Since 1919, the Swiss administration officials responsible for healthcare in the respective cantons are affiliated with a coordination body: the Health Directors’ Conference (GDK, “Schweizerische Konferenz der kantonalen Gesundheitsdirektorinnen und –direktoren“). The purpose of this conference consists in promoting the cooperation between the 26 cantons, the Swiss confederation and other important healthcare organisations. Representatives of the Liechtenstein principality also attend the GDK meetings.
In addition to the Swiss-wide conference, there are also regional conferences such as GDK-Ost. GDK- Ost coordinates the cooperation and healthcare strategy of the cantons it represents. In autumn of 2005, GDK- Ost commissioned an e-Health task force under the leadership of St. Gallen. The objective consisted in identifying e-Health opportunities in Eastern Switzerland. E-Health is the electronic media support of relations and processes among the healthcare participants. The first suggested project was the electronic support of cost reimbursement. Cost reimbursement is a process that, while based on simple rules, can be extremely slow due to its paper-based forms and many involved parties in various organisations.
For a better understanding, the concept of cost reimbursement is explained shortly: Health insurances rarely cover all of the patient’s treatment costs. For the part not covered by the insurance, a hospital will obtain a certain amount from the canton in which the patient is a resident. Cost reimbursement will be necessary when a patient must be treated at a hospital in a canton where he doesn’t reside. While the resident’s canton must reimburse patient treatment and sojourn, such payment must be granted via cost reimbursement. Reimbursement costs for hospitals vary from canton to canton. The health directorate of the resident’s canton must therefore verify the reasons for a hospital placement in another canton that would allow the insured person to be treated elsewhere. Since the reasons for medical treatment are subject to data protection, the process must ensure that only authorised persons may access the personal information.
The suggestion by the task force resulted in an order for which GDK-Ost commissioned Abraxas Informatik AG. It developed the electronic Service Platform (eSP) offering the “electronic cost reimbursement” (eKOGU, elektronische Kostengutsprache) as a service. Since early 2009, eKOGU has been operative on the electronic Service Platform. In addition to hospitals and health directorates, physician’s offices and other healthcare outlets may use eKOGU.

Presentation of business partners

Principals
GDK-Ost comprises the cantons Appenzell Innerrhoden, Appenzell Ausserrhoden, Glarus, Grisons, St. Gallen, Schaffhausen, Thurgau, Zurich the Principality of Liechtenstein. The cantons are represented by the government officials respectively responsible for healthcare. In coordination with the canton governments, they may award healthcare contracts. The cantons of GDK-Ost and Ticino are the principals of the eKOGU (electronic cost reimbursement) project. The Principality of Liechtenstein does not participate in eKOGU.

Business software providers
Abraxas Informatik AG is an established Swiss ICT company with a broad service range for public administrations and organisations in the governmental field and in selected private company segments. This company headquartered in St. Gallen has further branches in Zürich, Frauenfeld, Lausanne, and Winterthur. In the areas of Business Process Integration, Specialised Applications and Services, Abraxas provides its customers with any relevant services from a single source: from consulting via application development and implementation to infrastructure provision and operating performance.

Only persons meeting one of the two following conditions for purposes of data protection could so far access the eKOGU service on the electronic Service Platform (eSP): They either needed a specially secured client computer for interactive web access on the eSP or the information system of their organisation (server) had to be connected to an exchange platform specially created for the automated data exchange in healthcare.
The specially secured client computers are mainly located in physician’s offices and enable the interactive use of eSP services where the so-called ASAS Client is installed. The ASAS Client (Arpage Security and Access Services) is a software product of company Arpage AG in Küsnacht and can be pictured as a browser with particular safety characteristics. Just like SuisseID, it is based on certificates and ensures data confidentiality, authenticity, and security during transmission. An ASAS Client gets issued to computer hardware instead of a physical person, as is the case for SuisseID. In addition to eSP, the ASAS Client can also access the secured extranet platform HIN (Health Info Net) of the Swiss healthcare system. HIN enables the exchange of data among many service providers and sponsors in the healthcare system. HIN can be considered as a sort of closed user group: only an ASAS Clients allows accessing HIN and the associated services.
The intermediary MediData AG and H-Net AG operate special exchange platforms for the exchange of data among the application systems of the various healthcare system stakeholders. Larger hospitals and health insurers are directly connected so that data recorded in the system can be automatically transmitted.

5.1.3.1 Business View and Processes
The eKOGU service on eSP launched in early 2009 supports the electronic exchange of data for cost reimbursements and for the process cycle by providing rules and workflow functions. The following should explain this further: a hospital has various sponsors. In addition to the health directorates for the treatment in a different canton, these are e.g. health insurers (basic and additional insurance), the Swiss National Accident Insurance Fund (SUVA), disability insurance (IV) or the social welfare office. Frequently, it is also not just hospitals and physicians that apply for cost reimbursements, but other service providers as well, such as homes, prisons, etc.
The cost reimbursement process participants can be divided into two groups: the group of service providers and the group of cost bearer (cf. Figure 1). The eKOGU-Service currently supports the processing of cost reimbursement between service providers such as hospitals and the cantons’ health directorates as cost bearer.

Since the launch of SuisseID in the year 2010, all roles participating in the business scenario can authenticate for eSP. This therefore enlarged the circle of persons that can use eKOGU. SuisseID thus made it possible to access eSP directly using a regular web browser. The circle of users that has been added since the authentication with SuisseID comprises mainly public administration offices that want to participate in eKOGU without requiring the entire functionality of the specialised services. Throughout, SuisseID offers comparable safety with regard to the authentication of persons accessing eSP. As was the case for accessing HIN via the ASAS Client, persons must equally identify themselves at a registration office where they have to show a passport or an ID card.
Prior to access via SuisseID, a person must first register with eSP. To do that, the person must already possess an activated SuisseID. The registration process runs on eSP as a single service. In a first step in the registration process, the applicant must fill out a web form containing name, first name, organisation, e-mail address, and phone number. A second step requires authentication via SuisseID where the applicant must select the SuisseID provider from which it has obtained the SuisseID. Upon provider confirmation, the SuisseID can automatically be verified with regard to its validity. If the authentication is successful, name, first name, and SuisseID number from the certificate will be added to the already registered data. The registration application will be stored automatically and released for further processing. Abraxas employees will now verify the provided data. They will verify with the indicated organisation if the respective person works there and is indeed meant to have access to eKOGU.
If this verification is successful, a user account will be established on eSP. The respective corrections and the SuisseID number will be linked to the user account. Upon establishment of the user account, the applicant will be informed in an e-mail that the account is now active and that access to eKOGU is now possible using SuisseID.
When a user is exiting an organisation e.g. because of a work contract cancellation or because of a new responsibility area, the user’s organisation will be responsible for deleting the eKOGU authorisation. The organisation can commission Abraxas with deleting the eKOGU authorisation or the organisation may task an employee charged with user administration to delete the account. eSP can attribute user administration authorisations to a user account. The authorisations enable changes to and the deletion of user rights, not however the setup of new user accounts.

Application View
As already mentioned in Chapter "Decision in Favour of SuisseID" participants can also access eSP without SuisseID (cf. Figure 78). To this end, they will either use a web browser on a computer that has been equipped with an ASAS Client or their organisation’s information system is connected to an exchange platform such as MediData or H-Net. Via this exchange platform, it is possible to exchange information in XML format. XML information must be structured according to the pattern developed acc. to the “Forum Datenaustausch” (Data Exchange Forum) throughout. Among the standards decided by the forum are e.g. the XML format regarding the electronic service accounting for doctors and hospitals [Forum Datenaustausch, 2010].
A linked information system can e.g. be an ERP system configured for use in healthcare. Or it can be a hospital information system (KIS) as they are used in larger hospitals [Adam, 1980].

For the interactive and dialogue-based access via a web browser, a HIN ASAS Client or a SuisseID will now be required.
The ASAS Client mode of operation is similar to that of SuisseID. A computer with ASAS Client is automatically logged into the HIN network. VPN encryption (Virtual Private Network) secures the connexion throughout. When accessing eSP, user information will be transmitted via HIN and the ASAS Client registered on eSP will automatically be logged in. HIN ensures that only authorised users can access eSP. VPN also secures the connexion between HIN and eSP.
It is important to make sure throughout that the computer will always be identified with the ASAS Client and not the physical person. While the certificates of the SuisseID indicate a person, the ASAS Client certificate is issued to and installed onto a computer. Only persons that can prove to have a certain role or function may obtain an ASAS Client. An authorisation as licensed physician may for example demonstrate a function. A permissible role would for example be the participation in the administrative processes of a healthcare function.
SuisseID enables access to eSP without a special network connexion (cf. Figure 3). The person must however be registered with eSP (cf. Chapter "Business View and Processes").
During the one-time registration authentication with assertions is used [Quade, 2010: p. 20]. Thereafter, registered users can log into eSP directly via simple authentication. eSP will verify the validity of the used SuisseID with the Identity Provider/Claim Assertion Services (IdP/CAS) of the respective SuisseID provider.
The communication between web browser and eSP is secured via TLS (Transport Layer Security) using a 1024bit key. The process detailed in the SuisseID Specification on the basis of the Security Assertion Markup Language (SAML) will be used for the data exchange [Bürge & Zweiacker, 2010, p. 36].

eSP has a modular design. Depending on the requirements of the service requesting support, the necessary modules can be combined. The modules are divided into sections (cf. Figure 4). Many modules can be recycled – including the authentication using SuisseID. Data transmission is possible via MediData, H-Net or, for other application areas, also via Sedex. Only individual modules in the area of business logic and data are provided specifically for individual services such as eKOGU.

Figure 4: Modular System of the electronic Service Platform (© Abraxas Informatik AG)

Investment Decision
The principal, GDK-Ost, welcomed the decision by Abraxas to implement a further means of access to eSP on the basis of SuisseID. The canton offices responsible for cost reimbursement make use of the ASAS Client, which however requires changes to the computers, the communication systems and the net firewall not previously anticipated by the canton safety guidelines. The installation of an ASAS Client requires approval by the canton offices charged with security. No changes to the canton communication systems are required for the use of SuisseID
Prior to the launch of SuisseID, other interactive eKOGU access possibilities were discussed. One of those is the “Health Professional Card“ (HPC) [FMH Swiss Medical Association, 2010]. The HPC is a smart card similar to SuisseID. In the current context, it however has the disadvantage that it is not obtainable by all persons involved in the process since only physicians are eligible. According to the existing processes, HPC owners can however identify themselves via HIN and access eKOGU via the ASAS Client.
Prior to implementing SuisseID, Abraxas conducted a large cost analysis. It estimated ten man-days for the technical implementation. No risk assessment or return-on-investment calculations have been conducted.

Solution Development and Implementation
The Java Software Development Kit (SDK) provided by the State Secretariat for Economic Affairs SECO was used for developing the SuisseID access possibility. The elements required by the SDK were adopted with minimal changes.
Through its available channels, Abraxas actively advertises the possibility of logging into eSP using SuisseID. Product descriptions and the Abraxas website describe the possibility and the company mentions it during the eSP presentation.

Continuous Maintenance and Planned Further Development
The system does not require additional maintenance on top of usual maintenance such as data protection and user administration.
A further development in addition to the presented roles anticipates that service recipients, i.e. patients, may also access the system since various cantons involve the patients in the cost reimbursement process. The plans also include the development of an eKOGU service for further service providers and sponsors. Additional service providers such as homes collect reimbursements at sponsors such as welfare offices.
In the future, it should be possible to provide sponsors not just with reimbursements but also with invoices following the provision of services. It should also be possible to deposit rate models for purposes of invoice verification automation. Further plans involve interfaces for prevalent accounting solutions to facilitate payment activation.

eKOGU users value the advantage of the electronically supported process – especially the possibility to always check what office is currently processing a particular cost reimbursement claim and how many cost reimbursement claims are currently being processed.
Out of ten large hospitals in GDK-Ost, six worked with eKOGU at the end of 2010. They mainly used its web interface. The hospitals that have not yet been linked are still awaiting the XML standard for cost reimbursements that the Forum Datenaustausch will probably approve in early 2011. Upon approval, the hospitals’ software suppliers will integrate the XML standard in their products. In the third quarter of 2011, the first hospitals will begin implementing the eKOGU link-up via XML using H-Net or MediData (cf. Chapter "Application View").
Among the eKOGU-connected organisations, about 8,000 reimbursements were handled in 2009. During the first three quarters of 2010, the number was already up to 11,000. After linking up further hospitals, the volume will increase by at least another 4,000 reimbursements per year.
Regarding authentication with SuisseID, we expect that a larger circle of users will work at the previously eKOGU-connected organisations. A great flexibility in involving new employees is expected from the health directorates and the public administrations.
The canton physicians that are almost always also practicing physicians will become more independent from specific desktop computers when verifying cost reimbursements. SuisseID will allow them the verification of reimbursement from various locations, e.g. on their laptop.

According to Abraxas, SuisseID is a solution whose universality, openness, and easy integration will cause it to be broadly used. This stands in contrast to the relatively high practical entry barriers posed by specialised networks and exchange platforms for e-Health and e-Government. Only special groups with great involvement use those. SuisseID dos not require the user to dispose of a complex connexion to a specialised exchange platform or network. Simple Internet access allows accessing services such as eKOGU. SuisseID can furthermore be utilised universally for various services. This should facilitate its acceptance.

Solution Particularities
The modular architecture of eSP has strongly facilitated the inclusion of the additional authentication process using SuisseID (cf. Chapter "Application View").

Lessons Learned
The eKOGU service was established upon commission and according to the requirements by GDK-Ost. The requirements by the other participants had not been completely identified from the beginning. During project implementation, additionally hospital requests have therefore been integrated. From their perspective, the health directorates are simply a group of various sponsors. There’s furthermore a group of additional service providers that provide the same sponsors with reimbursement claims and invoices. The overall market is greater than originally thought. The further expansion of the platform allowed identifying additional needs and eKOGU has become more flexible. This enables a prompter response to changed requirements for new application fields.

References

Adam, Johannes (1980): Mathematik und Informatik in der Medizin. Berlin: VEB Verlag Volk und Gesundheit.
Bürge, Urs; Zweiacker, Marc (2010): SuisseID Specification V1.3. Bern: Staatssekretariat für Wirtschaft SECO.
FMH Swiss Medical Association (2010): "FMH-HPC – zukunftsweisender Mitgliederausweis". Retrieved 20.10.2010 from http://www.fmh.ch/service/mitgliederausweis_hpc.html.
Forum Datenaustausch (2010): "XML-Standards". Retrieved 20.10.2010 fromhttp://www.forum-datenaustausch.ch/xmlstandards.htm.
Quade, Michael (2010): Fachbeitrag "Was ist die SuisseID?", in: Quade, Michael; Wölfle, Ralf; (2010): SuisseID in der Praxis - Grundlagen und Fallstudien zum elektronischen Identitätsnachweis der Schweiz, Basel: edition gesowip, 2010. p. 13-34.