys, and digital signing of bearer/
session tokens using the RSA256 signature algorithms.
E-Mail Identity Y If providing governmental e-mail services to users, the use of

Services Provider an identity provider to establish access to mailboxes, IMAP or
POP services is useful (i.e., provides common authentication
services).

138 | Annex D
Audit Time Keeping N Consistent time for all events within the system is vital to
Repository understanding the order of operations between solutions
in the system as well as the time when intrusions, or events
occur in relation to one another.
NHDX Certificate N Certificate services are required for the NHDX to establish a
Services chain of trust if using node authentication (client certificates),
as well as validating digital signatures (see 6.2.1)
Identity N Identity provider is a common dependency for all DHP

Provider services operating within the context of the NHDX. The
identity provider may need to be contacted by services within
the DHP for validation of session tokens, or application
authentication within the NHDX.
Time Keeping N Time keeping services are important within the NHDX to
ensure that all services are using consistent time for all
events.
Terminology N Terminology services are common dependency for all

Services services in the NHDX. The terminology services may be used
by mediation services for validation, or by repository or
registry services for mapping/validation.
Digital Health ETL Y ETL services may be leveraged to populate the DHIW from
Information solutions which require active pulling of data from APIs or
Warehouse Databases and populating the DHIW.
/ Health
KPI Definition Y An indicator definition repository is useful for disseminating
Management
Repository consistent definitions, surveys, and calculations to all services
Information
within the DHP for the computation of indicators.
System
NHDX Y All common registries within the digital health platform will
require the use of common NHDX services (auditing, identity,
Master N
certificates, orchestration, etc.).
Patient Index
Facility N
Registry
Provider N
Registry
Medication / N
Drug Registry
Equipment N
Registry
NEHR Master Patient N Provides consistent identification for patients whose records
Repository Index are collected in the NEHR. The master patient index is used to
cross-reference all citizen and non-citizen records which need
to be stored in the NEHR.
Facility Registry N Consistent identification for facilities providing health

services in the DHP and the use of these enterprise identifiers
in the NEHR is encouraged.

Annex D | 139
NEHR Provider N Consistent identification of provider organisations and health

Repository Registry workers which are referenced within the patient’s national
record.
Medication / Y Consistent identification of medications or drugs which the

Drug Registry patient is actively prescribed, dispensed, etc.
Consent Y Using the consent services of the DHP will allow the NEHR to
Management appropriately enforce policy decisions, and/or allow for the
validation of tagged policies for records.
Record Locator Y The record locator is optional for the NEHR. Record locator
/ Index and indexing services are primarily required once more than
one repository of information is available for storing patient
data.
Disease / N A record locator is required when more than one repository

Domain of information for a single patient is contributing to the
Repositories patients “shared” health record. Imaging and document
repositories (if using IHE XDS-I) will also require this
Imaging N
functionality.
Repositories
Document N
Repositories
Inventory / Medication / N Consistent identification of approved drug products,

Logistics Data Drug Registry equipment and devices is important for logistical inventory
reports as well as order flows between organisations.
Equipment N
Registry
Consent Master Patient N The consent management services will require the
Management Index association of consent policies between health data, patient
identity, and security principals.
Identity N
Provider
Record Locator Y
Clinical Clinical Y The separation of a clinical guideline and the execution of

Decision Guidelines the clinical guideline is described in section 4.2.5.6. It is a
Support Repository recommended pattern and therefore this dependency is
marked as optional.
NEHR N CDSS (as with any rules engine) requires a series of facts
Repository (data elements in a patient profile) to execute and emit
proposed actions. It is therefore required, that a CDSS system
Disease / Y
have access to health data repositories.
Domain
Repositories
Secondary DHIW / HMIS N Secondary use services (like dashboards, surveillance rules,
Use etc.) should depend on aggregate data stored within the
DHIW / HMIS.

140 |
Points of Service Shared Digital Health Platform
Hospital Information Systems

National Health Data Health Administration
Health Information Management Exchange
Systems (HHIMS/HIMS/
Coordination Services Institution
SWASTHA/OpenMRS) Client Registry Provider Registry
Annex E
API Management Registry

Terminology
PACS/RIS
Services
HR Management
Private Sector HIS Logging Record Location
& Indexing
Health Delivery
LIMS Business Process Shared Data Repositories
Execution
Messaging
Curative Solutions NEHR Record Diagnostic Disease &
Repository Imaging Program Data
Electronic Patient Information Occupancy /
Capacity ePrescribing
Mediation Document Inventory &
Laboratory Data
National STD and Aids Control Repositories Logistics
Program
Finance &
Private Health Sector Validation Care Guidelines Decision Support
Insurance
Hospital Information System
Secondary Use
Electronic Medical Record Error / Retry
Secondary Use Cases
Preventative Solutions De- Programmatic

Research Planning
Identification Performance
Governance and Compliance
District Nutrition Management Load Balancing KPI

DHIW
System Definitions
(Warehouse)
Policy Public Health
DenSys / Dengue Sentinel Site ETL / ELT Dashboards
Development Surveillance
Surveillance Publish /
Subscribe
Leprosy Information System
(LeIS) Security & Privacy Services Operational Support Systems
Electronic Reproductive Health Metadata Helpdesk / Document

Certificate
Exchange Time Keeping
Information Management System Services Support Management
Audit Repository

Programme Consent E-Learning Knowledge Bases
Service Discovery Identity Provider
Management
Others
Consumer / Future Innovations

Personal Health Records Push Monitoring Performance
Annex E - Digital Health Blueprint Diagram

Digital Health / NEHR Viewers
Infrastructure
Telemedicine Solutions
Lanka Government Cloud Lanka Government Network National Data Exchange
Principles
Business Technical
Evolutionary Innovation & Information Privacy & Security Use Open Interoperability
Value for Money Patient Centred Standardisation Re-Use Services Scalability Focus
Change Partnership Sharing By Design Standards Focus
Legislation and Policy

ISBN 978-624-5719-86-0

Department of Government Printing

Digital Health Blue Print Full Book 01.11.2023 Final

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Digital Health Blue Print Full Book 01.11.2023 Final

Uploaded by

Copyright:

Available Formats

ISBN 978-624-5719-86-0

  

Department of Government Printing

Enabling a Healthier Nation through Digital Transformation of Healthcare

ISBN Printed No.: ISBN 978-624-5719-86-0

Copyright © 2023 by Ministry of Health, Sri Lanka

Tel: (+94)112 694033, (+94)112 675011, (+94)112675449, (+94)112693493

Publication date: November 2023

Designed & Printed by :

Sri Lanka Digital Health Blueprint

Message from the Secretary of Health

Sri Lanka Digital Health Blueprint

Message from the Director General of Health Services

Sri Lanka Digital Health Blueprint

Message from the Deputy Director General-Planning

Sri Lanka Digital Health Blueprint

1. Dr. S.Sridharan – Deputy Director General – Planning

2. Dr. Palitha Karunapema - Director of Health Information

3. Dr. Gumindu Kulatunga - Consultant in Health Informatics

4. Dr. H.N. Hasitha Pramod - Consultant in Health Informatics

5. Dr. Buddika Ariyarathne - Consultant in Health Informatics

6. Dr. Pradeep Sylva - Consultant in Health Informatics

7. Dr. Chaminda Weerabaddana - Consultant in Health Informatics

8. Dr. Lasantha Ranwala - Consultant in Health Informatics

9. Dr. Buddika Dayarathne - Consultant in Health Informatics

10. Dr. Muditha Hapudeniya - Consultant in Health Informatics

11. Dr. Prabath Jayathissa - Consultant in Health Informatics

12. Dr. Jayathri Wijerathne - Consultant in Health Informatics

13. Dr. Uditha Perera - Consultant in Health Informatics

14. Dr. Poorna Fernando - Acting Consultant in Health Informatics

15. Dr. Nayani Dharmakeerthi - Registrar in Community Medicine

16. Dr. Ranamayurie De Alwis - Registrar in Community Medicine

Project Consultants of the Digital Health Architecture Blueprint

1. Dr. Jayathri Wijerathne - Consultant in Health Informatics

2. Dr. H. N. Hasitha Pramod - Consultant in Health Informatics

3. Dr. Pradeep Sylva - Consultant in Health Informatics

International Technical Assistance

Sri Lanka Digital Health Blueprint

Local Technical Collaborations

1. Information and Communication Technology Agency

2. Dr. S.M. Arnold - Deputy Director General (Public Health Services I)

3. Dr. Lal Panapitiya – Deputy Director General, Medical Services I

4. Dr. G. Wijesuriya - Deputy Director General, Medical Services II

5. Dr. D.R.K. Herath- Deputy Director General, Medical Supplies Division

6. Prof. Vajira Dissanayake – (Chair – Specialty Board, Biomedical Informatics)

7. Dr. Prasad Ranathunga - Consultant in Health Informatics - President SLCHI

9. Dr. Uditha Perera - Consultant in Health Informatics - Secretory SLCHI

10. Dr. Prasad Ranaweera – Director Anti Leprosy Campaign

11. Dr. Neranga Liyanaarachchi - Consultant in Health Informatics

12. Dr. Nishan Siriwardena - Consultant in Health Informatics

13. Dr. Subodha Manoj - Consultant in Health Informatics

14. Dr. Ranga Kumara Welikanne - Consultant in Health Informatics

15. Dr. Kaushalya Kasthuriarachchi - Consultant Community Physician

16. Dr. J. Bandara – Medical Superintendent, BH- Homagama

17. Dr. Dilrukshi Dheerasinghe – Medical Superintendent, BH - Panadura

18. Dr. Lahiru Rajakaruna – Senior Registrar in Health Informatics

19. Dr. Kaushalya Mendis - Registrar in Health Informatics

20. Dr. Chinthaka Jayarathne - Registrar in Health Informatics

21. Dr. Dharshana Abeywardhana – Medical Officer in charge, OPD, BH - Homagama

Sri Lanka Digital Health Blueprint

List of Figures ................................................................................................................................................ XIII

List of Tables ................................................................................................................................................. XV

List of Annexes ................................................................................................................................................ XVI