SlideShare a Scribd company logo

Chapter 9 Patient Safety, Quality and ValueHarry Burke MD P.docx

Download as DOCX, PDF
M
mccormicknadine86

Chapter 9: Patient Safety, Quality and Value Harry Burke MD PhD Learning Objectives After reviewing the presentation, viewers should be able to: Define safety, quality, near miss, and unsafe action List the safety and quality factors that justified the clinical implementation of electronic health record systems Discuss three reasons why the electronic health record is central to safety, quality, and value List three issues that clinicians have with the current electronic health record systems and discuss how these problems affect safety and quality Describe a specific electronic patient safety measurement system and a specific electronic safety reporting system Describe two integrated clinical decision support systems and discuss how they may improve safety and quality Patient Safety-Related Definitions Safety: minimization of the risk and occurrence of patient harm events Harm: inappropriate or avoidable psychological or physical injury to patient and/or family Adverse Events: “an injury resulting from a medical intervention” Preventable Adverse Events: “errors that result in an adverse event that are preventable” Overuse: “the delivery of care of little or no value” e.g. widespread use of antibiotics for viral infections Underuse: “the failure to deliver appropriate care” e.g. vaccines or cancer screening Misuse: “the use of certain services in situations where they are not clinically indicated” e.g. MRI for routine low back pain Introduction Medical errors are unfortunately common in healthcare, in spite of sophisticated hospitals and well trained clinicians Often it is breakdowns in protocol and communication, and not individual errors Technology has potential to reduce medical errors (particularly medication errors) by: Improving communication between physicians and patients Improving clinical decision support Decreasing diagnostic errors Unfortunately, technology also has the potential to create unique new errors that cause harm Medical Errors Errors can be related to diagnosis, treatment and preventive care. Furthermore, medical errors can be errors of commission or omission and fortunately not all errors result in an injury and not all medical errors are preventable Most common outpatient errors: Prescribing medications Getting the correct laboratory test for the correct patient at the correct time Filing system errors Dispensing medications and responding to abnormal test results 5 While many would argue that treatment errors are the most common category of medical errors, diagnostic errors accounted for the largest percentage of malpractice claims, surpassing treatment errors in one study Diagnostic errors can result from missed, wrong or delayed diagnoses and are more likely in the outpatient setting. This is somewhat surprising given the fact that US physicians tend to practice “defensive medicine” Over-diagnosis may also cause medical errors but this has been less ...

Education
1 of 39
Chapter 9: Patient Safety, Quality and Value Harry Burke MD PhD Learning Objectives After reviewing the presentation, viewers should be able to: Define safety, quality, near miss, and unsafe action List the safety and quality factors that justified the clinical implementation of electronic health record systems Discuss three reasons why the electronic health record is central to safety, quality, and value List three issues that clinicians have with the current electronic health record systems and discuss how these problems affect safety and quality Describe a specific electronic patient safety measurement system and a specific electronic safety reporting system Describe two integrated clinical decision support systems and discuss how they may improve safety and quality
Patient Safety-Related Definitions Safety: minimization of the risk and occurrence of patient harm events Harm: inappropriate or avoidable psychological or physical injury to patient and/or family Adverse Events: “an injury resulting from a medical intervention” Preventable Adverse Events: “errors that result in an adverse event that are preventable” Overuse: “the delivery of care of little or no value” e.g. widespread use of antibiotics for viral infections Underuse: “the failure to deliver appropriate care” e.g. vaccines or cancer screening Misuse: “the use of certain services in situations where they are not clinically indicated” e.g. MRI for routine low back pain
Introduction Medical errors are unfortunately common in healthcare, in spite of sophisticated hospitals and well trained clinicians Often it is breakdowns in protocol and communication, and not individual errors Technology has potential to reduce medical errors (particularly medication errors) by: Improving communication between physicians and patients Improving clinical decision support Decreasing diagnostic errors Unfortunately, technology also has the potential to create unique new errors that cause harm Medical Errors Errors can be related to diagnosis, treatment and preventive care. Furthermore, medical errors can be errors of commission or omission and fortunately not all errors result in an injury and not all medical errors are preventable Most common outpatient errors: Prescribing medications Getting the correct laboratory test for the correct patient at the correct time Filing system errors Dispensing medications and responding to abnormal test results
5 While many would argue that treatment errors are the most common category of medical errors, diagnostic errors accounted for the largest percentage of malpractice claims, surpassing treatment errors in one study Diagnostic errors can result from missed, wrong or delayed diagnoses and are more likely in the outpatient setting. This is somewhat surprising given the fact that US physicians tend to practice “defensive medicine” Over-diagnosis may also cause medical errors but this has been less well studied Medical Errors Unsafe healthcare lowers quality but safe medicine is not always high quality From the National Academy of Medicine’s perspective, quality is a set of six aspirational goals: medical care should be safe, effective, timely, efficient, patient-centered, and equitable Value relates to how important something is to use Cost-effective?
Necessary? Affect morbidity, mortality or quality of life? Quality, Safety and Value Most adverse events result from unsafe actions or inactions by anyone on the healthcare team, including the patient Missed care is “any aspect of required care that is omitted either in part or in whole or delayed” Many of the above go unreported Unsafe Actions Most near-miss events are not reported. Many are not witnessed The tendency is the blame the individual, but healthcare is complex and there are often “system errors” Most safety systems are retrospective; we need to move to be proactive We need good data, such as the ratio of detected unsafe actions divided by the opportunity of an unsafe action, over a specified
time interval Reporting Unsafe Actions 9 Patient Safety Reporting System: event is recorded and if it is a sentinel event, it is investigated. Most systems are not integrated with the EHR Root Cause Analysis: common approach to determine the cause of an adverse event. This has limitations HEDIS measures can help track quality issues Patient Safety Systems Current reimbursement models mandate quality measures, e.g. Medicare Patient Safety Monitoring System, now operated by AHRQ. The new system is known as the Quality and Safety Review System. Still labor intensive and manual Global Trigger Tool: evaluates hospital safety. Said to detect 90% of adverse events. Select 10 discharge records and two
reviewers review the chart for any of the 53 “triggers” Patient Safety Systems Paper records have multiple disadvantages, as pointed out in the EHR chapter Expectations have been very high regarding the EHR’s impact on safety, quality and value Unfortunately, results have been mixed and there has not been a prospective study conducted to prove the EHR’s benefit towards safety and quality Using the EHR to Improve Safety, Quality and Value High expectations that CDS that is part of EHRs will improve safety As per multiple chapters in the textbook, CDS has mixed reviews, in terms of safety and quality
Adverse events regarding CDS, includes ”alert fatigue” The FDA will regulate software that is related to treatment and decision making Clinical Decision Support Results in altered workflow and decreased efficiency. Physicians are staying late to complete notes in the EHR In an effort to save time physicians may “cut and paste” old histories into the EHR, creating new problems EHRs may create new safety issues “e-iatrogenesis” Because of the multiple issues, it is very common to see offices and hospitals change EHRs, not always solving the problem Clinician’s Issues with EHRs Roughly 2/3 of EHR data is unstructured (free text) so it is not computable. While natural language processing (NLP) may help solve this, we are a long ways away from resolution
Multiple open source and commercial NLP programs exist but they require a great deal of time and expertise to match the results a manual chart review would produce Clinician’s Issues with EHRs Governmental Organizations Involved with Patient Safety US Federal Agencies: Department of Health and Human Services (HHS) Agency for Healthcare Research and Quality (AHRQ) Centers for Medicare and Medicaid Services (CMS) Non-reimbursable complications: (3 examples) Objects left in a patient during surgery and blood incompatibility Catheter-associated urinary tract infections Pressure ulcers (bed sores) Hospitals must assemble, analyze and trend clinical and administrative data to capture baseline data and measure improvement over time Health IT-based interventions are expected to assist
Governmental Organizations Office of the National Coordinator for HIT Learn: “Increase the quantity and quality of data and knowledge about health IT safety.” Improve: “Target resources and corrective actions to improve health IT safety and patient safety” Safety goals will be aligned with meaningful use objectives. Lead: “Promote a culture of safety related to health IT” Governmental Organizations The Food and Drug Administration MedWatch: posts drug alerts and offers online reporting area Center for Devices and Radiological Health (CDRH) Plan to regulate mobile medical applications designed for use on smartphones State Patient Safety Programs: By 2010, 27 states and the District of Columbia passed legislation or regulation related to hospital reporting of adverse events to a state agency
Meaningful Use Objectives and Potential Impact on Patient Safety Objective: Use computerized provider order entry (CPOE) for medication, laboratory, and radiology orders directly entered by any licensed healthcare professional who can enter orders into the medical record per state, local, and professional guidelines Objective: Use clinical decision support to improve performance on high-priority health conditions Meaningful Use Objectives and Potential Impact on Patient Safety Objective: Automatically track medications from order to administration using assistive technologies in conjunction with an electronic medication administration record (eMAR) Objective: Generate and transmit discharge prescriptions electronically (eRx)
Non-Governmental Organizations and Patient Safety National Patient Safety Foundation (NPSF) Goals: Identifying and creating a core body of knowledge Identifying pathways to apply the knowledge Developing and enhancing the culture of receptivity to patient safety Raising public awareness and fostering communication around patient safety National Academy of Medicine (was the Institute of Medicine or IOM) Institute of Medicine (IOM) Recommendations Congress should create a Center for Patient Safety within the Agency for Healthcare Research and Quality A nationwide reporting system for medical errors should be established Volunteer reporting should be encouraged Congress should create legislation to protect internal peer review of medical errors Performance standards and expectations by healthcare organizations should include patient safety FDA should focus more attention on drug safety Healthcare organizations and providers should make patient safety a priority goal Healthcare organizations should implement known medication
safety policies IOM Report - 2003 Patient safety must be linked to medical quality A new healthcare system must be developed that will prevent medical errors in the first place New methods must be developed to acquire, study and share error prevention among physicians, particularly at the point of care The IOM recommended specific data standards so patient safety-related information can be recorded, shared and analyzed IOM Report - 2011 Report focused exclusively on health IT and patient safety and quality Publish an “action and surveillance plan” Push health IT vendors to support the free exchange of information about health IT experiences and issues
Public and private sectors should make comparative user experiences public Health IT Safety Council should assess and monitor safe use of health IT Specify quality and risk management processes health IT vendors must adopt Establish an independent federal entity to investigate patient safety deaths, serious injuries, or potentially unsafe conditions associated with health IT Support cross-disciplinary research toward the use of health IT as part of a learning system Non-Governmental Organizations and Patient Safety The National Quality Forum The Joint Commission: Published the 2018 National Patient Safety Goals They also published an alert about the potential for HIT to create new patient safety issues LeapFrog Group HealthGrades Institute for Safe Medication Practice (IMSP)
HealthGrades 2017 Patient Safety Excellence Awards Award recognizes hospitals with the lowest occurrences of 14 preventable patient safety events, placing the hospitals in the top 10% in the nation for patient safety This organization reviews the data from inpatient Medicare and Medicaid cases each year and rates hospitals, in terms of patient safety They estimate that the top ranking hospitals represent, on average, a 43% lower risk of a patient safety adverse event compared to the lowest ranking hospitals Quality Care Finder www.hospitalcompare.hhs.gov Allows consumers to review quality metrics e.g. morbidity and mortality making decisions
Technologies with Potential to Decrease Medication Errors Computerized provider order entry (CPOE) Benefits: Improved handwriting identification Reduced time to arrive in the pharmacy Fewer errors related to similar drug names Easier to integrate with other IT systems Easier to link to drug-drug interactions More likely to identify the prescriber Available for immediate analysis Can link to clinical decision support to recommend drugs of choice Jury still out on actual reduction of serious ADEs Technologies with Potential to Decrease Medication Errors Health Information Exchange (HIE): Improve patient safety by better communication between disparate healthcare participants Automated Dispensing Cabinets (ADCs): like ATM machines for medications on a ward Home Electronic Medication Management System: home dispensing, particularly for the elderly or non-compliant patient Pharmacy Dispensing Robots: bottles are filled automatically
Electronic Medication Administration Record (eMAR): electronic record of medications that is integrated with the EHR and pharmacy Intravenous (IV) Infusion Pumps: regulate IV drug dosing accurately Bar Coding Medication Administration: the patient, drug and nurse all have a barcoded identity These must all match for the drug to be given without any alerts Bar codes are inexpensive but the software and other components are expensive Some healthcare systems have shown a significant reduction in medication administrative errors, but many of these were minor and would not have resulted in serious harm Technologies with Potential to Decrease Medication Errors Technologies with Potential to Decrease Medication Errors Medication Reconciliation
When patients transition from hospital-to-hospital, from physician-to physician or from floor-to-floor, medication errors are more likely to occur Joint Commission mandated hospitals must reconcile a list of patient medications on admission, transfer and discharge Task may be facilitated with EHR but still confusion may exist if there are multiple physicians, multiple pharmacies, poor compliance or dementia Barriers to Improving Patient Safety through Technology Organizational: health systems leadership must develop a strong “culture of safety” Financial: Cost for multiple sophisticated HIT systems is considerable Error reporting: is voluntary and inadequate and usually “after the fact”
Unintended Consequences Technology may reduce medical errors but create new ones: Medical alarm fatigue Infusion Pump errors Distractions related to mobile devices Electronic health records: data can be missing and/or incorrect, there can be typographical entry errors, and older information is sometimes copied and pasted into the current record Patient safety continues to be an ongoing problem with too many medical errors reported yearly Multiple organizations are reporting patient safety data transparently to hopefully support change There is a great expectation that HIT will improve patient quality which in turn will decrease medical errors There is some evidence that clinical decision support reduces errors, but studies overall are mixed Leadership must establish a “culture of safety” to effectively achieve improvement in patient safety Conclusions
Chapter 10: Health Information Privacy and Security John Rasmussen MBA Learning Objectives After reviewing the presentation, viewers should be able to: Explain the importance of confidentiality, integrity, and availability Describe the regulatory environment and how it drives information privacy and security programs within the health care industry Recognize the importance of data security and privacy as related to public perception, particularly regarding data breach and loss Identify different types of threat actors and their motivations Identify different types of controls used and how they are used
to protect information Describe emerging risks and how they impact the health care sector Confidentiality refers to the prevention of data loss, and is the category most easily identified with HIPAA privacy and security within healthcare environments. Usernames, passwords, and encryption are common measures implemented to ensure confidentiality Three Pillars of Data Security Availability refers to system and network accessibility, and often focuses on power loss or network connectivity outages. Loss of availability may be attributed to natural or accidental disasters such as tornados, earthquakes, hurricanes or fire, but also refer to man-made scenarios, such as a Denial of Service (DoS) attack or a malicious infection which compromises a
network and prevents system use. To counteract such issues, backup generators, continuity of operations planning and peripheral network security equipment are used to maintain availability Three Pillars of Data Security Integrity describes the trustworthiness and permanence of data, an assurance that the lab results or personal medical history of a patient is not modifiable by unauthorized entities or corrupted by a poorly designed process. Database best practices, data loss solutions, and data backup and archival tools are implemented to prevent data manipulation, corruption, or loss; thereby maintaining the integrity of patient data Three Pillars of Data Security Data must be classified to determine its risk Healthcare organizations must develop a set of controls to protect confidentiality, integrity and availability of data
One layer of defense is not likely to be adequate Healthcare organizations will need technical, administrative and physical safeguards Defense in Depth for Healthcare Administrative Safeguards Administrative Safeguards Security management processes to reduce risks and vulnerabilities Security personnel responsible for developing and implementing security policies Information access management-minimum access to perform duties Workforce training and management Background checks, drug screens, etc. for new employees Evaluation of security policies and procedures Physical Safeguards
Limit physical access to facilities Workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media Badge with photo Physical Safeguards Technical Safeguards Access control that restricts access to authorized personnel Audit controls for hardware, software, and transactions Integrity controls to ensure data is not altered or destroyed Transmission security to protect against unauthorized access to data transmitted on networks and via email Unique usernames and passwords, encrypted software, anti- virus software, secure email, firewalls, etc. Technical Safeguards
Healthcare Regulatory Environment Health Insurance Portability & Accountability Act (HIPAA - 1996) Laid ground work for privacy and security measures in healthcare . Initial intent was to cover patients who switched physicians or insurers (portability) Next important Act was the American Recovery and Reinvestment Act (ARRA - 2209) & HITECH Act that imposed new requirements for breach notification and stiffer penalties Health Plans: Health insurers, HMOs, Company health plans, Government programs such as Medicare and Medicaid Health Care Providers who conduct business electronically: Most doctors, Clinics, Hospitals, Psychologists, Chiropractors, Nursing homes, Pharmacies, Dentists Health care clearinghouses Covered Entities or Those Who Must Follow HIPAA Privacy Rule
Request and receive a copy of their health records Request an amendment to their health record Receive a notice that discusses how health information may be used and shared, the Notice of Privacy Practices Request a restriction on the use and disclosure of their health information Receive a copy of their “accounting of disclosures” Restrict disclosure of the health information to an insurer if the encounter is paid for out of pocket File a complaint with a provider, health insurer, and/or the U.S. Government if patient rights are being denied or health information is not being protected. Covered Entities: Patient Rights Life insurers Employers Workers compensation carriers Many schools and school districts Many state agencies like child protective service agencies Many law enforcement agencies Many municipal offices
Organizations That Do Not Need To Follow HIPAA Privacy Rule Individually identifiable health information: Information created by a covered entity And “relates to the past, present, or future physical or mental health or condition of an individual” Or identifies the individual or there is a reasonable basis to believe that the individual can be identified from the information. Protected Health Information (PHI) HIPAA Protections apply to all personal health information (PHI), whether in hard copy records, electronic personal health information (ePHI) stored on computing systems, or even verbal discussions between medical professionals
Covered entities must put safeguards in place to ensure data is not compromised, and that it is only used for the intended purpose The HIPAA rules are not designed to and should not impede the treatment of patients Privacy Rule Mandates Removal of 18 Identifiers Names All geographic subdivisions smaller than a state All elements of dates (except year) Telephone numbers Facsimile numbers Electronic mail addresses Social security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers and serial numbers, including license plate numbers Device identifiers and serial numbers Web universal resource locators (URLs) Internet protocol (IP) address numbers Biometric identifiers, including fingerprints and voiceprints Full-face photographic images and any comparable images
Any other unique identifying number, characteristic, or code Permitted Uses and Disclosures of Patient Data To the individual For treatment, payment or health care operations Uses and disclosures with opportunity to agree or object Facility directories For notification and other purposes Incidental use and disclosure Public interest and benefit activities Required by law Public health activities Victims of abuse, neglect or domestic violence Health oversight activities Judicial and administrative proceedings Law enforcement purposes Decedents Cadaveric organ, eye, or tissue donation Research Serious threat to health or safety Essential government functions Workers’ compensation
BAs are related to the covered entity (CE), such as an EHR vendor or a transcription service They must have a BA agreement with the CE This forces the BA to comply with all security requirements The BA can be penalized for violating HIPAA requirements Business Associate (BA) Unauthorized acquisition, access or use. Exceptions: Data is encrypted. This is considered a safe harbor; or “Any unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure”; or “Any inadvertent disclosure by a person who is authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information
received as a result of such disclosure is not further used or disclosed”; or “A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.” Breach Requirements under HIPAA If a breach is determined, the covered entity must notify the individual(s) impacted by the breach. They must inform them within 60 days of when the breach is identified. The notification must include: A description of what happened A description of the type of PHI that was breached Steps the individual can take to protect themselves What the covered entity is doing to investigate the breach and mitigate harm Contact information for the individual to contact the covered entity 23 If a breach exceeds 500 individuals, the covered entity must notify the media and must report the breach to the Office for Civil Rights (OCR). Regardless of the number of individuals impacted by a breach, all breaches must be reported to the OCR annually Breach Notification
Administrative Requirements for the Privacy Rule Develop and implement written privacy policies and procedures Designate a privacy official Workforce training and management Mitigation strategy for privacy breaches Data safeguards - administrative, technical, and physical Designate a complaint official and procedure to file complaints Establish retaliation and waiver policies and restrictions Documentation and record retention - six years Fully-insured group health plan exception Policy regarding information security practices is often set by chief information officers (CIOs), chief technology officers (CTOs), information technology (IT) directors or similar; often with input from chief medical informatics officers (CMIOs),
HIPAA compliance officers, or the like Depending on resources, the information technology teams may consist of network, system administration, security and data personnel, or could be the very same technical staff relied upon for all office or clinic IT needs Organizational Roles Insiders Hackivists Organized crime Nation states Threat Actors Social Engineering: most common Phishing: via email or text messaging Shoulder surfing: attacker looks over the shoulder Tailgating: attacker uses someone else's ID Free software: USB drive is found and plugged into a computer,
introducing a virus Types of Attacks Denial of Service (DOS): website is flooded with traffic, shutting it down Brute Force: random credential are rapidly thrown at website hoping to gain access Doxing: gathers info about a victim and publishes that to harass or embarrass the individual. Types of Attacks Security Breaches and Attacks Identity theft on the rise Physical Theft Stolen laptops, computers, storage devices and servers The HHS website lists all of the reported data breaches affecting over 500 users. The site lists the covered entity, the number of breach victims, the type of breach and the location of
data (laptop, server, paper, etc.) Breaches: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf The next slides will list some of the recognized countermeasures employed by healthcare organizations Threat Countermeasures Authentication and Identity Management Accomplished with photo identification, biometrics, smart card technologies, tokens, and the old standard; user name and password Basic Authentication may vary depending on sensitivity of data, the capabilities of the systems, resource constraints - both technical and monetary, and the frequency of access Methods discussed here rely on what is known as two or multi- factor authentication: something one knows, something one has, or something that one is
Basic authentication: Username and password combination still employed by a majority of users today, combining two things that a user knows Another option is utilizing a grid card, smart card, USB token, one time password (OTP) token, or OTP service in combination with something a user knows, such as a passphrase or PIN Authentication and Identity Management Authentication and Identity Management Single Sign On (SSO) One set of credentials to easily access many of the resources one uses every day securely; example is Google Smart Cards: Used in Healthcare in many countries Vital information with a self-contained processor and memory
Low cost, ease of use, portability and durability, and ability to support multiple applications Capable of encrypted patient information, biometric signatures and personal identification (PIN) Drawbacks: lack of standardization and positive identification Smart Cards in Healthcare Authentication and Identity Management Biometric Authentication When combined with passphrases or the tokens, cards, and OTP solutions discussed previously, a two or multi-factor authentication solution can be employed Physical user identifiers: fingerprint, retinal scan, voice imprint
32 Theft Countermeasures Render data unusable to thieves Encryption standards such as FIPS 140-2 Hardware and software encryption techniques See encrypted USB device to the right Theft Countermeasures Security of healthcare data is critical for future success of HIT ARRA/HITECH supplement the administrative, physical and technical safeguards implemented by HIPAA Security measures will continue to improve but so will the efforts of hackers and criminals who seek access to healthcare record data and identity theft Conclusions
Chapter 9 Patient Safety, Quality and ValueHarry Burke MD P.docx

Recommended

An electronic health record.docx
An electronic health record.docxAn electronic health record.docx
An electronic health record.docxTUTH
 
notes on EMR
notes on EMRnotes on EMR
notes on EMRMohamed David Anthony Jabbie
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordNursing353
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordtschenf
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordtschenf
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordNursing353
 
Poster Peg And Sirisha Final
Poster Peg And Sirisha FinalPoster Peg And Sirisha Final
Poster Peg And Sirisha Finalpegscheible
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsSyed Ali Raza
 

Recommended

An electronic health record.docx
An electronic health record.docxAn electronic health record.docx
An electronic health record.docxTUTH
 
notes on EMR
notes on EMRnotes on EMR
notes on EMRMohamed David Anthony Jabbie
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordNursing353
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordtschenf
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordtschenf
 
Building a consensus for the electronic health record
Building a consensus for the electronic health recordBuilding a consensus for the electronic health record
Building a consensus for the electronic health recordNursing353
 
Poster Peg And Sirisha Final
Poster Peg And Sirisha FinalPoster Peg And Sirisha Final
Poster Peg And Sirisha Finalpegscheible
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsSyed Ali Raza
 
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of CarePatient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of CareYana Puckett, MD, MPH, MS
 
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docxChapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docxrobertad6
 
components of EHR ppt.pptx
components of EHR ppt.pptxcomponents of EHR ppt.pptx
components of EHR ppt.pptxanjalatchi
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxPg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxrandymartin91030
 
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxRunning Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxcowinhelen
 
Health Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxHealth Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxArti Parab Academics
 
Samson Health Informatics
Samson Health InformaticsSamson Health Informatics
Samson Health Informaticsrasams2
 
Structure of medical data
Structure of medical dataStructure of medical data
Structure of medical datajoseangelruiz21
 
Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1Dr.Ashok Khandelwal
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxanjalatchi
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxanjalatchi
 
Quality assurance in healthcare delivery
Quality assurance in healthcare deliveryQuality assurance in healthcare delivery
Quality assurance in healthcare deliveryAesculapius Healthcare Consultants
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health careAkanshabhushan
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2guest1e610e
 
PREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docxPREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docxkeilenettie
 
HL7: Clinical Decision Support
HL7: Clinical Decision SupportHL7: Clinical Decision Support
HL7: Clinical Decision SupportHarvard Medical School, Partners Healthcare
 
Team Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power PointTeam Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power PointMessner Angie
 
Patient safety
Patient safety Patient safety
Patient safety thaannush
 
Health care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docxHealth care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docxstudywriters
 
Medication errors powerpoint
Medication errors powerpointMedication errors powerpoint
Medication errors powerpointlexie_daryan
 
Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 

More Related Content

Similar to Chapter 9 Patient Safety, Quality and ValueHarry Burke MD P.docx

Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of CarePatient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of CareYana Puckett, MD, MPH, MS
 
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docxChapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docxrobertad6
 
components of EHR ppt.pptx
components of EHR ppt.pptxcomponents of EHR ppt.pptx
components of EHR ppt.pptxanjalatchi
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxPg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxrandymartin91030
 
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxRunning Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxcowinhelen
 
Health Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxHealth Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxArti Parab Academics
 
Samson Health Informatics
Samson Health InformaticsSamson Health Informatics
Samson Health Informaticsrasams2
 
Structure of medical data
Structure of medical dataStructure of medical data
Structure of medical datajoseangelruiz21
 
Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1Dr.Ashok Khandelwal
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxanjalatchi
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxanjalatchi
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health careAkanshabhushan
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2guest1e610e
 
PREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docxPREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docxkeilenettie
 
Team Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power PointTeam Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power PointMessner Angie
 
Patient safety
Patient safety Patient safety
Patient safety thaannush
 
Health care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docxHealth care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docxstudywriters
 
Medication errors powerpoint
Medication errors powerpointMedication errors powerpoint
Medication errors powerpointlexie_daryan
 

Similar to Chapter 9 Patient Safety, Quality and ValueHarry Burke MD P.docx (20)

Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of CarePatient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
Patient Satisfaction, Patient Reported Outcomes, Safety, and Quality of Care
 
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docxChapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
Chapter 4 Electronic Health RecordsRobert Hoyt MDVishnu Moh.docx
 
components of EHR ppt.pptx
components of EHR ppt.pptxcomponents of EHR ppt.pptx
components of EHR ppt.pptx
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxPg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
 
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxRunning Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docx
 
Health Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxHealth Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptx
 
Samson Health Informatics
Samson Health InformaticsSamson Health Informatics
Samson Health Informatics
 
Structure of medical data
Structure of medical dataStructure of medical data
Structure of medical data
 
Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1Medical error health bizindia april-11-page-1
Medical error health bizindia april-11-page-1
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptx
 
patient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptxpatient safety and staff Management system ppt.pptx
patient safety and staff Management system ppt.pptx
 
Quality assurance in healthcare delivery
Quality assurance in healthcare deliveryQuality assurance in healthcare delivery
Quality assurance in healthcare delivery
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health care
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2
 
PREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docxPREPARATIONConsider the hospital-acquired conditions that ar.docx
PREPARATIONConsider the hospital-acquired conditions that ar.docx
 
HL7: Clinical Decision Support
HL7: Clinical Decision SupportHL7: Clinical Decision Support
HL7: Clinical Decision Support
 
Team Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power PointTeam Sol2 01 Health Care Informatics Power Point
Team Sol2 01 Health Care Informatics Power Point
 
Patient safety
Patient safety Patient safety
Patient safety
 
Health care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docxHealth care organizations strive to create a culture of.docx
Health care organizations strive to create a culture of.docx
 
Medication errors powerpoint
Medication errors powerpointMedication errors powerpoint
Medication errors powerpoint
 

More from mccormicknadine86

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxmccormicknadine86
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxmccormicknadine86
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxmccormicknadine86
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxmccormicknadine86
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxmccormicknadine86
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxmccormicknadine86
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxmccormicknadine86
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxmccormicknadine86
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxmccormicknadine86
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxmccormicknadine86
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxmccormicknadine86
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxmccormicknadine86
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxmccormicknadine86
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxmccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxmccormicknadine86
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxmccormicknadine86
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxmccormicknadine86
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxmccormicknadine86
 

More from mccormicknadine86 (20)

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
 

Recently uploaded

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxsqpmdrvczh
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 

Recently uploaded (20)

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 

Chapter 9 Patient Safety, Quality and ValueHarry Burke MD P.docx

  • 1. Chapter 9: Patient Safety, Quality and Value Harry Burke MD PhD Learning Objectives After reviewing the presentation, viewers should be able to: Define safety, quality, near miss, and unsafe action List the safety and quality factors that justified the clinical implementation of electronic health record systems Discuss three reasons why the electronic health record is central to safety, quality, and value List three issues that clinicians have with the current electronic health record systems and discuss how these problems affect safety and quality Describe a specific electronic patient safety measurement system and a specific electronic safety reporting system Describe two integrated clinical decision support systems and discuss how they may improve safety and quality
  • 2. Patient Safety-Related Definitions Safety: minimization of the risk and occurrence of patient harm events Harm: inappropriate or avoidable psychological or physical injury to patient and/or family Adverse Events: “an injury resulting from a medical intervention” Preventable Adverse Events: “errors that result in an adverse event that are preventable” Overuse: “the delivery of care of little or no value” e.g. widespread use of antibiotics for viral infections Underuse: “the failure to deliver appropriate care” e.g. vaccines or cancer screening Misuse: “the use of certain services in situations where they are not clinically indicated” e.g. MRI for routine low back pain
  • 3. Introduction Medical errors are unfortunately common in healthcare, in spite of sophisticated hospitals and well trained clinicians Often it is breakdowns in protocol and communication, and not individual errors Technology has potential to reduce medical errors (particularly medication errors) by: Improving communication between physicians and patients Improving clinical decision support Decreasing diagnostic errors Unfortunately, technology also has the potential to create unique new errors that cause harm Medical Errors Errors can be related to diagnosis, treatment and preventive care. Furthermore, medical errors can be errors of commission or omission and fortunately not all errors result in an injury and not all medical errors are preventable Most common outpatient errors: Prescribing medications Getting the correct laboratory test for the correct patient at the correct time Filing system errors Dispensing medications and responding to abnormal test results
  • 4. 5 While many would argue that treatment errors are the most common category of medical errors, diagnostic errors accounted for the largest percentage of malpractice claims, surpassing treatment errors in one study Diagnostic errors can result from missed, wrong or delayed diagnoses and are more likely in the outpatient setting. This is somewhat surprising given the fact that US physicians tend to practice “defensive medicine” Over-diagnosis may also cause medical errors but this has been less well studied Medical Errors Unsafe healthcare lowers quality but safe medicine is not always high quality From the National Academy of Medicine’s perspective, quality is a set of six aspirational goals: medical care should be safe, effective, timely, efficient, patient-centered, and equitable Value relates to how important something is to use Cost-effective?
  • 5. Necessary? Affect morbidity, mortality or quality of life? Quality, Safety and Value Most adverse events result from unsafe actions or inactions by anyone on the healthcare team, including the patient Missed care is “any aspect of required care that is omitted either in part or in whole or delayed” Many of the above go unreported Unsafe Actions Most near-miss events are not reported. Many are not witnessed The tendency is the blame the individual, but healthcare is complex and there are often “system errors” Most safety systems are retrospective; we need to move to be proactive We need good data, such as the ratio of detected unsafe actions divided by the opportunity of an unsafe action, over a specified
  • 6. time interval Reporting Unsafe Actions 9 Patient Safety Reporting System: event is recorded and if it is a sentinel event, it is investigated. Most systems are not integrated with the EHR Root Cause Analysis: common approach to determine the cause of an adverse event. This has limitations HEDIS measures can help track quality issues Patient Safety Systems Current reimbursement models mandate quality measures, e.g. Medicare Patient Safety Monitoring System, now operated by AHRQ. The new system is known as the Quality and Safety Review System. Still labor intensive and manual Global Trigger Tool: evaluates hospital safety. Said to detect 90% of adverse events. Select 10 discharge records and two
  • 7. reviewers review the chart for any of the 53 “triggers” Patient Safety Systems Paper records have multiple disadvantages, as pointed out in the EHR chapter Expectations have been very high regarding the EHR’s impact on safety, quality and value Unfortunately, results have been mixed and there has not been a prospective study conducted to prove the EHR’s benefit towards safety and quality Using the EHR to Improve Safety, Quality and Value High expectations that CDS that is part of EHRs will improve safety As per multiple chapters in the textbook, CDS has mixed reviews, in terms of safety and quality
  • 8. Adverse events regarding CDS, includes ”alert fatigue” The FDA will regulate software that is related to treatment and decision making Clinical Decision Support Results in altered workflow and decreased efficiency. Physicians are staying late to complete notes in the EHR In an effort to save time physicians may “cut and paste” old histories into the EHR, creating new problems EHRs may create new safety issues “e-iatrogenesis” Because of the multiple issues, it is very common to see offices and hospitals change EHRs, not always solving the problem Clinician’s Issues with EHRs Roughly 2/3 of EHR data is unstructured (free text) so it is not computable. While natural language processing (NLP) may help solve this, we are a long ways away from resolution
  • 9. Multiple open source and commercial NLP programs exist but they require a great deal of time and expertise to match the results a manual chart review would produce Clinician’s Issues with EHRs Governmental Organizations Involved with Patient Safety US Federal Agencies: Department of Health and Human Services (HHS) Agency for Healthcare Research and Quality (AHRQ) Centers for Medicare and Medicaid Services (CMS) Non-reimbursable complications: (3 examples) Objects left in a patient during surgery and blood incompatibility Catheter-associated urinary tract infections Pressure ulcers (bed sores) Hospitals must assemble, analyze and trend clinical and administrative data to capture baseline data and measure improvement over time Health IT-based interventions are expected to assist
  • 10. Governmental Organizations Office of the National Coordinator for HIT Learn: “Increase the quantity and quality of data and knowledge about health IT safety.” Improve: “Target resources and corrective actions to improve health IT safety and patient safety” Safety goals will be aligned with meaningful use objectives. Lead: “Promote a culture of safety related to health IT” Governmental Organizations The Food and Drug Administration MedWatch: posts drug alerts and offers online reporting area Center for Devices and Radiological Health (CDRH) Plan to regulate mobile medical applications designed for use on smartphones State Patient Safety Programs: By 2010, 27 states and the District of Columbia passed legislation or regulation related to hospital reporting of adverse events to a state agency
  • 11. Meaningful Use Objectives and Potential Impact on Patient Safety Objective: Use computerized provider order entry (CPOE) for medication, laboratory, and radiology orders directly entered by any licensed healthcare professional who can enter orders into the medical record per state, local, and professional guidelines Objective: Use clinical decision support to improve performance on high-priority health conditions Meaningful Use Objectives and Potential Impact on Patient Safety Objective: Automatically track medications from order to administration using assistive technologies in conjunction with an electronic medication administration record (eMAR) Objective: Generate and transmit discharge prescriptions electronically (eRx)
  • 12. Non-Governmental Organizations and Patient Safety National Patient Safety Foundation (NPSF) Goals: Identifying and creating a core body of knowledge Identifying pathways to apply the knowledge Developing and enhancing the culture of receptivity to patient safety Raising public awareness and fostering communication around patient safety National Academy of Medicine (was the Institute of Medicine or IOM) Institute of Medicine (IOM) Recommendations Congress should create a Center for Patient Safety within the Agency for Healthcare Research and Quality A nationwide reporting system for medical errors should be established Volunteer reporting should be encouraged Congress should create legislation to protect internal peer review of medical errors Performance standards and expectations by healthcare organizations should include patient safety FDA should focus more attention on drug safety Healthcare organizations and providers should make patient safety a priority goal Healthcare organizations should implement known medication
  • 13. safety policies IOM Report - 2003 Patient safety must be linked to medical quality A new healthcare system must be developed that will prevent medical errors in the first place New methods must be developed to acquire, study and share error prevention among physicians, particularly at the point of care The IOM recommended specific data standards so patient safety-related information can be recorded, shared and analyzed IOM Report - 2011 Report focused exclusively on health IT and patient safety and quality Publish an “action and surveillance plan” Push health IT vendors to support the free exchange of information about health IT experiences and issues
  • 14. Public and private sectors should make comparative user experiences public Health IT Safety Council should assess and monitor safe use of health IT Specify quality and risk management processes health IT vendors must adopt Establish an independent federal entity to investigate patient safety deaths, serious injuries, or potentially unsafe conditions associated with health IT Support cross-disciplinary research toward the use of health IT as part of a learning system Non-Governmental Organizations and Patient Safety The National Quality Forum The Joint Commission: Published the 2018 National Patient Safety Goals They also published an alert about the potential for HIT to create new patient safety issues LeapFrog Group HealthGrades Institute for Safe Medication Practice (IMSP)
  • 15. HealthGrades 2017 Patient Safety Excellence Awards Award recognizes hospitals with the lowest occurrences of 14 preventable patient safety events, placing the hospitals in the top 10% in the nation for patient safety This organization reviews the data from inpatient Medicare and Medicaid cases each year and rates hospitals, in terms of patient safety They estimate that the top ranking hospitals represent, on average, a 43% lower risk of a patient safety adverse event compared to the lowest ranking hospitals Quality Care Finder www.hospitalcompare.hhs.gov Allows consumers to review quality metrics e.g. morbidity and mortality making decisions
  • 16. Technologies with Potential to Decrease Medication Errors Computerized provider order entry (CPOE) Benefits: Improved handwriting identification Reduced time to arrive in the pharmacy Fewer errors related to similar drug names Easier to integrate with other IT systems Easier to link to drug-drug interactions More likely to identify the prescriber Available for immediate analysis Can link to clinical decision support to recommend drugs of choice Jury still out on actual reduction of serious ADEs Technologies with Potential to Decrease Medication Errors Health Information Exchange (HIE): Improve patient safety by better communication between disparate healthcare participants Automated Dispensing Cabinets (ADCs): like ATM machines for medications on a ward Home Electronic Medication Management System: home dispensing, particularly for the elderly or non-compliant patient Pharmacy Dispensing Robots: bottles are filled automatically
  • 17. Electronic Medication Administration Record (eMAR): electronic record of medications that is integrated with the EHR and pharmacy Intravenous (IV) Infusion Pumps: regulate IV drug dosing accurately Bar Coding Medication Administration: the patient, drug and nurse all have a barcoded identity These must all match for the drug to be given without any alerts Bar codes are inexpensive but the software and other components are expensive Some healthcare systems have shown a significant reduction in medication administrative errors, but many of these were minor and would not have resulted in serious harm Technologies with Potential to Decrease Medication Errors Technologies with Potential to Decrease Medication Errors Medication Reconciliation
  • 18. When patients transition from hospital-to-hospital, from physician-to physician or from floor-to-floor, medication errors are more likely to occur Joint Commission mandated hospitals must reconcile a list of patient medications on admission, transfer and discharge Task may be facilitated with EHR but still confusion may exist if there are multiple physicians, multiple pharmacies, poor compliance or dementia Barriers to Improving Patient Safety through Technology Organizational: health systems leadership must develop a strong “culture of safety” Financial: Cost for multiple sophisticated HIT systems is considerable Error reporting: is voluntary and inadequate and usually “after the fact”
  • 19. Unintended Consequences Technology may reduce medical errors but create new ones: Medical alarm fatigue Infusion Pump errors Distractions related to mobile devices Electronic health records: data can be missing and/or incorrect, there can be typographical entry errors, and older information is sometimes copied and pasted into the current record Patient safety continues to be an ongoing problem with too many medical errors reported yearly Multiple organizations are reporting patient safety data transparently to hopefully support change There is a great expectation that HIT will improve patient quality which in turn will decrease medical errors There is some evidence that clinical decision support reduces errors, but studies overall are mixed Leadership must establish a “culture of safety” to effectively achieve improvement in patient safety Conclusions
  • 20. Chapter 10: Health Information Privacy and Security John Rasmussen MBA Learning Objectives After reviewing the presentation, viewers should be able to: Explain the importance of confidentiality, integrity, and availability Describe the regulatory environment and how it drives information privacy and security programs within the health care industry Recognize the importance of data security and privacy as related to public perception, particularly regarding data breach and loss Identify different types of threat actors and their motivations Identify different types of controls used and how they are used
  • 21. to protect information Describe emerging risks and how they impact the health care sector Confidentiality refers to the prevention of data loss, and is the category most easily identified with HIPAA privacy and security within healthcare environments. Usernames, passwords, and encryption are common measures implemented to ensure confidentiality Three Pillars of Data Security Availability refers to system and network accessibility, and often focuses on power loss or network connectivity outages. Loss of availability may be attributed to natural or accidental disasters such as tornados, earthquakes, hurricanes or fire, but also refer to man-made scenarios, such as a Denial of Service (DoS) attack or a malicious infection which compromises a
  • 22. network and prevents system use. To counteract such issues, backup generators, continuity of operations planning and peripheral network security equipment are used to maintain availability Three Pillars of Data Security Integrity describes the trustworthiness and permanence of data, an assurance that the lab results or personal medical history of a patient is not modifiable by unauthorized entities or corrupted by a poorly designed process. Database best practices, data loss solutions, and data backup and archival tools are implemented to prevent data manipulation, corruption, or loss; thereby maintaining the integrity of patient data Three Pillars of Data Security Data must be classified to determine its risk Healthcare organizations must develop a set of controls to protect confidentiality, integrity and availability of data
  • 23. One layer of defense is not likely to be adequate Healthcare organizations will need technical, administrative and physical safeguards Defense in Depth for Healthcare Administrative Safeguards Administrative Safeguards Security management processes to reduce risks and vulnerabilities Security personnel responsible for developing and implementing security policies Information access management-minimum access to perform duties Workforce training and management Background checks, drug screens, etc. for new employees Evaluation of security policies and procedures Physical Safeguards
  • 24. Limit physical access to facilities Workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media Badge with photo Physical Safeguards Technical Safeguards Access control that restricts access to authorized personnel Audit controls for hardware, software, and transactions Integrity controls to ensure data is not altered or destroyed Transmission security to protect against unauthorized access to data transmitted on networks and via email Unique usernames and passwords, encrypted software, anti- virus software, secure email, firewalls, etc. Technical Safeguards
  • 25. Healthcare Regulatory Environment Health Insurance Portability & Accountability Act (HIPAA - 1996) Laid ground work for privacy and security measures in healthcare . Initial intent was to cover patients who switched physicians or insurers (portability) Next important Act was the American Recovery and Reinvestment Act (ARRA - 2209) & HITECH Act that imposed new requirements for breach notification and stiffer penalties Health Plans: Health insurers, HMOs, Company health plans, Government programs such as Medicare and Medicaid Health Care Providers who conduct business electronically: Most doctors, Clinics, Hospitals, Psychologists, Chiropractors, Nursing homes, Pharmacies, Dentists Health care clearinghouses Covered Entities or Those Who Must Follow HIPAA Privacy Rule
  • 26. Request and receive a copy of their health records Request an amendment to their health record Receive a notice that discusses how health information may be used and shared, the Notice of Privacy Practices Request a restriction on the use and disclosure of their health information Receive a copy of their “accounting of disclosures” Restrict disclosure of the health information to an insurer if the encounter is paid for out of pocket File a complaint with a provider, health insurer, and/or the U.S. Government if patient rights are being denied or health information is not being protected. Covered Entities: Patient Rights Life insurers Employers Workers compensation carriers Many schools and school districts Many state agencies like child protective service agencies Many law enforcement agencies Many municipal offices
  • 27. Organizations That Do Not Need To Follow HIPAA Privacy Rule Individually identifiable health information: Information created by a covered entity And “relates to the past, present, or future physical or mental health or condition of an individual” Or identifies the individual or there is a reasonable basis to believe that the individual can be identified from the information. Protected Health Information (PHI) HIPAA Protections apply to all personal health information (PHI), whether in hard copy records, electronic personal health information (ePHI) stored on computing systems, or even verbal discussions between medical professionals
  • 28. Covered entities must put safeguards in place to ensure data is not compromised, and that it is only used for the intended purpose The HIPAA rules are not designed to and should not impede the treatment of patients Privacy Rule Mandates Removal of 18 Identifiers Names All geographic subdivisions smaller than a state All elements of dates (except year) Telephone numbers Facsimile numbers Electronic mail addresses Social security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers and serial numbers, including license plate numbers Device identifiers and serial numbers Web universal resource locators (URLs) Internet protocol (IP) address numbers Biometric identifiers, including fingerprints and voiceprints Full-face photographic images and any comparable images
  • 29. Any other unique identifying number, characteristic, or code Permitted Uses and Disclosures of Patient Data To the individual For treatment, payment or health care operations Uses and disclosures with opportunity to agree or object Facility directories For notification and other purposes Incidental use and disclosure Public interest and benefit activities Required by law Public health activities Victims of abuse, neglect or domestic violence Health oversight activities Judicial and administrative proceedings Law enforcement purposes Decedents Cadaveric organ, eye, or tissue donation Research Serious threat to health or safety Essential government functions Workers’ compensation
  • 30. BAs are related to the covered entity (CE), such as an EHR vendor or a transcription service They must have a BA agreement with the CE This forces the BA to comply with all security requirements The BA can be penalized for violating HIPAA requirements Business Associate (BA) Unauthorized acquisition, access or use. Exceptions: Data is encrypted. This is considered a safe harbor; or “Any unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure”; or “Any inadvertent disclosure by a person who is authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information
  • 31. received as a result of such disclosure is not further used or disclosed”; or “A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.” Breach Requirements under HIPAA If a breach is determined, the covered entity must notify the individual(s) impacted by the breach. They must inform them within 60 days of when the breach is identified. The notification must include: A description of what happened A description of the type of PHI that was breached Steps the individual can take to protect themselves What the covered entity is doing to investigate the breach and mitigate harm Contact information for the individual to contact the covered entity 23 If a breach exceeds 500 individuals, the covered entity must notify the media and must report the breach to the Office for Civil Rights (OCR). Regardless of the number of individuals impacted by a breach, all breaches must be reported to the OCR annually Breach Notification
  • 32. Administrative Requirements for the Privacy Rule Develop and implement written privacy policies and procedures Designate a privacy official Workforce training and management Mitigation strategy for privacy breaches Data safeguards - administrative, technical, and physical Designate a complaint official and procedure to file complaints Establish retaliation and waiver policies and restrictions Documentation and record retention - six years Fully-insured group health plan exception Policy regarding information security practices is often set by chief information officers (CIOs), chief technology officers (CTOs), information technology (IT) directors or similar; often with input from chief medical informatics officers (CMIOs),
  • 33. HIPAA compliance officers, or the like Depending on resources, the information technology teams may consist of network, system administration, security and data personnel, or could be the very same technical staff relied upon for all office or clinic IT needs Organizational Roles Insiders Hackivists Organized crime Nation states Threat Actors Social Engineering: most common Phishing: via email or text messaging Shoulder surfing: attacker looks over the shoulder Tailgating: attacker uses someone else's ID Free software: USB drive is found and plugged into a computer,
  • 34. introducing a virus Types of Attacks Denial of Service (DOS): website is flooded with traffic, shutting it down Brute Force: random credential are rapidly thrown at website hoping to gain access Doxing: gathers info about a victim and publishes that to harass or embarrass the individual. Types of Attacks Security Breaches and Attacks Identity theft on the rise Physical Theft Stolen laptops, computers, storage devices and servers The HHS website lists all of the reported data breaches affecting over 500 users. The site lists the covered entity, the number of breach victims, the type of breach and the location of
  • 35. data (laptop, server, paper, etc.) Breaches: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf The next slides will list some of the recognized countermeasures employed by healthcare organizations Threat Countermeasures Authentication and Identity Management Accomplished with photo identification, biometrics, smart card technologies, tokens, and the old standard; user name and password Basic Authentication may vary depending on sensitivity of data, the capabilities of the systems, resource constraints - both technical and monetary, and the frequency of access Methods discussed here rely on what is known as two or multi- factor authentication: something one knows, something one has, or something that one is
  • 36. Basic authentication: Username and password combination still employed by a majority of users today, combining two things that a user knows Another option is utilizing a grid card, smart card, USB token, one time password (OTP) token, or OTP service in combination with something a user knows, such as a passphrase or PIN Authentication and Identity Management Authentication and Identity Management Single Sign On (SSO) One set of credentials to easily access many of the resources one uses every day securely; example is Google Smart Cards: Used in Healthcare in many countries Vital information with a self-contained processor and memory
  • 37. Low cost, ease of use, portability and durability, and ability to support multiple applications Capable of encrypted patient information, biometric signatures and personal identification (PIN) Drawbacks: lack of standardization and positive identification Smart Cards in Healthcare Authentication and Identity Management Biometric Authentication When combined with passphrases or the tokens, cards, and OTP solutions discussed previously, a two or multi-factor authentication solution can be employed Physical user identifiers: fingerprint, retinal scan, voice imprint
  • 38. 32 Theft Countermeasures Render data unusable to thieves Encryption standards such as FIPS 140-2 Hardware and software encryption techniques See encrypted USB device to the right Theft Countermeasures Security of healthcare data is critical for future success of HIT ARRA/HITECH supplement the administrative, physical and technical safeguards implemented by HIPAA Security measures will continue to improve but so will the efforts of hackers and criminals who seek access to healthcare record data and identity theft Conclusions