Electronic Healthcare Systems Issues
Author Additions to Chapter 20
Websites that Expand on Chapter 20's Knowledge
- Biometrics
- Clinical Decision Support
- Data Security
- Deidentified Data
- Digital Signatures
- Disaster Planning
- Encryption Explained (off site)
- HIPAA (Health Information Portability Accountability Act)
- HITECH (Health Information Technology for Economic and Clinical Health Act)
- Interoperability (Chapter 15)
- Meaningful Use (Chapter 18)
- Medication Reconciliation
- Passwords
- Phishing (Chapter 5 - safe computing)
- Spear Phishing
- Public Health Information Network
- RFID (Radio Frequency Identifier)
- Social Engineering (the art of conning you to part with protected knowledge)
- Stark Rules
- Unintended Consequences
- Unique Patient Identifiers
- Workflow
Biometrics
Iris Recognition (2005, August 7). Excellent description of this technology.
http://www.biometrics.gov/Documents/IrisRec.pdf
Biometrics Reference Room. An excellent source with links to a glossary and other references.
http://www.biometrics.gov/
Clinical Decision Support
Berner, E. (2002) Ethical and Legal Issues in the Use of Clinical Decision Support Systems. Journal of Healthcare Information Management 16(4). [Electronic Version]
http://www.himss.org/content/files/jhim/16-4/Section%2012%20-%20Focus2.pdf
Bright, T. J., A. Wong, et al. (2012). "Effect of Clinical Decision-Support Systems: A Systematic Review." Annals of Internal Medicine. Excellent article that is freely available.
http://www.annals.org/content/early/2012/04/20/0003-4819-157-1-201207030-00450.long
Clinical Decision Support Systems. Definitions and description of functions and descriptions of various types. Excellent resource.
http://www.openclinical.org/dss.html
Engelmore, R. S. & Feigenbaum, E. (1993). Expert systems and artificial intelligence. An introduction to these two topics written in easily understood language. This may be old, but it presents the basics of any decision system.
http://www.wtec.org/loyola/kb/c1_s1.htm
Introduction to Expert Systems. A simple tutorial explaining expert systems using an example of a person seeking advice when a car won't start. Although the example is an auto mechanic helping someone on the phone, it illustrates well how a well designed CDS will work. Note information about the level of confidence. These are becoming more and more important to nursing as meaningful use moves forward. The "rule" derived is often called an algorithm and is the basis for search engines.
http://www.expertise2go.com/webesie/tutorials/ESIntro/
Data Security
This page from the Electronic Privacy Information Center provides updated information on laws and court cases regarding Medical Record Privacy.
http://epic.org/privacy/medical/
Kumekawa, Joanne K. (September 30, 2001). "Health Information Privacy Protection: Crisis or Common Sense?". Online Journal of Issues in Nursing 6(3), Manuscript 2. Available: http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/
OJIN/TableofContents/Volume62001/No3Sept01/PrivacyProtectionCrisis.asp
Cutler, K. (2003). Information Security Checklist. A list of items to assess when to assure the privacy and security of data in an information system. Some information never changes - this is one of those areas.
http://www.net-security.org/article.php?id=556
Dickey, Susan B. (2007, October 4) Silence is Not Enough: Maintaining Confidentiality in an Electronic World. Online Journal of Issues in Nursing.
http://ana.nursingworld.org/MainMenuCategories/EthicsStandards/Resources/
IssuesUpdate/UpdateArchive/IssuesUpdateSpring2002/MaintainingConfidentialityinan
ElectronicWorld.aspx
Deidentified Data (Secondary Data Use is in Chapter 9)
Automated de-identification of free-text medical records (2008). Deidentifying data is an important step in using the wealth of information in electronic health records to improve health care. Full text of article in BioMed Central.
http://www.biomedcentral.com/1472-6947/8/32
HIPAA rules about when data can be considered deidentified.
http://privacy.med.miami.edu/glossary/xd_deidentified_health_info.htm
De-identified Health Information (HIPAA)
http://privacy.med.miami.edu/glossary/xd_deidentified_health_info.htm
Rothstein, Mark A. Is Deidentification Sufficient to Protect Health Privacy in Research?
Mark A. (2010). American Journal of Bioethics. 2010 September; 10(9): 3–11.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3032399/
Digital Signatures
Youd, David. What is a Digital Signature? A very simplified description of a digital signature.
http://www.youdzone.com/signature.html
What is a digital signature? An easily understood description.
http://searchsecurity.techtarget.com/definition/digital-signature
What is a digital signature? An overview of the various methods.
http://computer.howstuffworks.com/digital-signature.htm
Disaster Planning
Association of Academic Health Centers. Brief Guide for Academic Health Center Disaster Preparedness and Response. An 8 page booklet in the form of many bullet points, discusses all aspects, not just records.
http://www.aahcdc.org/policy/reports/emergency_preparedness_05_06.pdf
Practice Brief: Disaster Planning for Health Information. Excellent article from AHIMA complete with check list.
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048638.hcsp?
dDocName=bok1_048638
Preparedness Planning for Home Health Care Providers. An area that nurses can help patients with.
http://www.dhs.gov/files/programs/gc_1221055966370.shtm
Burrington-Brown, Jill. Practical Planing for Healthcare Facilities. Another helpful source from AHIMA.
http://library.ahima.org/xpedio/idcplg?IdcService=GET_HIGHLIGHT_INFO&QueryTex
t=%28xCategory+%3Csubstring%3E+%60Disaster+Planning%60++%3CAND%3E++xSubject
+%3Csubstring%3E+%60Disaster+recovery%60++%3CAND%3E++xPublishSite+%3Cmatches
%3E+%60BoK%60%29&SortField=xAuthor&SortOrder=Asc&dDocName=bok1_010646&
HighlightType=HtmlHighlight&dWebExtension=hcsp
HIPAA (Health Information Portability Accountability Act)
Analysis of Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules January 25, 2013.
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050067.pdf
HIPAA Final Rule: More on Breach Notification Rule Changes
http://www.hipaa.com/2013/01/hipaa-final-rule-more-on-breach-notification-rule-changes/
HIPAA Security Guide. Provides information to reinforce some of the ways a covered entity may protect information when it is accessed or used outside of the organization’s physical system.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
U.S. Department Health and Human Services. (2007, March 12). Protecting the Privacy of Patients' Health Information. Plain English description of HIPAA.
http://www.hhs.gov/news/facts/privacy2007.html (No longer available at this URL) Available here.
Health Information Privacy. Links to HIPAA related items including information about the Patient Safety and Quality Improvement Act of 2005.
http://www.hhs.gov/ocr/privacy/index.html
Schmeida, M. (October 10, 2005). Legislative: "Health Insurance Portability and Accountability Act of 1996: Just an Incremental Step in Reshaping Government." Online Journal of Issues in Nursing.
http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/
OJIN/Columns/Legislative/1996InsurancePortabilityAccountabilityAct.aspx
Fact Sheet about the The Health Insurance Portability And Accountability Act (HIPAA) from the US Department of Labor.
http://www.dol.gov/ebsa/newsroom/fshipaa.html
National Provider Identifier. A thorough discussion of this requirement from HIPAA.
http://en.wikipedia.org/wiki/National_Provider_Identifier
HITECH (Health Information Technology for Economic and Clinical Health Act)
Components of the HITECH Act
http://www.hipaasurvivalguide.com/hitech-act-text.php
HITECH Act Enforcement Interim Final Rule.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/
hitechenforcementifr.html
About the HITECH Act
http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/
hitechenforcementifr.html
Medication Reconciliation
Medications at Transitions and Clinical Handoffs (MATCH) Toolkit for Medication Reconciliation from the agency for Healthcare Research and Quality. http://www.ahrq.gov/qual/match/
Barnsteiner, Jane H. Medication Reconciliation (Chapter 38) (2008) From the Patient Safety and Quality: An Evidence-Based Handbook for Nurses.
http://www.ncbi.nlm.nih.gov/books/NBK2648/
Password Protection
This site provides much information about password strategies. These are strategies that allow you to use your brain and simple notes as the only storage medium for all your password needs. Also includes information about Facebook Security.
http://www.healthypasswords.com/
How to Pick a Safe Password. Good strategies.
http://www.wolfram.org/writing/howto/password.html
Check the strength of the password using an online tool such as https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link
National Strategy for Trusted Identifies in Cyberspace. Are there ways out of the password morass?
http://www.nist.gov/nstic/
Public Health Information Network
Public Health Information Network. Updated information from CDC whose responsibility the PHIN is.
http://www.cdc.gov/phin/
Loonsk, John W.; McGarvey, Sunanda R.; Conn, Laura A. & Johnson, Jennifer (2006). The Public Health Information Network (PHIN) Preparedness Initiative. Journal of the American Medical Informatics Association 13(1). Good description of the PHIN.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1380188/
Public Health Information Network. Basic description of this CDC entity.
http://en.wikipedia.org/wiki/Public_Health_Information_Network
Spear Phishing
Spear Phishers:
Angling to Steal Your Financial Info From the FBI
http://www.fbi.gov/news/stories/2009/april/spearphishing_040109/
What is spear phishing? A good definition.
http://searchsecurity.techtarget.com/definition/spear-phishing
RFID (Radio Frequency Identifier)
Radio Frequency Identifier. Easily understood definition.
http://www.webopedia.com/TERM/R/RFID.html
King, Tom. What Is Radio Frequency Identification? A very easily read and understood description.
http://www.ehow.com/about_5479243_radio-frequency-identification.html
Nguyen, Andrew (2009). The Potential Implementation of Radio-Frequency Identification Technology for Personal Health Examination and Monitoring. McGill Journal of Medicine 12(2), 67-72.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2997241/
Stark Rules
Hofstra, Patricia & Bilimoria, Neville The New Stark Rules: What Does Stark II, Phase III Mean for Healthcare Providers? A review of the basic Stark prohibitions and an overview of Stark II Phase III.
www.duanemorris.com/articles/static/medpracmgmt0508.pdf
Stark Law Frequently Asked Questions (2011)
www.gehealthcare.com/usen/community/reimbursement/docs/FinalStarkLawTool_
2011_doc0905301.pdf
Social Engineering
Social Engineering Fundamentals, Part I: Hacker Tactics (2010 by Sarah Granger). Although written in 2001, this is still very applicable. Must reading!!! The cause of most security breaches. The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network.
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
Unintended Consequences
Also see Bar Coding in Chapter 19 and Usability in Chapter 17.
From the AHRQ a Guide to Reducing Unintended Consequences. An online resource designed to help you and your organization anticipate, avoid, and address problems that can occur when implementing and using an electronic health record (EHR). Developed with all types of health care organizations in mind — from large hospital systems to solo physician practices.
http://www.ucguide.org/
Contemporary Issues in Medical Informatics: Common Examples of Healthcare Information Technology Difficulties. Particularly interesting is the report at the first link and Panel recommends new agency.
http://www.ischool.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=IOMreport
Siegler, E. L., & Adelman, R. (2009). Copy and Paste: A Remediable Hazard of Electronic Health Records. American Journal of Medicine, 122(6), 495-496. An excellent discussion of the hazards of this practice, along with some thoughts about how to make this a safe, reliable, and contributory to patient care.
http://www.amjmed.com/article/S0002-9343%2809%2900157-0/fulltext
Unique Patient Identifiers
Should Every Patient Have a Unique ID Number for All Medical Records? Jan 23, 2012. Two articles from the Wall Street Journal, espousing different views on this topic.
http://online.wsj.com/article/SB10001424052970204124204577154661814932978.html?mod=rss_Health
Creating Unique Health ID Numbers Would Improve Health Care Quality, Efficiency, Study Claims (Oct. 22, 2008). From Science Daily. Describes benefits and reports on a RAND corporation study.
http://www.sciencedaily.com/releases/2008/10/081020120103.htm
Unique Health Identifier for Individuals. A White Paper from US HEW that examines the need for a unique patient health identifier. Is required by HIPAA, but is on hold. Although old, this is background information.
http://www.epic.org/privacy/medical/hhs-id-798.html
Part Three: Unique Patient Identifier. Makes an excellent case for this.
http://www.ncvhs.hhs.gov/app3.htm
Unique Patient Identification Numbers, Electronic Heath Records (EHR), Electronic Medical Records (EMR), and Social Security Numbers (SSN). From the Information Technology Forum.
http://information-technology-forum.blogspot.com/2009/11/electronic-heath-records-ehr-electronic.html
Fried, Bruce Merlin. (2003). Unique Patient Identification Numbers: Threat To Privacy or Boon For Safety?
http://www.ihealthbeat.org/Perspectives/2004/Unique-Patient-Identification-Numbers-Threat-To-Privacy-or-Boon-For-Safety.aspx#ixzz1kaaZFMbu
Alliance Pushes Voluntary Patient ID. The National Alliance for Health Information Technology, an industry advocacy group, is calling for a voluntary national health identifier system.
http://www.healthdatamanagement.com/news/identifier25354-1.html
Kumekawa, Joanne, (2001). Health Information Privacy Protection: Crisis or Common Sense? Online Journal of Issues in Nursing.
http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/
OJIN/TableofContents/Volume62001/No3Sept01/PrivacyProtectionCrisis.aspx
Workflow
Workflow Analysis
Redesign Workflows to Optimize Benefits (2006, Mar/Apr). Although focuses in CPOE, this article presents situations that need to be considered.
http://www.psqh.com/marapr06/cpoe.html
Workflow analysis: EHR Deployment Techniques
www.chcf.org/~/media/MEDIA%20LIBRARY%20Files/PDF/W/PDF%20WorkflowAnalysis
EHRDeploymentTechniques.pdf
Workflow Assessment Tool. A great site for learning about workflow assessment.
http://healthit.ahrq.gov/portal/server.pt/community/health_it_tools_and
_resources/919/workflow_assessment_for_health_it_toolkit/27865
Workflow Redesign
Redesign Workflows to Optimize Benefits (2006, Mar/Apr). Although focuses in CPOE, this article presents situations that need to be considered.
http://www.psqh.com/marapr06/cpoe.html
Websites from the Text in Chapter 20
Adoption data for the United States and Canada http://www.himssanalytics.org
Healthcare providers: EMR Adoption model. http://www.himssanalytics.org/hc_providers/index.asp
Lessons from Katrina are available online at
http://www.markle.org/publications/894-lessons-katrinahealth
Antiphishing Working Group http://www.antiphishing.org
Websites from the Reference List in Chapter 20
Activewave Inc. (2009). RFID solutions for hospitals. Retrieved
October 29, 2010, from http://www.activewaveinc.com/applications_hospitals.php
Agency for Healthcare Research and Quality. (2001). Reducing and preventing adverse drug events to decrease hospital costs. Research in Action, (1). Retrieved from http://www.ahrq.gov/qual/aderia/aderia.htm
American Electronic Association. (2005, December). RFID 101: Benefits of the next big little thing. AeA Competitiveness Series, 5, 1–4. Retrieved from http://www.techamerica.org/content/wp-content/uploads/2009/07/aea_cs_rfid_101.pdf
Anderson, N. (2007, May 13). Voice biometrics: Coming to a security system near you. Retrieved October 29, 2010, from
http://arstechnica.com/security/news/2007/05/voice-biometrics-come-of-age.ars
Biometric Newsportal.com. (n.d.). Retina biometrics. Retrieved October 29, 2010, from http://www.biometricnewsportal.com/retina_biometrics.asp
Birkmeyer, J. D., & Dimick, J. B. (2004). The Leapfrog Group'S patient safety practices, 2003: The potential benefits of universal adoption. Retrieved October 20, 2010, from http://www.leapfroggroup.org/media/file/Leapfrog-Birkmeyer.pdf
Centers for Disease Control and Prevention. (n.d.-a). National electronic disease surveillance system. Retrieved October 28, 2010, from http://www.cdc.gov/nedss (No longer available at this URL)Instead can be found at http://www.cdc.gov/phin/tools/NEDSS/index.html
Centers for Disease Control and Prevention. (n.d.-b). Public Health Information Network – About PHIN. Retrieved October 29, 2010, from http://www.cdc.gov/phin/about.html (No longer available at this URL)Instead can be found at http://www.cdc.gov/phin/about/index.html
Centers for Medicare & Medicaid Services. (2010a, July 19). Overview HIPAA – General information. Retrieved October 29, 2010, from http://www.cms.gov/HIPAAGenInfo/01_Overview.asp
Centers for Medicare & Medicaid Services. (2010b, August 31). Overview national provider identifier standard. Retrieved October 29, 2010, from http://www.cms.gov/NationalProvIdentStand/
Centers for Medicare & Medicaid Services. (2010c, September 9). Physician self-referral. Retrieved October 20, 2010, from http://www.cms.gov/PhysicianSelfReferral/
Centers for Disease Control and Prevention. (2011, April 1). Division of Preparedness and Emerging Infections (DPEI). Retrieved September 1, 2011, from http://www.cdc.gov/ncezid/dpei/
Conrad, D. A., & Gardner, M. (2005, May 2). Updated economic implications of the Leapfrog Group patient safety standards: Final report to the Leapfrog Group. Retrieved October 20,
2010, from http://www.leapfroggroup.org/media/file/Conrad_Updated_Economic_Implications_2_.pdf
Dunker, M. (2003, November 20). Don’t blink: Iris recognition for biometric identification. Retrieved October 29, 2010, from http://www.sans.org/reading_room/whitepapers/authentication/dont-blink-iris-recognition-biometric-identification_1341
Frequently asked questions about electronic health records and health information networks. (2010, October 7). Retrieved October 21, 2010, from http://healthit.hhs.gov/portal/server.pt/document/873991/cee_tool_press_faqs_doc
Gross, G. (2005, October 26). United States to require RFID chips in passports. PC World. Retrieved from http://www.pcworld.com/article/123246/united_states_to_require_rfid_chips_in_passports.html
HIMSS Analytics. (2009). U.S. EMR Adoption Models trends. Retrieved October 20, 2010, from http://www.himssanalytics.org/docs/HA_EMRAM_Overview_ENG.pdf
Kibbe, D. C., & Mongiardo, D. (2010, October 7). Health information security & privacy toolkit. Retrieved October 20, 2010, from http://healthit.hhs.gov/portal/server.pt/document/872346/pet_1_tool_faq_script508_pdf
Markle Foundation, American Medical Association, & Gold
Standard. (2006, June 13). Lessons from Katrina Health.
Retrieved October 29, 2010, from http://katrinahealth.org/katrinahealth.final.pdf
(No longer available at this URL)Instead find at
http://www.markle.org/publications/894-lessons-katrinahealth
Microsoft. (2005, December 9). What is spear phishing? Retrieved October 29, 2010, from http://www.microsoft.com/canada/athome/security/email/spear_phishing.mspx (No longer available at this URL)Instead find at http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
Nudd, T., & Lee, K. (2007, December 4). Dennis & Kimberly Quaid sue drug company. People. Retrieved from http://www.people.com/people/article/0,,20164211,00.html
Positive ID. (n.d.). PositiveID – Identity theft, credit monitoring, implantable microchip, electronic health records. Retrieved October 29, 2010, from http://www.positiveidcorp.com/health-id.html (No longer available at this URL)
RFID Journal. (2010). Frequently asked questions. Retrieved October 29, 2010, from http://www.rfidjournal.com/faq/20
SearchSecurity.com. (2010, September 10). Spear Phishing. Retrieved October 29, 2010, from http://searchsecurity.techtarget.com/sDefinition/0,sid14_gci1134829,00.html
Sullivan, L. (2005, July 19). RFID system prevented a possible infant abduction. Information Week. Retrieved from http://www.informationweek.com/news/mobility/RFID/showArticle.jhtml?articleID=166400496 Now at http://www.informationweek.com/news/166400496
Supply Insight Inc. (2006, April 20). RFID in patient tracking. Retrieved October 29, 2010, from http://www.supplyinsight.com/RFID_in_Patient_Tracking.htm
The Joint Commission. (2010). 2010 Joint Commission national patient safety goals. Retrieved October 28, 2010, from http://www.patientsafety.gov/TIPS/Docs/TIPS_JanFeb10Poster.pdf
Created January 26, 2012