Information Technology Management in Healthcare Organizations: Part 2 (Octobe...
Â
Health Information Privacy and Security Management (& Health IT Ethics) (July 23, 2020)
1. 1
Health Information Privacy and
Security Management
(& Health IT Ethics)
āļāļ.āļāļ§āļāļĢāļĢāļ āļāļĩāļĢāļ°āļāļąāļĄāļāļĢāļāļąāļāļāļļāđ
āļĢāļāļāļāļāļāļāļĩāļāđāļēāļĒāļāļāļīāļāļąāļāļīāļāļēāļĢ āđāļĨāļ°āļāļēāļāļēāļĢāļĒāđāļ āļēāļāļ§āļīāļāļēāļĢāļ°āļāļēāļāļ§āļīāļāļĒāļēāļāļĨāļīāļāļīāļāđāļĨāļ°āļāļĩāļ§āļŠāļāļīāļāļī
āļāļāļ°āđāļāļāļĒāļĻāļēāļŠāļāļĢāđāđāļĢāļāļāļĒāļēāļāļēāļĨāļĢāļēāļĄāļēāļāļīāļāļāļĩ
āļāļąāļāļ§āļīāļāļēāļāļēāļĢāļāđāļēāļāļŠāļēāļĢāļŠāļāđāļāļĻāļŠāļļāļāļ āļēāļ
23 āļāļĢāļāļāļēāļāļĄ 2563
ÂĐ 2020. This work is licensed under a CC BY-NC 4.0 license.
Except content reproduced from others, used here under Fair Use, that are copyrighted by respective owners.
2. 2
What words come to mind when you hear...
Digital Health
Transformation
7. 7
Why Arenât We Talk About These Words?
http://hcca-act.blogspot.com/2011/07/reflections-on-patient-centred-care.html
8. 8
âBig data is like teenage sex:
everyone talks about it,
nobody really knows how to do it,
everyone thinks everyone else is doing it,
so everyone claims they are doing it...â
-- Dan Ariely @danariely (2013)
Substitute âBig dataâ with âAIâ, âBlockchainâ, âIoTâ
of your choice.
-- Nawanan Theera-Ampornpunt (2018)
9. 9
Hype vs. Hope
Jeremy Kemp via http://en.wikipedia.org/wiki/Hype_cycle
http://www.gartner.com/technology/research/methodologies/hype-cycle.jsp
14. 14
High Quality Care
âĒ Safe
âĒ Timely
âĒ Effective
âĒ Patient-Centered
âĒ Efficient
âĒ Equitable
Institute of Medicine, Committee on Quality of Health Care in America. Crossing the quality chasm:
a new health system for the 21st century. Washington, DC: National Academy Press; 2001. 337 p.
15. 15
Areas of Health Informatics
Patients &
Consumers
Providers &
Patients
Healthcare
Managers, Policy-
Makers, Payers,
Epidemiologists,
Researchers
Copyright ï Nawanan Theera-Ampornpunt (2018)
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
16. 16
Incarnations of Health IT
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
HIS/CIS
EHRs
Computerized Physician
Order Entry (CPOE)
Clinical Decision
Support Systems
(CDS) (including AI)
Closed Loop
Medication
PACS/RIS
LIS
Nursing
Apps
Disease Surveillance
(Active/Passive)
Business
Intelligence &
Dashboards
Telemedicine
Real-time Syndromic
Surveillance
mHealth for Public
Health Workers &
Volunteers
PHRs
Health Information
Exchange (HIE)
eReferral
mHealth for
Consumers
Wearable
Devices
Social
Media
Copyright ï Nawanan Theera-Ampornpunt (2018)
17. 17
Hospital A Hospital B
Clinic D
Policymakers
Patient at
Home
Hospital C
HIE Platform
Health Information Exchange (HIE)
19. 19
Where We Are Today...
Copyright ï Nawanan Theera-Ampornpunt (2018)
Clinical
Informatics
Public
Health
Informatics
Consumer
Health
Informatics
Technology that
focuses on the sick,
not the healthy
Silos of data
within hospitalPoor/unstructured
data quality
Lack of health data
outside hospital
Poor data
integration across
hospitals/clinics
Poor data integration
for monitoring &
evaluation
Poor data quality (GIGO)
Finance leads
clinical outcomes
Poor IT change
management
Cybersecurity
& privacy risks
Few real examples
of precision
medicine
Little access
to own
health data
Poor patient
engagement
Poor accuracy
of wearables Lack of evidence
for health values
Health literacy
Information ïđ
Behavioral
change
Few standards
Lack of health IT
governance
22. 22
âĒ Respect for Persons (or Autonomy)
âĒ Treat individuals as autonomous human
beings. People must be allowed to choose
for themselves
âĒ We must also provide extra protection to
those with limited autonomy
âĒ Autonomy includes mental capacity (ability
to understand and process information) and
voluntariness (freedom from control,
coercion, or influence of others)
Source: http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html
Bankert E, Cooper JA. History and ethical principles. Collaborative Institutional Training Initiative.
Ethical Principles in Healthcare
23. 23
âĒ Beneficence
âĒ Minimize harms and maximize benefits within
constraints of sound research design
âĒ Avoid research without a favorable risk-
benefit ratio
Source: http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html
Bankert E, Cooper JA. History and ethical principles. Collaborative Institutional Training Initiative.
Ethical Principles in Healthcare
24. 24
âĒ Justice
âĒ Treat people fairly and design studies
so that burdens and benefits are
shared equitably
âĒ Select subjects equitably
âĒ Avoid exploitation of vulnerable
populations or âpopulations of
convenienceâ
Source: http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html
Bankert E, Cooper JA. History and ethical principles. Collaborative Institutional Training Initiative.
Ethical Principles in Healthcare
25. 25
âĒ Non-maleficence
âĒ âFirst, do no harm.â
Source: http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html
Bankert E, Cooper JA. History and ethical principles. Collaborative Institutional Training Initiative.
Ethical Principles in Healthcare
26. 26
External Memory
Knowledge Data
Long Term Memory
Knowledge Data
Inference
DECISION
PATIENT
Perception
Attention
Working
Memory
CLINICIAN
Source: Elson RB, Faughnan JG, Connelly DP. An industrial process view of information delivery to support clinical decision
making: implications for system design and process measures. J Am Med Inform Assoc. 1997 Jul-Aug;4(4):266-78.
http://jamia.bmj.com/content/4/4/266.full.pdf+html
A Model of Clinical Decision Making
27. 27
âĒ The real place where most of the values of
health IT can be achieved
âĒ A variety of forms and nature of CDS
âExpert systems
âĒ Based on artificial intelligence, machine
learning, rules, or statistics
âĒ Examples: differential diagnoses,
treatment options
Clinical Decision Support Systems (CDS)
28. 28
âĒ A variety of forms and nature of CDS
â Alerts & reminders
âĒ Based on specified logical conditions
âĒ Examples: drug-allergy checks, drug-drug interaction
checks, drug-lab interaction checks, drug-formulary
checks, reminders for preventive services or certain
actions (e.g. smoking cessation), clinical practice
guideline integration
â Evidence-based knowledge sources e.g. drug database,
literature
â Simple User Interface designed to help clinical decision
making
Clinical Decision Support Systems (CDS)
30. 30
Issues
âĒ CDSS as a supplement or replacement of
clinicians?
â The demise of the âGreek Oracleâ model (Miller &
Masarie, 1990)
The âGreek Oracleâ Model
The âFundamental Theoremâ
Friedman CP. A "fundamental theorem" of biomedical informatics. J Am Med
Inform Assoc. 2009 Apr;16(2):169-170.
Clinical Decision Support Systems (CDS)
33. 33
âĒ âUnanticipated and unwanted effect of health IT
implementationâ (ucguide.org)
âĒ Must-read resources
â Ash JS, Berg M, Coiera E. Some unintended consequences of
information technology in health care: the nature of patient
care information system-related errors. J Am Med Inform
Assoc. 2004 Mar-Apr;11(2):104-12.
â Campbell, EM, Sittig DF, Ash JS, et al. Types of Unintended
Consequences Related to Computerized Provider Order
Entry. J Am Med Inform Assoc. 2006 Sep-Oct; 13(5): 547-556.
â Koppel R, Metlay JP, Cohen A, Abaluck B, Localio AR, Kimmel
SE, Strom BL. Role of computerized physician order entry
systems in facilitating medication errors. JAMA. 2005 Mar
9;293(10):1197-203.
Unintended Consequences of Health IT
35. 35
Standard view
⊠With uncertainties around new technology,
âscientific evidence counsels caution and
prudence.â
⊠Evidence & reason determine appropriate level
of caution
⊠If such systems improve care at acceptable
cost in time & money, thereâs an obligation to
use it
⊠Follows evolving evidence and standards of
care
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes.
In Shortliffe (3rd Edition).
Appropriate Use of Health IT
36. 36
Standard view
⊠For computer-assisted clinical diagnosis CDS,
human cognitive processes are more suited to
complex task of diagnosis than machine, and
should not be overridden or trumped by
computers.
⊠When adequate CDS tools are developed, they
should be viewed and used as supplementary
and subservient to human clinical judgment
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes.
In Shortliffe (3rd Edition).
Appropriate Use of Health IT
38. 38
Standard view
⊠Practitioners have obligation to use tools
responsibly, through adequate training &
understanding the systemâs abilities &
limitations
⊠Practitioners must not ignore their clinical
judgment reflexively when using CDS.
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes.
In Shortliffe (3rd Edition).
Appropriate Use of Health IT
39. 39
⊠Health IT âshould be used in clinical practice
only after appropriate evaluation of its efficacy
and the documentation that it performs its
intended task at an acceptable cost in time &
moneyâ
⊠Qualified (licensed, trained & experienced)
health professionals as users
⊠Systems should be used to
augment/supplement, rather than replace or
supplant individualsâ decision making
⊠Adequate training
Goodman & Miller. Chapter 10: Ethics and Health Informatics: Users, Standards, and Outcomes.
In Shortliffe (3rd Edition).
Appropriate Use of Health IT
40. 40
âĒ Nothing is certain in medicine & health care
âĒ Large variations exist in patient presentations,
clinical course, underlying genetic codes,
patient & provider behaviors, biological
responses & social contexts
âĒ Human is good at pattern recognition, while
machine is good at logic & computations.
âĒ Diagnosis is often achieved through
recognizing clinical patterns
âĒ Not everything can be digitized or digitally
acquired
âĒ Experience, context & human touch matters
Why Clinical Judgment Is Still Necessary?
41. 41
âĒ A defense doctrine used in the U.S.
legal system (and some other countries)
which states that âa manufacturer of a
product has fulfilled his duty of care
when he provides all of the necessary
information to a âlearned intermediaryâ
who then interacts with the consumer of
a product.â (Wikipedia)
âĒ Primarily used by pharmaceutical &
medical device manufacturers in
defense of tort lawsuits.
Source: http://en.wikipedia.org/wiki/Learned_intermediary
Learned Intermediary Doctrine
42. 42
âĒ Because health IT developers canât expect a
CDS advice (e.g., alerts & reminders) to be
100% appropriate for each individual patient,
clinical judgment is still necessary.
âĒ Health IT developers & manufacturers are
protected from liabilities for poor/inappropriate
advices or for bad outcomes associated with
them, as long as there is a clinician using it that
can intervene
âĒ What about software bugs (e.g. wrong dose
calculations)?
Learned Intermediary Doctrine
43. 43
âĒ Applicability of this doctrine varies
based on legal jurisdictions, context
of each case, and legal arguments
âĒ Recently, this doctrine has been
noted by some legal and informatics
experts that it doesnât apply to health
IT cases
âĒ It remains unclear until there are
rulings from real legal cases
Learned Intermediary Doctrine
44. 44
(Now, Letâs Really Focus on the Topic)
Health Information Privacy and
Security Management
āļāļ.āļāļ§āļāļĢāļĢāļ āļāļĩāļĢāļ°āļāļąāļĄāļāļĢāļāļąāļāļāļļāđ
āļĢāļāļāļāļāļāļāļĩāļāđāļēāļĒāļāļāļīāļāļąāļāļīāļāļēāļĢ āđāļĨāļ°āļāļēāļāļēāļĢāļĒāđāļ āļēāļāļ§āļīāļāļēāļĢāļ°āļāļēāļāļ§āļīāļāļĒāļēāļāļĨāļīāļāļīāļāđāļĨāļ°āļāļĩāļ§āļŠāļāļīāļāļī
āļāļāļ°āđāļāļāļĒāļĻāļēāļŠāļāļĢāđāđāļĢāļāļāļĒāļēāļāļēāļĨāļĢāļēāļĄāļēāļāļīāļāļāļĩ
āļāļąāļāļ§āļīāļāļēāļāļēāļĢāļāđāļēāļāļŠāļēāļĢāļŠāļāđāļāļĻāļŠāļļāļāļ āļēāļ
23 āļāļĢāļāļāļēāļāļĄ 2563
ÂĐ 2020. This work is licensed under a CC BY-NC 4.0 license.
Except content reproduced from others, used here under Fair Use, that are copyrighted by respective owners.
49. 49
User Security & Privacy
So, two informaticians walk
into a bar...
The bouncer says, "What's
the password."
One says, "Password?"
The bouncer lets them in.
Credits: @RossMartin & AMIA (2012)
55. 55
S: Social Media and Communication
S 1 Security and Privacy of Information
S 2 Social Media and Communication
Professionalism
2P Safety Personnel Safety Goals:
S in SIMPLE
62. 62
āļŦāļĨāļąāļāļāļĢāļīāļĒāļāļĢāļĢāļĄāļāļĩāđāđāļāļĩāđāļĒāļ§āļāļąāļ Privacy
âĒ Autonomy (āļŦāļĨāļąāļāđāļāļāļŠāļīāļāļāļīāđ/āļāļ§āļēāļĄāđāļāđāļāļāļīāļŠāļĢāļ°āļāļāļāļāļđāđāļāđāļ§āļĒ)
âĒ Beneficence (āļŦāļĨāļąāļāļāļēāļĢāļĢāļąāļāļĐāļēāļāļĢāļ°āđāļĒāļāļāđāļŠāļđāļāļŠāļļāļāļāļāļāļāļđāđāļāđāļ§āļĒ)
âĒ Non-maleficence (āļŦāļĨāļąāļāļāļēāļĢāđāļĄāđāļāļēāļāļąāļāļāļĢāļēāļĒāļāđāļāļāļđāđāļāđāļ§āļĒ)
âFirst, Do No Harm.â
63. 63
Whatâs the Password?
Unknown Internet sources, via
http://pikabu.ru/story/interesno_kakoy_zhe_u_nikh_parol_4274737,
via Facebook page âāļŠāļāļāđāļŪāļāđāļ§āđāļāđāļāļāđāļĄāļ§āđâ
75. 75
Hippocratic Oath
â...What I may see or hear in the course of
treatment or even outside of the treatment in
regard to the life of men, which on no account one
must spread abroad, I will keep myself holding
such things shameful to be spoken about...â
76. 76
Relevant Ethical Principles
Autonomy (āļŦāļĨāļąāļāđāļāļāļŠāļīāļāļāļīāđ/āļāļ§āļēāļĄāđāļāđāļāļāļīāļŠāļĢāļ°āļāļāļāļāļđāđāļāđāļ§āļĒ)
Beneficence (āļŦāļĨāļąāļāļāļēāļĢāļĢāļąāļāļĐāļēāļāļĢāļ°āđāļĒāļāļāđāļŠāļđāļāļŠāļļāļāļāļāļāļāļđāđāļāđāļ§āļĒ)
Non-maleficence (āļŦāļĨāļąāļāļāļēāļĢāđāļĄāđāļāļēāļāļąāļāļāļĢāļēāļĒāļāđāļāļāļđāđāļāđāļ§āļĒ)
âFirst, Do No Harm.â