Kuldar Taveter: Why is crisis management beyond the (e-)state?
When developing state e-services, one should not narrowly concentrate on users of specific services and look at e-service interest groups on a much broader scale. We need a bigger picture of state information system target groups and their need to exchange data, Kuldar Taveter writes.
We recently learned from the media how family doctors were unable to access patients' vaccination data from the healthcare information system. We also read about a software company's attempt to engineer a link between the healthcare information system and family medicine software in just a few days.
I believe that we should try and understand how such a situation is even possible instead of placing blame.
I have been and remain involved with digital economy and e-governance and have taken part in international and domestic crisis management projects. That is why I believe the e-state and crisis management should go hand-in-hand. I will now try to analyze why that is not the case in Estonia today.
Exchange of data between information systems
Several research papers suggest that so-called ethical hackers played an instrumental role in creating the Estonian e-state – people who knew technology but not necessarily people and were therefore not concentrating enough on cooperation between people and what they were building.
Simply mapping out users of individual systems is not enough when creating complex and interdependent information systems. Instead, we should be talking about system-level interest groups that cover different roles.
For example, the healthcare information system should also consider the roles of vaccinator and vaccinee, in addition to the roles of patient, family doctor and family nurse. This would have brought vaccination registration and the necessary exchange of data between systems into the focus right away.
Looking at the problem of vaccinee lists and registration from the point of view of crisis management, suggesting that the coronavirus pandemic could not have been foreseen is not a valid excuse.
The interior ministry's crisis management website lists 27 types of emergencies and state agencies in charge of solving them. An epidemic is one such emergency for which the Health Board is responsible.
The same website suggests, based on the Emergency Act, that a plan will be put in place for solving emergencies. Agencies involved in solving crises use these plans to agree on cooperation and how best to solve them.
Emergency plans exist for most types of emergencies, while they are usually meant for in-house use. The aforementioned interior ministry website also mentions mandatory crisis management trainings organized by agencies involved.
Managing an epidemic is also regulated in the Communicable Diseases Prevention and Control Act chapter 3 of which prescribes vaccination organization and the roles of interest groups. The law directly mentions the role of family doctors, nurses and other healthcare workers in immunization.
Most requirements for planning and development of e-state solutions to facilitate vaccination can be accessed in different legal acts. The latter also largely regulate which data information systems should carry and who should have access. Therefore, requirements analysis for such systems is in many ways simpler than in the case of commercial information systems.
It was more or less clear based on legal acts who was responsible for registration and administration of vaccination and parties that needed to exchange relevant information. Why then was a situation allowed to develop in terms of exchange of data between different systems best described as "I wasn't even there when it happened."
Firstly, and as said before, interest groups and exchange of data were not considered to a sufficient degree when the e-state was being created. We have good technical solutions for collecting and exchanging data, such as various registers and the X-road infrastructure.
At the same time, it has not been sufficiently considered who should be able to exchange data in crises and when. This has placed family doctors under a lot of pressure as they are forced to call people who are eligible for vaccines and keep track of vaccination using printed spreadsheets today. All of it could have been organized much more effectively using existing e-state tools.
How to improve the situation?
First of all, every crisis management training should involve the e-state through the State Information System's Authority (RIA).
Crisis regulation trainings have been held separately in different fields until now. A major exercise involving around 300 participants was held over three days in Saaremaa in April of 2019 that saw volunteers from Estonia and six other countries practice helping residents injured in a major accident.
The same year saw the Estonian Academy of Security Sciences surprise attack deterrence and evacuation exercise in Tallinn where interagency cooperation was practiced between the Police and Border Guard Board (PPA), Rescue Board and ambulance services. Virtual trainings based on computer simulations have also been held.
The scenarios of all such exercises should include making lists of people to be evacuated or vaccinated and forwarding them to e-state registers using data exchange architecture. Had this been done, it would have become clear a long time ago that the healthcare information system and software used by family doctors is unable to facilitate exchange of data on vaccinee lists.
The situation is rendered even more peculiar by the fact that the operability and interoperability of e-state information systems was not revisited even after the first wave of the coronavirus last spring when it had become clear vaccines were being developed and Estonia had already placed preorders through the EU.
Secondly, development of state e-services should not treat narrowly with users of individual services and should instead look at e-service target groups on a much wider scale.
Whereas use of e-services in emergencies should be paid special attention. Unfortunately, it seems that a broader understanding of e-services and exchange of data in emergencies is lacking even though Estonia has funded several corresponding research and development projects.
While the reader could be forgiven for asking why bring all this up in hindsight, I believe that the latter should not be dismissed as it offers the chance to do better next time.
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Marcus Turovski