Section 5.1 Maintain Ongoing System Maintenance, Administration, and Data Quality Management Use this tool for guidance on the importance of ongoing system maintenance, tools to evaluate system administration, and tips to ensure data quality management within your local public health (LPH) department’s electronic health record (EHR), health information exchange (HIE) support services, and other health information technology (HIT). Time needed: 4 hours Suggested other tools: 1.4 EHR Technology Readiness Inventory, 1.5 HIE Technology Readiness Inventory, 4.8 Change Control How to Use 1. Use the information on ongoing system maintenance to ensure that your information systems are well-maintained and you have contingency plans in the event of any service disruption. 2. Evaluate the need for and management of system administration. 3. Implement a process to ensure data quality. Ongoing System Maintenance Four types of ongoing system maintenance generally must be addressed in every information systems environment. 1. Corrective maintenance refers to any remedial steps needed to correct problems with the network, hardware, software, or utilization of information systems. These often reach the attention of IT staff through an informal process that, if not well managed, can become burdensome for your staff. If you are using an application service provider (ASP) or software as a service (SaaS) vendor as your primary support, your informal process could cause you to exceed your “routine maintenance” budget and you could be charged extra for service calls. Whether you use internal staff or a third party for IT support, one person within the organization (with appropriate backup) should track all corrective maintenance requests and be responsible for their documentation and resolution. Essentially, corrective maintenance is an extension of the issues management process (see 4.4 Issues Management) set up during planning for implementation. Corrective maintenance includes: Additional training or support that enables users to appropriately and fully utilize the information systems. Users may seek help directly. Training needs may be identified through system audits and should be documented. What many organizations refer to as help desk functions. You may not have a formal help desk, but someone in the facility should support this function. If your vendor has a help desk and you have contracted for ongoing maintenance and support, be aware that some vendors charge more for help when the information is already available to you through their system documentation. This is another good reason to have Section 5 Maintain—Ongoing System Maintenance, Administration, and Data Quality Management - 1 someone in your organization designated to receive these requests and review the documentation to determine whether the problem can be fixed internally or needs to be referred to the vendor. 2. Customized maintenance refers to modifying features already in existence in information systems that need to be updated or modified for user needs. Customized maintenance is essential in clinical information systems, which are constantly changing with new drugs, new treatment guidance, etc. Customized maintenance may be a part of help desk functionality. In addition to issues management, change control is an important element of customized maintenance. Changes to clinical information systems can have a ripple effect, which is not always desirable. IT staff should never act upon a clinical customization project without the approvals required by the change control procedure. 3. Enhancement maintenance refers to improving the performance of the network, hardware, application, or even the role of people in their development and use of these tools. IT staff and/or end users may be further trained as super users and be offered advanced skills in systems use and/or development (e.g., a super user may learn more advanced reporting skills, or an IT staff member may take an online relational database design course). Most of the enhancement maintenance is directed to the network, hardware, and software. Unfortunately, such enhancements are often made in reaction to a problem rather than proactively. For example, an electronic document management system (EDMS) application may necessitate network enhancement and the fact that the vendor no longer supports an application may trigger a search for a new product. All enhancements must be made within the context of appropriate issues management and change control procedures. For many such projects, a formal project plan (see 2.4 Project Management and 4.2 Managing the Project), including business case and budget (see 2.12 Total Cost Total Cost of Ownership and Return on Investment for EHR and HIE), the approval process, and even the acquisition process (see 3.4 Overview of HIE and HIT Vendor Selection) may be needed. 4. Preventive maintenance involves taking steps in advance to reduce the risk of a serious problem. It may include everything from resetting a person’s password, performing a backup, or recharging batteries to applying operating system patches, running a network scan, or replacing devices when they become obsolete. Some of these are routine system administration steps, while others may be major projects. Maintaining system documentation and managing all aspects of security, including contingency planning, also fall within the category of preventive maintenance. Many health care organizations have been somewhat lax about preventive maintenance, especially relating to contingency planning. However, as EHR and other HIT are adopted—becoming mission critical to the organization—preventive maintenance must be planned for as thoroughly as the original applications. Some key preventive maintenance steps include: Install all patches and updates for the operating system, application (including interfaces), and security software. Review information system activity, including system utilization, capacity, and response time. Replace servers, client devices, and network devices on a routine schedule. Provide for system administration services 24/7. Maintain network schematics, application inventories, and network inventories, potentially using automated tools to detect rogue devices or applications. Section 5 Maintain—Ongoing System Maintenance, Administration, and Data Quality Management - 2 Ensure network, server, and device redundancy with failure and fault tolerance capability. Maintain and test contingency plans for routine backup and restoration, business continuity, and disaster recovery—including manual contingency plans to be performed by end users if necessary. Utilize Internet and email usage/monitoring tools, firewalls, intrusion detection, and anti-malware tools. Secure all servers and network devices in an appropriate data center environment. Ensure system administration passwords are especially strong and protected, including separation of system administration duties from authorization responsibilities. System Administration System administration is the process of maintaining and operating computer systems and networks. This may be a relatively small job for IT in an ASP or SaaS environment. For an organization maintaining its own servers and network components, the systems administrator has duties that are wide-ranging. Whatever the scope of your needs, there must be at least one person tasked to perform or oversee these functions. Even when an outside company supplies system administration functions, including remote hosting, someone needs to manage that account and there needs to be someone who can perform basic system administration duties relating to hardware and documentation of needed changes. As the role of EHR, HIE, and HIT grow in your organization, you may need to find a staff member who can take on more system administration tasks, or even hire or contract for a system administrator. The following are general systems administrator responsibilities: Perform routine audits of systems and software. Perform backups. Apply operating system updates, patches, and configuration changes. Install and configure new hardware and software, including supporting and maintaining severs and other computers. Add, remove, or update user account information, reset passwords, etc. Answer technical queries. Perform security functions, including responding to service outages. Participate in system build and document the configuration of the system. Troubleshoot any reported problems. Fine-tune system performance. Insure that the network infrastructure is up and running. Handle basic programming. Conduct basic end user training. Manage projects. Participate in systems selection. Provide periodic reporting to management. Data Quality Management As EHRs, HIE, and other HIT are installed, they become important clinical tools; the quality of the data captured by these systems needs to be assured. All clinical tools require professional judgment Section 5 Maintain—Ongoing System Maintenance, Administration, and Data Quality Management - 3 for use and need to be calibrated regularly to ensure they perform optimally. Think of EHR as having these five rights: Right clinical data – to be captured and quality assured Right presentation – to be able to capture and retrieve the right data and be alerted properly Right decision – to have the right clinical decision support, based on the right data, presented in the right manner Right work processes – to support the capture and use of data Right outcomes – to result in the best possible outcomes for client safety and quality of care See Section 4.7 Data Management for a comprehensive discussion of ensuring the quality of data as it is captured in new ways. To evaluate data quality and ensure it supports optimal use of systems at the point of care, for quality improvement, data analytics for achieving health care value, public reporting, and other expanded functions—various steps can be performed: Health care professionals conduct audits of EHRs and resultant reports, looking for potential inconsistencies. For example, a list of clients and their lab results may reveal that some of the clients are no longer active with your department. Monitor complaint logs by end users to determine whether data fields allow for precision and edit checks occur correctly. Test data entry to determine that alerts and reminders fire correctly and can be performed (see 6.3 Optimization Strategies for Clinical Decision Support in EHR and HIE). Review the contents of comments or narrative fields to determine: o Where structured data templating is not occurring o Where there are inconsistencies between data templating and narrative fields o Where there is repetition between data templating and narrative fields Run various reports to perform reasonableness tests (e.g., how many residents are likely to have certain data elements included or excluded). Review clinical decision alert overrides to see if they point to data quality issues. As data quality issues are identified, remediation activities are needed, such as retraining, application modification, or policy modifications. Ensure that any changes made are documented in your Change Control log. Copyright © 2014 Stratis Health. Section 5 Maintain—Ongoing System Maintenance, Administration, and Data Quality Management - 4 Updated 01-01-14