Slides - University of Virginia

Developing an Interdisciplinary
Health Informatics Security and
Privacy Program
Xiaohong Yuan, Jinsheng Xu, Department of Computer Science
Hong Wang, Department of Management
Kossi Edoh, Department of Mathematics
North Carolina A&T State University
 Health Informatics Security and Privacy
 Courses for the Concentration
 Course modules for the Concentration
 Assessment
 Conclusion
Motivation - 1
Health informatics is one of the nation’s largest
growing industries
◦ President Obama made the use of IT and EHRs a top
◦ Offered up to $27 billion in government funds for
switching from paper to electronic medical records
Healthcare Informatics is one of the top careers
◦ approximately 70,000 health informatics specialists are
needed (according to Don Detmer, CEO of AMIA)
◦ employment of medical records and health information
technicians is expected to grow by more than 20%
through 2018, resulting in over 207,000 jobs creation by
2018 (US Bureau of Labor Statistics).
Motivation - 2
It is highly important for health informatics
to understand the many concerns of security,
privacy, integrity and reliability.
We developed Bachelor of Science in
Computer Science (BSCS) concentration in
Health Informatics Security and Privacy
◦ Leverage the strength of IA education at NC A&T
◦ Leverage the existing interdisciplinary
The BSCS Concentration in HISP
Requires the following four core courses:
COMP323: Introduction to Healthcare Information
MATH 410: Mathematics for Health Informatics
MIS640: MIS Topics
An Information Assurance elective
◦ Choose from:
COMP320: Fundamentals of Information Assurance or
COMP321: Computer Systems Security or
COMP420: Applied Network Security or
COMP421: Security Management for Information Assurance)
HISP concentration vs. Regular
BSCS Program
HISP concentration requires the same
number of credit hours as the regular
BSCS program
 BSCS requires 9 credit hours of CS
◦ For HISP concentration, they are used for
taking COMP323, MATH410, and IA elective
BSCS requires 3 credit hours of business
◦ For HISP, it is used for taking MIS 640
COMP323 Introduction to Health
Care Information Systems - 1
◦ Healthcare Information Systems by Karen A. Wagner
Types of Healthcare Data and Information
Health Care Data Quality
Laws, Standards, and Regulations related to Healthcare Information
History of Healthcare Information Systems
Current and Emerging Use of Clinical Information Systems
System Acquisition, Implementation and Support
Technologies that Support Healthcare Information Systems
Healthcare Information Systems Standards
Laws and Standards for Healthcare Information Security and Privacy
Microsoft HealthVault
Access Control in Health Information Systems
COMP323 Introduction to Health
Care Information Systems – 1I
Project 1
◦ Research available job openings in health
information systems and give presentation
Project 2
◦ Visit a health care facility as a group, interview
personnel in the facility, write a report, and
give presentation
Project 3
◦ Write an application for Microsoft
COMP323 Introduction to Health
Care Information Systems – 1II
Project 4
◦ Use OpenEMR to create a health care practice
and keep track of patient’s medical records
Project 5
◦ Research 5 healthcare information system
vendors that offer EMR products. Compare the
products, write a report and present
Project 6
◦ Research on health organizations that are using
Web 2.0 technologies to establish connections
with patients or other consumers, describe how
they use Web2.0 technologies
MIS 485 MIS Topics - I
Capstone course focusing on emerging IS and IT
 Topics
Informatics in healthcare professions
Ensuring quality and best use of information
Professional use of electronic resources
Healthcare information systems
Selecting a health information system
Information security and confidentiality
System integration and operability
The role of standardized terminology and languages in
◦ Telehealth
◦ Evidence-based practice and research
MIS 485 MIS Topics - II
Offered in Spring 2013
 Student are asked to read articles on
health informatics, and write a proposal
for corporate use of health informatics
MATH410 Mathematics for Health
Informatics - I
Offered in Spring 2013
 Topics
◦ Descriptive biostatistics and sample
◦ Probability distributions and Estimation
◦ Testing hypothesis, regression analysis,
nonparametric and distribution-free statistics
◦ Heath information privacy and security
MATH410 Mathematics for Health
Informatics - II
Project 1
◦ Write R programs to compute basic statistic such as
mean, variance and percentiles, and plotting statistical
Project 2:
◦ Use R packages abd, asbio and tsmodel, and analyze
breast tissue data.
Project 3
◦ Use R for Poisson distribution, Estimation and
Hypothesis testing.
Project 4
◦ Select a topic on their own in health information
security and write a paper on that.
Course Module I – Laws and Standards for
Health Information Security and Privacy
◦ Pre-HIPPA, HIPPA, Gramm Leach Bliley Act, Sarbanes-Oxley Act of
2002, Patient Safety and Quality Improvement Act of 2005, Health
Information Technology for Economic and Clinical Health
◦ ISO 17799, Control Objective for Information and Related
Technology (COBIT), the Health Information Trust Alliance
(HITRUST) Control Security Framework (CSF), ISO/IEC
27002:2005, ISO/IEC 27001:2005, ISO 27799:2000, NIST (National
Institute of Standards and Technology) Special Publication 800-53,
ISO 27799:2008, ISO 17090:2008, and ISO/TS 25237: 2008
Mini-case studies are designed to help students
understand HIPPA
Course Module II: Access Control in
Health Information Systems
Introduce Role-based Access Control
(RBAC) based on NIST model
 Design scenarios to demonstrate how to
design RBAC for HIS
 Expose students to the access control
mechanism of OpenMRS
Course Module III: XML and
Microsoft HealthVault
Introduce XML and XML security
 Introduce a Personal Health System
Microsoft HealthVault, and how XML is
used in HealthVault
 Write an application for Microsoft
Students indicated high interest levels in Healthcare
Most students indicated that they had not been exposed to
Healthcare Informatics and had not considered career paths
in the field prior to this course. “I didn’t know this was an
option before.”
One student had considered the field prior to the course,
but also said that “this course really connected the dots for
Some students stated that they have definite plans to attend
graduate school and to pursue Healthcare Informatics
Application of statistics in healthcare case studies
demonstrated the value and relevance of statistics in helping
We developed an Interdisciplinary Health
Informatics Security and Privacy
 Preliminary assessment results are
 We need to advertise the program, and
continue assessing the program