Developing an Interdisciplinary Health Informatics Security and Privacy Program Xiaohong Yuan, Jinsheng Xu, Department of Computer Science Hong Wang, Department of Management Kossi Edoh, Department of Mathematics North Carolina A&T State University SIGCSE 2014 1 Outline Motivation Health Informatics Security and Privacy Concentration Courses for the Concentration Course modules for the Concentration Assessment Conclusion 2 Motivation - 1 Health informatics is one of the nation’s largest growing industries ◦ President Obama made the use of IT and EHRs a top goal ◦ Offered up to $27 billion in government funds for switching from paper to electronic medical records Healthcare Informatics is one of the top careers ◦ approximately 70,000 health informatics specialists are needed (according to Don Detmer, CEO of AMIA) ◦ employment of medical records and health information technicians is expected to grow by more than 20% through 2018, resulting in over 207,000 jobs creation by 2018 (US Bureau of Labor Statistics). 3 Motivation - 2 It is highly important for health informatics to understand the many concerns of security, privacy, integrity and reliability. We developed Bachelor of Science in Computer Science (BSCS) concentration in Health Informatics Security and Privacy (HISP) ◦ Leverage the strength of IA education at NC A&T ◦ Leverage the existing interdisciplinary collaborations 4 The BSCS Concentration in HISP Requires the following four core courses: COMP323: Introduction to Healthcare Information Systems MATH 410: Mathematics for Health Informatics MIS640: MIS Topics An Information Assurance elective ◦ Choose from: COMP320: Fundamentals of Information Assurance or COMP321: Computer Systems Security or COMP420: Applied Network Security or COMP421: Security Management for Information Assurance) 5 HISP concentration vs. Regular BSCS Program HISP concentration requires the same number of credit hours as the regular BSCS program BSCS requires 9 credit hours of CS electives. ◦ For HISP concentration, they are used for taking COMP323, MATH410, and IA elective BSCS requires 3 credit hours of business elective ◦ For HISP, it is used for taking MIS 640 6 COMP323 Introduction to Health Care Information Systems - 1 Textbook ◦ Healthcare Information Systems by Karen A. Wagner Topics ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ Types of Healthcare Data and Information Health Care Data Quality Laws, Standards, and Regulations related to Healthcare Information History of Healthcare Information Systems Current and Emerging Use of Clinical Information Systems System Acquisition, Implementation and Support Technologies that Support Healthcare Information Systems Healthcare Information Systems Standards Laws and Standards for Healthcare Information Security and Privacy Microsoft HealthVault Access Control in Health Information Systems 7 COMP323 Introduction to Health Care Information Systems – 1I Project 1 ◦ Research available job openings in health information systems and give presentation Project 2 ◦ Visit a health care facility as a group, interview personnel in the facility, write a report, and give presentation Project 3 ◦ Write an application for Microsoft HealthVault 8 COMP323 Introduction to Health Care Information Systems – 1II Project 4 ◦ Use OpenEMR to create a health care practice and keep track of patient’s medical records Project 5 ◦ Research 5 healthcare information system vendors that offer EMR products. Compare the products, write a report and present Project 6 ◦ Research on health organizations that are using Web 2.0 technologies to establish connections with patients or other consumers, describe how they use Web2.0 technologies 9 MIS 485 MIS Topics - I Capstone course focusing on emerging IS and IT topics Topics ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ Informatics in healthcare professions Ensuring quality and best use of information Professional use of electronic resources Healthcare information systems Selecting a health information system Information security and confidentiality System integration and operability The role of standardized terminology and languages in informatics ◦ Telehealth ◦ Evidence-based practice and research 10 MIS 485 MIS Topics - II Offered in Spring 2013 Student are asked to read articles on health informatics, and write a proposal for corporate use of health informatics 11 MATH410 Mathematics for Health Informatics - I Offered in Spring 2013 Topics ◦ Descriptive biostatistics and sample distribution ◦ Probability distributions and Estimation ◦ Testing hypothesis, regression analysis, nonparametric and distribution-free statistics ◦ Heath information privacy and security 12 MATH410 Mathematics for Health Informatics - II Project 1 ◦ Write R programs to compute basic statistic such as mean, variance and percentiles, and plotting statistical graphs. Project 2: ◦ Use R packages abd, asbio and tsmodel, and analyze breast tissue data. Project 3 ◦ Use R for Poisson distribution, Estimation and Hypothesis testing. Project 4 ◦ Select a topic on their own in health information security and write a paper on that. 13 Course Module I – Laws and Standards for Health Information Security and Privacy Laws ◦ Pre-HIPPA, HIPPA, Gramm Leach Bliley Act, Sarbanes-Oxley Act of 2002, Patient Safety and Quality Improvement Act of 2005, Health Information Technology for Economic and Clinical Health (HITECH). Standards ◦ ISO 17799, Control Objective for Information and Related Technology (COBIT), the Health Information Trust Alliance (HITRUST) Control Security Framework (CSF), ISO/IEC 27002:2005, ISO/IEC 27001:2005, ISO 27799:2000, NIST (National Institute of Standards and Technology) Special Publication 800-53, ISO 27799:2008, ISO 17090:2008, and ISO/TS 25237: 2008 Mini-case studies are designed to help students understand HIPPA 14 Course Module II: Access Control in Health Information Systems Introduce Role-based Access Control (RBAC) based on NIST model Design scenarios to demonstrate how to design RBAC for HIS Expose students to the access control mechanism of OpenMRS 15 Course Module III: XML and Microsoft HealthVault Introduce XML and XML security mechanism Introduce a Personal Health System Microsoft HealthVault, and how XML is used in HealthVault Write an application for Microsoft HealthVault 16 Assessment Students indicated high interest levels in Healthcare Informatics. Most students indicated that they had not been exposed to Healthcare Informatics and had not considered career paths in the field prior to this course. “I didn’t know this was an option before.” One student had considered the field prior to the course, but also said that “this course really connected the dots for me.” Some students stated that they have definite plans to attend graduate school and to pursue Healthcare Informatics careers. Application of statistics in healthcare case studies demonstrated the value and relevance of statistics in helping society. 17 Conclusion We developed an Interdisciplinary Health Informatics Security and Privacy Concentration Preliminary assessment results are positive We need to advertise the program, and continue assessing the program 18