• Book and Website
  • About the Book
  • About the Website
  • Jeanne P. Sewell
  • Linda Q. Thede
• Information to Supplement the Text
  • Author Additions
  • Websites that Expand on the Chapter
• Websites In This Chapter
  • Within the Text
  • From the Reference List
• Read Jeanne's Blog

 

 

Electronic Healthcare Systems Issues

Author Additions to Chapter 20

A Security Audit

Websites that Expand on Chapter 20's Knowledge

• Biometrics
• Clinical Decision Support
• Data Security
• Deidentified Data
• Digital Signatures
• Disaster Planning
• Encryption Explained (off site)
• HIPAA (Health Information Portability Accountability Act)
• HITECH (Health Information Technology for Economic and Clinical Health Act)
• Interoperability (Chapter 15)
• Meaningful Use (Chapter 18)
• Medication Reconciliation
• Passwords
• Phishing (Chapter 5 - safe computing)
• Spear Phishing
• Public Health Information Network
• RFID (Radio Frequency Identifier)
• Social Engineering (the art of conning you to part with protected knowledge)
• Stark Rules
• Unintended Consequences
• Unique Patient Identifiers
• Workflow
  • Workflow Analysis
  • Workflow Redesign

Biometrics

Iris Recognition (2005, August 7). Excellent description of this technology.
http://www.biometrics.gov/Documents/IrisRec.pdf

Biometrics Reference Room. An excellent source with links to a glossary and other references.
http://www.biometrics.gov/

Clinical Decision Support

Berner, E. (2002) Ethical and Legal Issues in the Use of Clinical Decision Support Systems. Journal of Healthcare Information Management 16(4). [Electronic Version]
http://www.himss.org/content/files/jhim/16-4/Section%2012%20-%20Focus2.pdf

Bright, T. J., A. Wong, et al. (2012). "Effect of Clinical Decision-Support Systems: A Systematic Review." Annals of Internal Medicine. Excellent article that is freely available.
http://www.annals.org/content/early/2012/04/20/0003-4819-157-1-201207030-00450.long

Clinical Decision Support Systems. Definitions and description of functions and descriptions of various types. Excellent resource.
http://www.openclinical.org/dss.html

Engelmore, R. S. & Feigenbaum, E. (1993). Expert systems and artificial intelligence. An introduction to these two topics written in easily understood language. This may be old, but it presents the basics of any decision system.
http://www.wtec.org/loyola/kb/c1_s1.htm

Introduction to Expert Systems. A simple tutorial explaining expert systems using an example of a person seeking advice when a car won't start. Although the example is an auto mechanic helping someone on the phone, it illustrates well how a well designed CDS will work. Note information about the level of confidence. These are becoming more and more important to nursing as meaningful use moves forward. The "rule" derived is often called an algorithm and is the basis for search engines.
http://www.expertise2go.com/webesie/tutorials/ESIntro/

Data Security

This page from the Electronic Privacy Information Center provides updated information on laws and court cases regarding Medical Record Privacy.
http://epic.org/privacy/medical/

Kumekawa, Joanne K. (September 30, 2001). "Health Information Privacy Protection: Crisis or Common Sense?". Online Journal of Issues in Nursing 6(3), Manuscript 2. Available: http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/
OJIN/TableofContents/Volume62001/No3Sept01/PrivacyProtectionCrisis.asp

Cutler, K. (2003). Information Security Checklist. A list of items to assess when to assure the privacy and security of data in an information system. Some information never changes - this is one of those areas.
http://www.net-security.org/article.php?id=556

Dickey, Susan B. (2007, October 4) Silence is Not Enough: Maintaining Confidentiality in an Electronic World. Online Journal of Issues in Nursing.
http://ana.nursingworld.org/MainMenuCategories/EthicsStandards/Resources/
IssuesUpdate/UpdateArchive/IssuesUpdateSpring2002/MaintainingConfidentialityinan
ElectronicWorld.aspx

Deidentified Data (Secondary Data Use is in Chapter 9)

Automated de-identification of free-text medical records (2008). Deidentifying data is an important step in using the wealth of information in electronic health records to improve health care. Full text of article in BioMed Central.
http://www.biomedcentral.com/1472-6947/8/32

HIPAA rules about when data can be considered deidentified.
http://privacy.med.miami.edu/glossary/xd_deidentified_health_info.htm

De-identified Health Information (HIPAA)
http://privacy.med.miami.edu/glossary/xd_deidentified_health_info.htm

Rothstein, Mark A. Is Deidentification Sufficient to Protect Health Privacy in Research?
Mark A. (2010). American Journal of Bioethics. 2010 September; 10(9): 3–11.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3032399/

Digital Signatures

Youd, David. What is a Digital Signature? A very simplified description of a digital signature.
http://www.youdzone.com/signature.html

What is a digital signature? An easily understood description.
http://searchsecurity.techtarget.com/definition/digital-signature

What is a digital signature? An overview of the various methods.
http://computer.howstuffworks.com/digital-signature.htm

Disaster Planning

Association of Academic Health Centers. Brief Guide for Academic Health Center Disaster Preparedness and Response. An 8 page booklet in the form of many bullet points, discusses all aspects, not just records.
http://www.aahcdc.org/policy/reports/emergency_preparedness_05_06.pdf

Practice Brief: Disaster Planning for Health Information. Excellent article from AHIMA complete with check list.
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048638.hcsp?
dDocName=bok1_048638

Preparedness Planning for Home Health Care Providers. An area that nurses can help patients with.
http://www.dhs.gov/files/programs/gc_1221055966370.shtm

Burrington-Brown, Jill. Practical Planing for Healthcare Facilities. Another helpful source from AHIMA.
http://library.ahima.org/xpedio/idcplg?IdcService=GET_HIGHLIGHT_INFO&QueryTex
t=%28xCategory+%3Csubstring%3E+%60Disaster+Planning%60++%3CAND%3E++xSubject
+%3Csubstring%3E+%60Disaster+recovery%60++%3CAND%3E++xPublishSite+%3Cmatches
%3E+%60BoK%60%29&SortField=xAuthor&SortOrder=Asc&dDocName=bok1_010646&
HighlightType=HtmlHighlight&dWebExtension=hcsp

HIPAA (Health Information Portability Accountability Act)

Analysis of Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules January 25, 2013.
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050067.pdf

HIPAA Final Rule: More on Breach Notification Rule Changes
http://www.hipaa.com/2013/01/hipaa-final-rule-more-on-breach-notification-rule-changes/

HIPAA Security Guide. Provides information to reinforce some of the ways a covered entity may protect information when it is accessed or used outside of the organization’s physical system.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf

U.S. Department Health and Human Services. (2007, March 12). Protecting the Privacy of Patients' Health Information. Plain English description of HIPAA.
http://www.hhs.gov/news/facts/privacy2007.html (No longer available at this URL) Available here.

Health Information Privacy. Links to HIPAA related items including information about the Patient Safety and Quality Improvement Act of 2005.
http://www.hhs.gov/ocr/privacy/index.html

Schmeida, M. (October 10, 2005). Legislative: "Health Insurance Portability and Accountability Act of 1996: Just an Incremental Step in Reshaping Government." Online Journal of Issues in Nursing.
http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/
OJIN/Columns/Legislative/1996InsurancePortabilityAccountabilityAct.aspx

Fact Sheet about the The Health Insurance Portability And Accountability Act (HIPAA) from the US Department of Labor.
http://www.dol.gov/ebsa/newsroom/fshipaa.html

National Provider Identifier. A thorough discussion of this requirement from HIPAA.
http://en.wikipedia.org/wiki/National_Provider_Identifier

HITECH (Health Information Technology for Economic and Clinical Health Act)

Components of the HITECH Act
http://www.hipaasurvivalguide.com/hitech-act-text.php

HITECH Act Enforcement Interim Final Rule.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/
hitechenforcementifr.html

About the HITECH Act
http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/
hitechenforcementifr.html

Medication Reconciliation

Medications at Transitions and Clinical Handoffs (MATCH) Toolkit for Medication Reconciliation from the agency for Healthcare Research and Quality. http://www.ahrq.gov/qual/match/

Barnsteiner, Jane H. Medication Reconciliation (Chapter 38) (2008) From the Patient Safety and Quality: An Evidence-Based Handbook for Nurses.
http://www.ncbi.nlm.nih.gov/books/NBK2648/

Password Protection

This site provides much information about password strategies. These are strategies that allow you to use your brain and simple notes as the only storage medium for all your password needs. Also includes information about Facebook Security.
http://www.healthypasswords.com/

How to Pick a Safe Password. Good strategies.
http://www.wolfram.org/writing/howto/password.html

Check the strength of the password using an online tool such as https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link

National Strategy for Trusted Identifies in Cyberspace. Are there ways out of the password morass?
http://www.nist.gov/nstic/

Public Health Information Network

Public Health Information Network. Updated information from CDC whose responsibility the PHIN is.
http://www.cdc.gov/phin/

Loonsk, John W.; McGarvey, Sunanda R.; Conn, Laura A. & Johnson, Jennifer (2006). The Public Health Information Network (PHIN) Preparedness Initiative. Journal of the American Medical Informatics Association 13(1). Good description of the PHIN.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1380188/

Public Health Information Network. Basic description of this CDC entity.
http://en.wikipedia.org/wiki/Public_Health_Information_Network

Spear Phishing

Spear Phishers: Angling to Steal Your Financial Info From the FBI
http://www.fbi.gov/news/stories/2009/april/spearphishing_040109/

What is spear phishing? A good definition.
http://searchsecurity.techtarget.com/definition/spear-phishing

 

RFID (Radio Frequency Identifier)

Radio Frequency Identifier. Easily understood definition.
http://www.webopedia.com/TERM/R/RFID.html

King, Tom. What Is Radio Frequency Identification? A very easily read and understood description.
http://www.ehow.com/about_5479243_radio-frequency-identification.html

Nguyen, Andrew (2009). The Potential Implementation of Radio-Frequency Identification Technology for Personal Health Examination and Monitoring. McGill Journal of Medicine 12(2), 67-72.
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2997241/

Stark Rules

Hofstra, Patricia & Bilimoria, Neville The New Stark Rules: What Does Stark II, Phase III Mean for Healthcare Providers? A review of the basic Stark prohibitions and an overview of Stark II Phase III.
www.duanemorris.com/articles/static/medpracmgmt0508.pdf

Stark Law Frequently Asked Questions (2011)
www.gehealthcare.com/usen/community/reimbursement/docs/FinalStarkLawTool_
2011_doc0905301.pdf

Social Engineering

Social Engineering Fundamentals, Part I: Hacker Tactics (2010 by Sarah Granger). Although written in 2001, this is still very applicable. Must reading!!! The cause of most security breaches. The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network.
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics

Unintended Consequences

Also see Bar Coding in Chapter 19 and Usability in Chapter 17.

From the AHRQ a Guide to Reducing Unintended Consequences. An online resource designed to help you and your organization anticipate, avoid, and address problems that can occur when implementing and using an electronic health record (EHR). Developed with all types of health care organizations in mind — from large hospital systems to solo physician practices.
http://www.ucguide.org/

Contemporary Issues in Medical Informatics: Common Examples of Healthcare Information Technology Difficulties. Particularly interesting is the report at the first link and Panel recommends new agency.
http://www.ischool.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=IOMreport

Siegler, E. L., & Adelman, R. (2009). Copy and Paste: A Remediable Hazard of Electronic Health Records. American Journal of Medicine, 122(6), 495-496. An excellent discussion of the hazards of this practice, along with some thoughts about how to make this a safe, reliable, and contributory to patient care.
http://www.amjmed.com/article/S0002-9343%2809%2900157-0/fulltext

Unique Patient Identifiers

Should Every Patient Have a Unique ID Number for All Medical Records? Jan 23, 2012. Two articles from the Wall Street Journal, espousing different views on this topic.
http://online.wsj.com/article/SB10001424052970204124204577154661814932978.html?mod=rss_Health

Creating Unique Health ID Numbers Would Improve Health Care Quality, Efficiency, Study Claims (Oct. 22, 2008). From Science Daily. Describes benefits and reports on a RAND corporation study.
http://www.sciencedaily.com/releases/2008/10/081020120103.htm

Unique Health Identifier for Individuals. A White Paper from US HEW that examines the need for a unique patient health identifier. Is required by HIPAA, but is on hold. Although old, this is background information.
http://www.epic.org/privacy/medical/hhs-id-798.html

Part Three: Unique Patient Identifier. Makes an excellent case for this.
http://www.ncvhs.hhs.gov/app3.htm

Unique Patient Identification Numbers, Electronic Heath Records (EHR), Electronic Medical Records (EMR), and Social Security Numbers (SSN). From the Information Technology Forum.
http://information-technology-forum.blogspot.com/2009/11/electronic-heath-records-ehr-electronic.html

Fried, Bruce Merlin. (2003). Unique Patient Identification Numbers: Threat To Privacy or Boon For Safety?
http://www.ihealthbeat.org/Perspectives/2004/Unique-Patient-Identification-Numbers-Threat-To-Privacy-or-Boon-For-Safety.aspx#ixzz1kaaZFMbu

Alliance Pushes Voluntary Patient ID. The National Alliance for Health Information Technology, an industry advocacy group, is calling for a voluntary national health identifier system.
http://www.healthdatamanagement.com/news/identifier25354-1.html

Kumekawa, Joanne, (2001). Health Information Privacy Protection: Crisis or Common Sense? Online Journal of Issues in Nursing.
http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/ OJIN/TableofContents/Volume62001/No3Sept01/PrivacyProtectionCrisis.aspx

Workflow

Workflow Analysis

Redesign Workflows to Optimize Benefits (2006, Mar/Apr). Although focuses in CPOE, this article presents situations that need to be considered.
http://www.psqh.com/marapr06/cpoe.html

Workflow analysis: EHR Deployment Techniques
www.chcf.org/~/media/MEDIA%20LIBRARY%20Files/PDF/W/PDF%20WorkflowAnalysis
EHRDeploymentTechniques.pdf

Workflow Assessment Tool. A great site for learning about workflow assessment.
http://healthit.ahrq.gov/portal/server.pt/community/health_it_tools_and
_resources/919/workflow_assessment_for_health_it_toolkit/27865

Workflow Redesign

Redesign Workflows to Optimize Benefits (2006, Mar/Apr). Although focuses in CPOE, this article presents situations that need to be considered.
http://www.psqh.com/marapr06/cpoe.html

Websites from the Text in Chapter 20

Adoption data for the United States and Canada http://www.himssanalytics.org

Healthcare providers: EMR Adoption model. http://www.himssanalytics.org/hc_providers/index.asp

Lessons from Katrina are available online at
http://www.markle.org/publications/894-lessons-katrinahealth

Antiphishing Working Group http://www.antiphishing.org

Websites from the Reference List in Chapter 20

Activewave Inc. (2009). RFID solutions for hospitals. Retrieved
October 29, 2010, from http://www.activewaveinc.com/applications_hospitals.php

Agency for Healthcare Research and Quality. (2001). Reducing and preventing adverse drug events to decrease hospital costs. Research in Action, (1). Retrieved from http://www.ahrq.gov/qual/aderia/aderia.htm

American Electronic Association. (2005, December). RFID 101: Benefits of the next big little thing. AeA Competitiveness Series, 5, 1–4. Retrieved from http://www.techamerica.org/content/wp-content/uploads/2009/07/aea_cs_rfid_101.pdf

Anderson, N. (2007, May 13). Voice biometrics: Coming to a security system near you. Retrieved October 29, 2010, from
http://arstechnica.com/security/news/2007/05/voice-biometrics-come-of-age.ars

Biometric Newsportal.com. (n.d.). Retina biometrics. Retrieved October 29, 2010, from http://www.biometricnewsportal.com/retina_biometrics.asp

Birkmeyer, J. D., & Dimick, J. B. (2004). The Leapfrog Group'S patient safety practices, 2003: The potential benefits of universal adoption. Retrieved October 20, 2010, from http://www.leapfroggroup.org/media/file/Leapfrog-Birkmeyer.pdf

Centers for Disease Control and Prevention. (n.d.-a). National electronic disease surveillance system. Retrieved October 28, 2010, from http://www.cdc.gov/nedss (No longer available at this URL)Instead can be found at http://www.cdc.gov/phin/tools/NEDSS/index.html

Centers for Disease Control and Prevention. (n.d.-b). Public Health Information Network – About PHIN. Retrieved October 29, 2010, from http://www.cdc.gov/phin/about.html (No longer available at this URL)Instead can be found at http://www.cdc.gov/phin/about/index.html

Centers for Medicare & Medicaid Services. (2010a, July 19). Overview HIPAA – General information. Retrieved October 29, 2010, from http://www.cms.gov/HIPAAGenInfo/01_Overview.asp

Centers for Medicare & Medicaid Services. (2010b, August 31). Overview national provider identifier standard. Retrieved October 29, 2010, from http://www.cms.gov/NationalProvIdentStand/

Centers for Medicare & Medicaid Services. (2010c, September 9). Physician self-referral. Retrieved October 20, 2010, from http://www.cms.gov/PhysicianSelfReferral/

Centers for Disease Control and Prevention. (2011, April 1). Division of Preparedness and Emerging Infections (DPEI).  Retrieved September 1, 2011, from http://www.cdc.gov/ncezid/dpei/

Conrad, D. A., & Gardner, M. (2005, May 2). Updated economic implications of the Leapfrog Group patient safety standards: Final report to the Leapfrog Group. Retrieved October 20,
2010, from http://www.leapfroggroup.org/media/file/Conrad_Updated_Economic_Implications_2_.pdf

Dunker, M. (2003, November 20). Don’t blink: Iris recognition for biometric identification. Retrieved October 29, 2010, from http://www.sans.org/reading_room/whitepapers/authentication/dont-blink-iris-recognition-biometric-identification_1341

Frequently asked questions about electronic health records and health information networks. (2010, October 7). Retrieved October 21, 2010, from http://healthit.hhs.gov/portal/server.pt/document/873991/cee_tool_press_faqs_doc

Gross, G. (2005, October 26). United States to require RFID chips in passports. PC World. Retrieved from http://www.pcworld.com/article/123246/united_states_to_require_rfid_chips_in_passports.html

HIMSS Analytics. (2009). U.S. EMR Adoption Models trends. Retrieved October 20, 2010, from http://www.himssanalytics.org/docs/HA_EMRAM_Overview_ENG.pdf

Kibbe, D. C., & Mongiardo, D. (2010, October 7). Health information security & privacy toolkit. Retrieved October 20, 2010, from http://healthit.hhs.gov/portal/server.pt/document/872346/pet_1_tool_faq_script508_pdf

Markle Foundation, American Medical Association, & Gold Standard. (2006, June 13). Lessons from Katrina Health. Retrieved October 29, 2010, from http://katrinahealth.org/katrinahealth.final.pdf (No longer available at this URL)Instead find at
http://www.markle.org/publications/894-lessons-katrinahealth

Microsoft. (2005, December 9). What is spear phishing? Retrieved October 29, 2010, from http://www.microsoft.com/canada/athome/security/email/spear_phishing.mspx (No longer available at this URL)Instead find at http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Nudd, T., & Lee, K. (2007, December 4). Dennis & Kimberly Quaid sue drug company. People. Retrieved from http://www.people.com/people/article/0,,20164211,00.html

Positive ID. (n.d.). PositiveID – Identity theft, credit monitoring, implantable microchip, electronic health records. Retrieved October 29, 2010, from http://www.positiveidcorp.com/health-id.html (No longer available at this URL)

RFID Journal. (2010). Frequently asked questions. Retrieved October 29, 2010, from http://www.rfidjournal.com/faq/20

SearchSecurity.com. (2010, September 10). Spear Phishing. Retrieved October 29, 2010, from http://searchsecurity.techtarget.com/sDefinition/0,sid14_gci1134829,00.html

Sullivan, L. (2005, July 19). RFID system prevented a possible infant abduction. Information Week. Retrieved from http://www.informationweek.com/news/mobility/RFID/showArticle.jhtml?articleID=166400496 Now at http://www.informationweek.com/news/166400496

Supply Insight Inc. (2006, April 20). RFID in patient tracking. Retrieved October 29, 2010, from http://www.supplyinsight.com/RFID_in_Patient_Tracking.htm

The Joint Commission. (2010). 2010 Joint Commission national patient safety goals. Retrieved October 28, 2010, from http://www.patientsafety.gov/TIPS/Docs/TIPS_JanFeb10Poster.pdf

Created January 26, 2012