http://www.csun.edu/~dn58412/IS531
Lecture 12
Information Security and Confidentiality
(Chapter 12)
Privacy, confidentiality, information privacy, and information security and the relationships among them.
How information system security affects privacy, confidentiality, and security.
The significance of security for information integrity
Potential threats to system security and information.
Security measures to protect information
IS 531 : Lecture 12
*
Learning Objectives
IS 531 : Lecture 12
Security ConcernInformation security and confidentiality of personal information represent major concerns in today’s society amidst growing reports of stolen and compromised information.Globalization and increased use of internetEvolving technology and intrusion techniquesInformation must be protected through a combination of electronic and manual methods
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Information SecurityThe protection of information against threats to its integrity, inadvertent disclosure, or availability determines the survivability of a system
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
PrivacyFreedom from intrusion, or control over the exposure of self or of personal information The right to determine what information is collected, how it is used, and the ability to review collected information for accuracy and security
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
ConfidentialityThe protection of healthcare information is mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission requirements.Must not disclose patient-related information without consentShare info only with the parties requiring it for client treatmentMostly due to careless communication in a public area or with appropriate person
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Information/Data PrivacyThe storage and disclosure/dissemination of personally identifiable informationThe right to choose the conditions and extent to which information and beliefs are shared The right to ensure accuracy of information collected
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
ConsentThe process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be usedEntails making the individual aware of risks to privacy and measures to protect it
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Information System SecurityOngoing protection of both information stored in the system and the system itself from threats or disruption Primary goals :Protection of client confidentialityProtection of information integrityTimely availability of information when needed
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Security PlanningSafeguard against: DowntimeBreeches in confidentialityLoss of consumer confidenceCybercrimeLiabilityLost productivityEnsure compliance with HIPAA
IS 531 : Lecture 12
*
IS 531 : Lecture ...
1. http://www.csun.edu/~dn58412/IS531
Lecture 12
Information Security and Confidentiality
(Chapter 12)
Privacy, confidentiality, information privacy, and information
security and the relationships among them.
How information system security affects privacy,
confidentiality, and security.
The significance of security for information integrity
Potential threats to system security and information.
Security measures to protect information
IS 531 : Lecture 12
*
Learning Objectives
IS 531 : Lecture 12
Security ConcernInformation security and confidentiality of
personal information represent major concerns in today’s
society amidst growing reports of stolen and compromised
information.Globalization and increased use of internetEvolving
technology and intrusion techniquesInformation must be
protected through a combination of electronic and manual
methods
IS 531 : Lecture 12
*
2. IS 531 : Lecture 12
*
*
Information SecurityThe protection of information against
threats to its integrity, inadvertent disclosure, or availability
determines the survivability of a system
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
PrivacyFreedom from intrusion, or control over the exposure of
self or of personal information The right to determine what
information is collected, how it is used, and the ability to
review collected information for accuracy and security
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
3. ConfidentialityThe protection of healthcare information is
mandated by the Health Insurance Portability and
Accountability Act (HIPAA) and the Joint Commission
requirements.Must not disclose patient-related information
without consentShare info only with the parties requiring it for
client treatmentMostly due to careless communication in a
public area or with appropriate person
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Information/Data PrivacyThe storage and
disclosure/dissemination of personally identifiable
informationThe right to choose the conditions and extent to
which information and beliefs are shared The right to ensure
accuracy of information collected
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
4. ConsentThe process by which an individual authorizes
healthcare personnel to process his or her information based on
an informed understanding of how this information will be
usedEntails making the individual aware of risks to privacy and
measures to protect it
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Information System SecurityOngoing protection of both
information stored in the system and the system itself from
threats or disruption Primary goals :Protection of client
confidentialityProtection of information integrityTimely
availability of information when needed
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Security PlanningSafeguard against: DowntimeBreeches in
confidentialityLoss of consumer
confidenceCybercrimeLiabilityLost productivityEnsure
compliance with HIPAA
5. IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Steps to SecurityAssessment of risks and assetsAn
organizational planA “culture” of securityThe establishment and
enforcement of policies
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Threats to System Security
and InformationHuman threatsThievesHackers and
crackersDenial of service attacksTerroristsViruses,
wormsRevenge attacksPirated Web sites
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
6. *
Threats to System Security
and Information …On-site threatsPoor password
managementCompromised deviceHuman errorUnauthorized
insider accessFlooding sitePower fluctuationsFires and natural
disasters
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Security Measures Firewalls—barrier created from software and
hardwareAntivirus and spyware detectionUser sign-on and
passwords or other means of identity managementAccess on a
need-to-know basis Automatic sign-offPhysical restrictions to
system access
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
7. AuthenticationProcess of determining whether someone is who
he or she claims to beMethods: access codes, logon passwords,
digital certificates, public or private keys used for
encryptionbiometric measures
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
PasswordString of alphanumeric characters to type in for system
accessInexpensive but not the most effective means of
authenticationDo:Choose 8-12 character passwordsAvoid
obvious passwordsUsing the first characters of your favorites
verses / sayings.Including special characters, lower and upper
cases, numbers .
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Password …Don’t: Post or write down passwords.Leave
8. computers or applications running when not in use.Re-use the
same password for different systems.Use the browser “save
password” feature.Never share passwords.Change password
frequently
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
BiometricsIdentification based on a unique biological
traitfingerprintvoice iris pattern / retinal scanhand geometry /
palmprintface recognitionetc…
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Antivirus SoftwareComputer programs that can locate and
eradicate viruses and other malicious programs from memory
sticks, storage devices, individual computers, and
networksDetect and eliminate malwares / spywares that install
themselves without the user’s permission to collect passwords,
PIN numbers, account numbers then send them to another party
IS 531 : Lecture 12
9. *
IS 531 : Lecture 12
*
*
Antivirus Software
IS 531 : Lecture 12
*
Source : http://anti-virus-software-review.toptenreviews.com/
IS 531 : Lecture 12
*
*
Proper Handling and Disposal Acceptable usesAudit trails to
monitor accessEncourage review for accuracyEstablish controls
for information use after-hours and off-siteShred or use locked
receptacles for the disposal of items containing personal health
information
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
10. Implications for Mobile ComputingShared responsibility for
information and information system securityDevices are easily
stolen.Devices should require authentication and encryption to
safeguard information security.Devices should never be left
where information may be seen by unauthorized viewers.Verify
wireless networks before use.
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
*
Firewall
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
Physical vs. Logical
Access / Controls
IS 531 : Lecture 12
*
11. IS 531 : Lecture 12
Encryption
IS 531 : Lecture 12
*
I S 5 3 1
01001001 01010011 00110101 00110011 00110001
10010101 00110011 01010011 00110011 00010100
01101010 11001100 10101100 11001100 11101011
Binary Codes
ASCII (American Standard Code for Information Interchange) :
8 bits
EBCDIC (Extended Binary-Coded Decimal Interchange Code ) :
16 bits
Unicode : 32 bits and more
IS 531 : Lecture 12
*
Encoding
IS 531 : Lecture 12
*
A B C D E F G H I J K L M N O P Q R S T U V
W X Y Z
DROPBOX TONIGHT
F G H I J K L M N O P Q R S T U V W X Y Z
12. A B C D E
IWTUGTC YTSNLMY
Normal sequence :
Encoded sequence :
Message :
Encoded message :
IS 531 : Lecture 12
*
Public Keys
IS 531 : Lecture 12
*
IS 531 : Lecture 12
*
ReferencesCMU - Security 101 (2011)
http://www.cmu.edu/iso/aware/presentation/security101-
v2.pdfCMU - Governing for Enterprise Security (2005)
https://resources.sei.cmu.edu/asset_files/TechnicalNote/2005_0
04_001_14513.pdf
IS 531 : Lecture 12
*
IS 531 : Lecture 12
13. Running.jpg
Weightlifting.jpg
Meditate.jpg
Group exercise.jpg
Healty couples.jpg
Flexibility(1).jpg
The Breakfast Plan and Fasting-Cure
Edward Hooker Dewey
http://www.csun.edu/~dn58412/IS531
Lecture 13
System Integration and Interoperability
(Chapter 13)
Learning Outcomes
System integration and interoperability for healthcare delivery.
Interface in system integration
Types of system interoperability
Benefits of integration and interoperability
Integration issues
14. IS 531 : Lecture 13
*
IS 531 : Lecture 13
HIT Ecosystems
IS 531 : Lecture 13
*
IS 531 : Lecture 13
Why System IntegrationHealth and financial data are collected
at multiple points within the healthcare delivery
system.Redundant efforts are expensive, frustrating, waste time,
and result in different “versions” with none being complete or
error free.
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Benefits of IntegrationAllow instant access to application and
dataImprove data integrity with single entry of dataDecrease
data entry costFacilitate the formulation of accurate and
complete patient recordFacilitate information tracking for
accurate cost determinations
IS 531 : Lecture 13
*
15. IS 531 : Lecture 13
*
*
System IntegrationDifferent information systems should be able
to exchange data in a fashion that is seamless to the end
userThis exchange occurs across an “interface”
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Types of InterfaceSoftware that tells different systems “how” to
exchange dataPoint-to-point: Directly connects 2
systemsRequires custom programmingExpensiveInterface
engine: Allows data exchange between sending and receiving
systems
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
16. Interface EngineAllows data exchange between sending and
receiving systemsUses translation tables to move data from each
system to the clinical data repository, a database where
collective data from all information systems are stored and
managed
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Interface Engine …Benefits of Interface EngineTimeliness and
availabilityDecrease integration cost, time, effort as alternative
to point-to-point typeImprove data quality with data
mappingPreserve institutional investment in existing
systemsSimplify data processingImprove management of care,
financial tracking for care rendered, and efficacy of treatment
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
17. Clinical Data RepositoryProvides data definition consistency
through mapping May also be referred to as the clinical data
warehouse (CDW)Mapping—terms defined in one system are
associated with comparable terms in another system
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Real-Time vs. Batch ProcessingReal-time processing occurs
immediately or almost immediately; used when speed is
important.Batch processing usually occurs once daily at the end
of the day (traditionally when there are fewer demands on the
processor).
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
InteroperabilityAbility of two entities to exchange and
predictably use data or information while retaining the original
meaning of data (technical interoperability)Used
interchangeably with term “interface” but interface engine
18. routes information from system to system without enabling
understanding/use
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Types of InteroperabilitySyntactic (functional/process)—ability
to exchange the structure of the data, but not the
meaningSemantic—guarantees meaning of the exchanged data
on both ends of the transactionCritical for clinical
dataProcess—business processes at related
organizations/partners can wok together
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Interoperability EffortsOpenEHR to provide “archetypes” high-
quality, reusable clinical models of content and
process“Header”, “definition”, “ontology”Service-oriented
architecture (SOA) to create key functions as modulesReusable,
self-contained “object”Vendor and technology neutralReadily
available in “registry of service”
19. IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Benefits of InteroperabilityImproved access to
informationImproved physician workflow, productivity, and
patient careImproved safetyFully standardized healthcare
information exchangeEstimated savings = 5% annual U.S.
healthcare expenditures
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Integration IssuesMassive undertakingVendors failure to deliver
on promisesLack of agreement on standardsPolitics and
powerLack of agreement on data dictionary, data mapping, and
clinical data repository Fear of changeCompetition among
providers
IS 531 : Lecture 13
*
IS 531 : Lecture 13
20. *
*
Drivers / Success FactorsConsumer demands for improved
careDemands from managed careThe move toward the
EHRImproved trendingEasier data collection for accreditation
purposes, research
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Integration RequirementsData Dictionary —defines terminology
to ensure consistent understanding and use Master Patient index
(MPI)—database that lists all identifiers assigned to a client in
all the information systems within an enterpriseClinical Data
Repository
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
21. Uniform LanguageProvides uniform definition of
termsFacilitates communication and ability to exchange data
with a shared meaningFacilitates ability to replicate
researchSystematized Nomenclature of Medical-Clinical Terms
(SNOMED-CT) recognized by American Nurses Association
(ANA)
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
Role of the NurseMust be involved in: Identifying and defining
data elements that an interface can supplyDetermining measures
to ensure the quality of data exchanged among individual
systemsFormation and maintenance of the electronic health
record
IS 531 : Lecture 13
*
IS 531 : Lecture 13
*
*
IS 531 : Lecture 13
22. *
IS 531 : Lecture 13
References
IS 531 : Lecture 13
*
HIMSS (2016), Interoperability & Standards
http://www.himss.org/library/interoperability-standards
HIMSS (2016), Interoperability Showcases
http://www.himss.org/News/NewsDetail.aspx?ItemNumber=477
51
HIT (2014), 10 Year Vision of HT Operability
http://www.healthit.gov/sites/default/files/ONC10yearInteropera
bilityConceptPaper.pdf
IS 531 : Lecture 13
http://www.csun.edu/~dn58412/IS531
Lecture 11
Information Systems Training
(Chapter 11)
Learning Objectives
Significance of training in systems implementation
The training plan and its components
Issues in identification of training needs
23. IS 531 : Lecture 11
*
IS 531 : Lecture 11
The Significance of TrainingHealthcare workers use information
systems to access and document patient informationTraining
plays a vital role in the adoption and integration of computer
technology in healthcare IT/IS proficiency is a required skill for
healthcare professionals, not a “nice-thing-to-have”
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
The Training PlanMust align with the organization’s strategic
initiatives Provide blueprint for how employees will learn new
computer skillsFocus on the development of knowledge and
skills in an organized way Design to ensure instructional
success
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
24. Training Plan ComponentsPhilosophyIdentification of training
needsApproachResourcesTimetable and training
scheduleBudgetEvaluation strategy
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
PhilosophyInstruction at a dedicated time close to the go-live
dateRemoved from work areaIndependent to other work
responsibilitiesFree of work-related distractions and
interruptions
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training Needs IdentificationWhoWhat content
areaWhenHowHow longWhereWith what equipment
IS 531 : Lecture 11
*
25. IS 531 : Lecture 11
*
*
Training ApproachFollows needs assessmentDetermines
ContentInstructional interventionsDelivery methodsCreation or
purchase of training materialsIn-house trainers vs. outsourced
training
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
ResourcesWhere will the budget for resources come
from?Salaries for trainers, support staff, replacement staff, and
employees Who will coordinate training?Who will teach?
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
26. Timetable and Training ScheduleCoordinated with go-live
dateConsiderations:Number of persons to be trainedAmount of
time required to train each user groupAmount of time needed
for all trainingBudget requirementsEnough time for knowledge
transfer, practice, and application of skills
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
EvaluationProficiency testingMay be done electronicallyCan
provide immediate feedbackReflects need for basic skills to
perform jobPre- and post-training assessmentsMust consider
needed remediations
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Issues in Identification of
Training NeedsEnd usersTraining class contentClass
27. schedulesEquipment requirementsTraining costsTraining
centerTraining approachesTraining materialsProficiency
assessments
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Systems UsersEnd users : healthcare workers who use an
information system to view or document client
informationGrouped by job class responsibilitiesUsers who
perform similar functions constitute a “class”User classes
determine applications, level of access needed, training content,
training time needed
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training Class Content Computer-related policies: user account,
IDAccess privilegesHuman factors: anxiety,
uncertaintyComputer literacyWorkflow changes in new
system/applicationScreen and system “freezes”: why, what to
28. doSystem idiosyncrasies disrupt user’s comfort zone
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training Class Content . . . Electronic help: manual, context-
help, onlineError messages: missing info, data entry errorError
correction: automated, manualMaintenance and basic
troubleshootingDowntime (planned, unplanned)
proceduresRetrieval of information and other functions
Realistic situations
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training ScheduleLength of training dayOff-shift and weekend
classesOvertime vs. part of regular work hoursTraining before
or after workshiftsPreparation time for classesConvenience of
training location
IS 531 : Lecture 11
*
IS 531 : Lecture 11
29. *
*
Training EquipmentHardware, software, and environment
requirements need to mirror those in the work environment.
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training ApproachesAdvantages , Disadvantages, and Effective
Tips,Ref. Table 11-2 (pp.223-224)
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training ApproachesInstructor ledTechnology basedOn-the-job
trainingBlended approachAdjunct aids
30. IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Instructor-Led TrainingClassroom techniques that engage the
participants, such as active participation, group activities,
hands-on exercises, and other various instructional approaches
enhance attention and learning
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Technology-Based TrainingUses technology to teach
technologyComputer-based trainingWeb-based training
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
31. On-the-Job TrainingAppropriate for short sessionsSubject to
interruptionsMay or may not catch all the people who need
training
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Blended Training ApproachMaximize knowledge
retentionTarget different learning styles Encourage active
participation
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
Training MaterialsMust be well designed and reflect “real”
systemLearning aids: to supplement training Job aids: written
instructions for use in training and work settings
IS 531 : Lecture 11
*
32. IS 531 : Lecture 11
*
*
Trainer SelectionInternal vs. external trainersTeaching skills,
experience, ability to interact with others, familiarity with
different training approachesMust understand various user
classes and job needsCentralized versus departmental training
Core set of internal trainers from own personnel ranksSuper
users: understand department workflow, can serve as peer
mentors
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
ROI from Training
IS 531 : Lecture 11
*Return on investment should measure by employee’s job
satisfaction and retention.Well-trained attain required skill
levels in less time, ask for less assistance, spend less time to
correct errors
IS 531 : Lecture 11
33. *
*
Training NonemployeesSignificant numbers of office staff
members and students require training and accessMust consider
this population in the overall training planOrganization may not
have benefits
IS 531 : Lecture 11
*
IS 531 : Lecture 11
*
*
http://www.csun.edu/~dn58412/IS531
Lecture 10
System Implementation and Maintenance
(Chapter 10)
Learning Objectives
Cultural change in System Implementation
Implementation committee
Issues in test, training, and production environments.
The “go-live” process
Implementation pitfalls.
34. Maintenance and System Life Cycle
IS 531 : Lecture 10
*
IS 531 : Lecture 10
System Implementation
Third phase of the life cycle
Begins with purchase of the system
Planning before purchase
Selection of the implementation committee to oversee the
process
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Implementation Committee
Project leader—needs to be involved in the entire process
Technical staff
Informatics representatives
Clinical representatives
Managers who understand day-to-day operations and how those
processes might be improved
IS 531 : Lecture 10
*
IS 531 : Lecture 10
35. *
*
Implementation Committee
Steering Committee membership and organizational issues are
as important as the technology when implementing a new
system.
The project leader must have strong leadership and
communication skills.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Committee Tasks
Develop plan /work breakdown structure (who is responsible of
what, timeframe).
Schedule tasks for implementation.
Define the scope of each task.
Identify timelines and “go-live” date.
Identify resources and constraints.
Get to know the system.
Research what data is needed and how it is used.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
36. *
*
Getting to Know the System
“Base” system—supplied by vendor without any changes
Training for committeeOn-site training by the vendorVendor
training at corporate headquartersConsultants may provide
training
Should revisit issues examined during selection
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Issues to Revisit
Is technology current? Upgradable?
Financial stability of vendor
Vendor compliance with regulations
Integration with other systems
Support different types of patient accounts
Clinical support (client care)
EMR support
IS 531 : Lecture 10
*
IS 531 : Lecture 10
37. *
*
Cultural Changes in System Implementation
IS 531 : Lecture 10
*
“If change does not produce a notable resistance, then the
change is probably not big [significant] enough”
New IT always change life (at home/at work)
People should embrace (buy-in) the reason for change
Any change should make people feel differently (more
important/valuable/ effective/efficient …)
IS 531 : Lecture 10
*
*
Base System vs. Custom
System as-is vs. customized
Workflow Optimization: Gap Analysis to identify required
changes in workflows and prototype
Customization requires time and resources.
Customization may have ripple effects on other systems and
interoperability.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
38. *
*
System Function
A task performed manually or automated
Must identify information pertinent to completion of each
function
ExamplesOrder entryResults reportingDocumentation
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
System Output
Material generated by the system
ExamplesRequisitions produced in other
departmentsReportsDiagnostic resultsWork listsCharges
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
39. Required Output for
New System
Analyses of the current and desired workflows provide this
information.
Specifications must be agreed to, or “signed off” by, managers
in the areas that will be impacted.
Constant changes to specifications delay the project and
increase costs.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Test Environment
System testing vs. integrated testing
Use a copy of the information system software to make changes
from the off-the-shelf version
Programmed changes are tested to ensure that they work as
designed
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
40. *
Test Plan
Long-range goals (what for) and test items (what)
Test Script provides a series of transactions from beginning to
end for all associated functions
Requires input and participation from users from all areas of the
facility
Evaluate actual vs. desired output
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Hardware Requirements
Analysis of needs must be done early in the implementation
phase
ConsiderationsNetwork infrastructureTypes of workstations and
mobile devicesWorkstation locationsHardware locationsPrinter
needs
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
41. Network Infrastructure
Should be determined early—later changes will increase
costsNetwork configuration requirementsServer specifications—
memory, processing power, consider future needsTechnical
standardsCabling and powerWireless access
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Workstations and Mobile Devices
Advantages and disadvantages of each type of device.
The number of devices needed.
Technology and support for access by PDAs and handheld
devices.
Where devices will be located.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
42. Procedures and Documentation
Determine how the system will be used before end user training
starts.
Evaluate/revise policies and procedures for system use and
include in training.
Develop user guides.
What to do in the case of planned and unplanned system
downtime
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
System Documentation
Develop a “dictionary of terms” and map terms from one system
to another.
Mapping terms across systems help to ensure high-quality data.
Finalize pathways and screens before the test plan is written and
training starts.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
43. User System Training
Do not start until changes are complete
Training environment—separate copy of the information system
software that works the same way as the actual system and is
populated by fictitious clients
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Go-Live Planning
Go-live—system running and used to collect and process actual
client data
Implementation strategies / rollout —staggered/modular/all at
once
Conversion—bring in old data (backloaded)
Develop the support schedule
Develop evaluation procedures
Develop a procedure to request post go-live changes
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
44. Implementation Pitfalls
Underestimation of time and resources needed
Ongoing addition of changes and more features (“scope creep”
and “feature creep”)
Failure to consider costs for annual maintenance and other
expenses
Problems with testing or training
Lack of system “ownership” by users
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Maintenance
User support—resource staff available during go-live on units
and via help desk at all times
User feedback / requests for changes analyzed and appropriate
changes made to identify problems
Must apply updates to all three environments—testing, training,
and production/live
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
45. Technical Maintenance
Problem solving and debugging
Backup supply of hardware
File backup procedures
Storage space
Interfaces with other current/new systems
System upgrade
Disaster recovery plan
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Return on Investment (ROI)
A system having poor performance, dated, outgrown should be
replaced
Financial justification for changesDecrease in costs/expenses
Increase in profits/benefits (tangible vs. intangibles)
Payback /break-even
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
46. The Role of Nursing
All users should have input into the systems that they use.
Nurse informaticists provide “credibility” for information
system projects.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
Nurse Informaticist Responsibilities
The Chief Nursing Officer (CNO) must work with key figures to
develop strategies to transform care, prioritize system design to
maximize the value and benefits of a clinical information
system, and reallocate time saved in documentation and other
efficiencies to improve client care services.
IS 531 : Lecture 10
*
IS 531 : Lecture 10
*
*
http://www.csun.edu/~dn58412/IS531
47. Lecture 14
Policy, Legal, and Regulatory Issues in HIS
(Chapters 18,19,20)
Learning Outcomes
Status of current healthcare delivery system and related policies
in US
Legal issues and their implementation
Regulatory issues and agencies
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Status of U.S. Healthcare Delivery SystemHigher
expenditureStandardizationFragmented careUnequal access to
careLess-than-optimal safetyPoor evaluation by
patientsPayment for service rather than maintaining
wellnessLack of rewards for primary care
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Healthcare ReformHealth IT was seen as a tool to aid the reform
process with HER, PHR, HIEPresident Bush’s executive orders
in 2004, 2006 to create National Health Information Technology
CoordinatorPresident Obama’s ARRA 2009 supports 2014 goal
for the EHRs
IS 531 : Lecture 14
*
48. IS 531 : Lecture 14
National Health Information Technology PolicyEven with the
creation many committees, taskforces, workgroups the United
States has been very slow to follow. The American Recovery
and Reinvestment Act (ARRA) of 2009 supported adoption of a
nationwide health information infrastructure. Education of
professionals and general public is needed.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Our RolesPublicNeed greater awareness on benefits and
risksNurses Professional responsibilityProfessional duty
IS 531 : Lecture 14
*
IS 531 : Lecture 14
IssuesLack of motivation to share information across
institutionsEstablished constituencies are resistant to change
IS 531 : Lecture 14
*
IS 531 : Lecture 14
LegislationElectronic Signatures in Global and National
Commerce Act (ESIGN) in 2000: legal status for electronic
signature Medicare Improvements for Patients and Providers
Act (MIPPA) in 2008: financial incentive for e-
49. prescribingHealth Insurance Portability and Accountability Act
(HIPAA) in 1996: legal protection for personal health
informationAmerican Recovery and Reinvestment Act (ARRA)
in 2009: provision for IT in HIS
IS 531 : Lecture 14
*
IS 531 : Lecture 14
HIPAAThe Health Insurance Portability and Accountability Act
(1996) called for the establishment of an electronic patient
records system and privacy rules. It also affects all aspects of
health information management, including privacy and security
of patient records, coding, and reimbursement.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
ARRAThe American Recovery and Reinvestment Act (2009)
included provision for information technology in general and
health information technology. HITECH Act makes changes to
HIPAA and provides more funding for EHRs.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
EHR IncentivesIn 2011, Medicare and Medicaid will provide
financial incentives to physicians and hospitals for meaningful
use of health information technology. Negative incentives will
begin in 2015.
IS 531 : Lecture 14
50. *
IS 531 : Lecture 14
Privacy and Security ProvisionsBreaches in privacy and security
are reportable to Department of Health and Human Services.
Patients can restrict some disclosure of personal health
information.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Patient Protection and
Affordable Care Act (2010)Guarantees access to healthcare for
all AmericansCreates new incentives to change clinical practice
and improve quality of careGives practitioners more
information to improve practiceGive patients more information
to make conscious decisions
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Regulatory AgenciesRegulatory agencies are public
authorities or government agencies responsible for exercising
authority over some area in a regulatory or supervisory
capacity. Health insurance regulation is visible at every
government level. Each state determines how it will fill this
regulatory role mandated at the federal level.
IS 531 : Lecture 14
*
51. IS 531 : Lecture 14
Regulatory IssuesThe ability to access sensitive health
information in electronic patient records by many different
sources generates growing concerns over privacy and
confidentiality.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
*
*
MedicareMedicare:Part A: facility-related expenses (no
premium, annual deductible)Part B: medically necessary
physician and outpatient expenses (80% with annual
deductible)Part C: Advantage Plan with some additional
benefits (monthly premium)Part D: certain prescription drugs
and medical supplies
IS 531 : Lecture 14
*
IS 531 : Lecture 14
MedicaidMedicaid eligibility is determined by income and
regulated by stateMedicaid covers approved expenses but not
paid by Medicare
IS 531 : Lecture 14
*
52. IS 531 : Lecture 14
State Health DepartmentsPublic health conditions in
marketplaces and workforcesSchools, mental health facilities,
rehabilitation hospitalsDiseases , contaminationRegulated by
federal, state, county
IS 531 : Lecture 14
*
IS 531 : Lecture 14
Reimbursement IssuesMedicare, Medicaid, and other third-party
payers dictate reimbursement criteria. Documentation is key to
documenting the need for service and reimbursement.Automated
systems enhance the quality of documentation, which can
improve reimbursement, track claims status, report denials, and
shorten the revenue cycle.
IS 531 : Lecture 14
*
IS 531 : Lecture 14
*
*
IS 531 : Lecture 14
*Adhere to a uniform formatCommon terms:Common procedural
TerminologyHealthcare Common Procedure Coding
SystemNational provider IdentifierUnique Physician
Identification Number
53. Electronic Data Interchange in Reimbursement
IS 531 : Lecture 14
*
*
IS 531 : Lecture 14
*Control for quality of healthcare services provided to patients
by professional and facilitiesHospital-basedPhysician-based
Pay for Performance
IS 531 : Lecture 14
*
*
ICD-10-CM codesICD-10-CM codes (WHO’s International
Classification of Diseases)System of codes for diagnoses and
proceduresProvide reimbursement for services delivered in
outpatient areas
IS 531 : Lecture 14
*
IS 531 : Lecture 14
*
*
54. Healthcare Common Procedure Coding System (HCPCS) Level I
(Current Procedural Terminology [CPT])—numeric system used
for services and procedures furnished by physicians and other
providers, maintained by the AMALevel II—products, supplies,
durable medical equipment, prosthetics, and orthotics Medicare
and Medicaid services maintain and distribute HCPCS Level II
codes
IS 531 : Lecture 14
*
IS 531 : Lecture 14
*
*
IssuesExpansion of the “Do Not Pay” List for preventable
complicationFinancial incentives for implementing technology
Adoption for certified HER Systems and Medicare
reimbursementMeaningful use of EHR
IS 531 : Lecture 14
*
IS 531 : Lecture 14
ReferencesHealth IT Legislation and Regulations
http://www.healthit.gov/policy-researchers-
implementers/health-it-legislationHealth Information Privacy
(HIPAA, PSQIA)
http://www.hhs.gov/ocr/privacy/Medicare