Slides - University of Virginia

advertisement
Developing an Interdisciplinary
Health Informatics Security and
Privacy Program
Xiaohong Yuan, Jinsheng Xu, Department of Computer Science
Hong Wang, Department of Management
Kossi Edoh, Department of Mathematics
North Carolina A&T State University
SIGCSE 2014
1
Outline
Motivation
 Health Informatics Security and Privacy
Concentration
 Courses for the Concentration
 Course modules for the Concentration
 Assessment
 Conclusion

2
Motivation - 1

Health informatics is one of the nation’s largest
growing industries
◦ President Obama made the use of IT and EHRs a top
goal
◦ Offered up to $27 billion in government funds for
switching from paper to electronic medical records

Healthcare Informatics is one of the top careers
◦ approximately 70,000 health informatics specialists are
needed (according to Don Detmer, CEO of AMIA)
◦ employment of medical records and health information
technicians is expected to grow by more than 20%
through 2018, resulting in over 207,000 jobs creation by
2018 (US Bureau of Labor Statistics).
3
Motivation - 2

It is highly important for health informatics
to understand the many concerns of security,
privacy, integrity and reliability.

We developed Bachelor of Science in
Computer Science (BSCS) concentration in
Health Informatics Security and Privacy
(HISP)
◦ Leverage the strength of IA education at NC A&T
◦ Leverage the existing interdisciplinary
collaborations
4
The BSCS Concentration in HISP
Requires the following four core courses:




COMP323: Introduction to Healthcare Information
Systems
MATH 410: Mathematics for Health Informatics
MIS640: MIS Topics
An Information Assurance elective
◦ Choose from:




COMP320: Fundamentals of Information Assurance or
COMP321: Computer Systems Security or
COMP420: Applied Network Security or
COMP421: Security Management for Information Assurance)
5
HISP concentration vs. Regular
BSCS Program
HISP concentration requires the same
number of credit hours as the regular
BSCS program
 BSCS requires 9 credit hours of CS
electives.

◦ For HISP concentration, they are used for
taking COMP323, MATH410, and IA elective

BSCS requires 3 credit hours of business
elective
◦ For HISP, it is used for taking MIS 640
6
COMP323 Introduction to Health
Care Information Systems - 1

Textbook
◦ Healthcare Information Systems by Karen A. Wagner

Topics
◦
◦
◦
◦
◦
◦
◦
◦
◦
◦
◦
Types of Healthcare Data and Information
Health Care Data Quality
Laws, Standards, and Regulations related to Healthcare Information
History of Healthcare Information Systems
Current and Emerging Use of Clinical Information Systems
System Acquisition, Implementation and Support
Technologies that Support Healthcare Information Systems
Healthcare Information Systems Standards
Laws and Standards for Healthcare Information Security and Privacy
Microsoft HealthVault
Access Control in Health Information Systems
7
COMP323 Introduction to Health
Care Information Systems – 1I

Project 1
◦ Research available job openings in health
information systems and give presentation

Project 2
◦ Visit a health care facility as a group, interview
personnel in the facility, write a report, and
give presentation

Project 3
◦ Write an application for Microsoft
HealthVault
8
COMP323 Introduction to Health
Care Information Systems – 1II

Project 4
◦ Use OpenEMR to create a health care practice
and keep track of patient’s medical records

Project 5
◦ Research 5 healthcare information system
vendors that offer EMR products. Compare the
products, write a report and present

Project 6
◦ Research on health organizations that are using
Web 2.0 technologies to establish connections
with patients or other consumers, describe how
they use Web2.0 technologies
9
MIS 485 MIS Topics - I
Capstone course focusing on emerging IS and IT
topics
 Topics

◦
◦
◦
◦
◦
◦
◦
◦
Informatics in healthcare professions
Ensuring quality and best use of information
Professional use of electronic resources
Healthcare information systems
Selecting a health information system
Information security and confidentiality
System integration and operability
The role of standardized terminology and languages in
informatics
◦ Telehealth
◦ Evidence-based practice and research
10
MIS 485 MIS Topics - II
Offered in Spring 2013
 Student are asked to read articles on
health informatics, and write a proposal
for corporate use of health informatics

11
MATH410 Mathematics for Health
Informatics - I
Offered in Spring 2013
 Topics

◦ Descriptive biostatistics and sample
distribution
◦ Probability distributions and Estimation
◦ Testing hypothesis, regression analysis,
nonparametric and distribution-free statistics
◦ Heath information privacy and security
12
MATH410 Mathematics for Health
Informatics - II

Project 1
◦ Write R programs to compute basic statistic such as
mean, variance and percentiles, and plotting statistical
graphs.

Project 2:
◦ Use R packages abd, asbio and tsmodel, and analyze
breast tissue data.

Project 3
◦ Use R for Poisson distribution, Estimation and
Hypothesis testing.

Project 4
◦ Select a topic on their own in health information
security and write a paper on that.
13
Course Module I – Laws and Standards for
Health Information Security and Privacy

Laws
◦ Pre-HIPPA, HIPPA, Gramm Leach Bliley Act, Sarbanes-Oxley Act of
2002, Patient Safety and Quality Improvement Act of 2005, Health
Information Technology for Economic and Clinical Health
(HITECH).

Standards
◦ ISO 17799, Control Objective for Information and Related
Technology (COBIT), the Health Information Trust Alliance
(HITRUST) Control Security Framework (CSF), ISO/IEC
27002:2005, ISO/IEC 27001:2005, ISO 27799:2000, NIST (National
Institute of Standards and Technology) Special Publication 800-53,
ISO 27799:2008, ISO 17090:2008, and ISO/TS 25237: 2008

Mini-case studies are designed to help students
understand HIPPA
14
Course Module II: Access Control in
Health Information Systems
Introduce Role-based Access Control
(RBAC) based on NIST model
 Design scenarios to demonstrate how to
design RBAC for HIS
 Expose students to the access control
mechanism of OpenMRS

15
Course Module III: XML and
Microsoft HealthVault
Introduce XML and XML security
mechanism
 Introduce a Personal Health System
Microsoft HealthVault, and how XML is
used in HealthVault
 Write an application for Microsoft
HealthVault

16
Assessment





Students indicated high interest levels in Healthcare
Informatics.
Most students indicated that they had not been exposed to
Healthcare Informatics and had not considered career paths
in the field prior to this course. “I didn’t know this was an
option before.”
One student had considered the field prior to the course,
but also said that “this course really connected the dots for
me.”
Some students stated that they have definite plans to attend
graduate school and to pursue Healthcare Informatics
careers.
Application of statistics in healthcare case studies
demonstrated the value and relevance of statistics in helping
society.
17
Conclusion
We developed an Interdisciplinary Health
Informatics Security and Privacy
Concentration
 Preliminary assessment results are
positive
 We need to advertise the program, and
continue assessing the program

18
Download