Add to collection(s) Add to saved
  1. Science
  2. Health Science

Week 12: The Patient Record and Online Health

advertisement 
IUPUI School of Computing and Informatics
S644 / I635 Consumer Health Informatics
Week 12: The Patient Record and Online Health Information Security
Contents
Week 12 Learning Goals and Objectives....................................................................................................... 1
Week 12 Introduction ................................................................................................................................... 2
Week 12 Readings ......................................................................................................................................... 5
Week 12 Independent Learning Activities .................................................................................................... 6
Week 12 Forum Discussion ........................................................................................................................... 6
Week 12 Learning Goals and Objectives








Define, describe and provide examples of ‘provider-centric’ and ‘consumer-centric’
information systems.
Debate the pros and cons of provider-centric versus consumer-centric information
systems.
Explore the current debate over and trends toward the implementation of the
personal health record.
Explore the roles of individuals, and private, regional, state or national organizations
/ government in the oversight or administration of healthcare information.
Differentiate between privacy, confidentiality, and security in the context of CHI and
within information environments.
Appropriately apply the concepts of privacy, confidentiality, and security and related
relevant issues within the context of consumer health informatics.
Discuss, describe and apply the principles of information security to consumer health
informatics applications.
Discuss, describe and apply the principles of information security within the context
of the personal health record.
1
Week 12 Introduction
Welcome back after your independent study week!
Week 12 ends Module D: Challenges and Issues in CHI. Over the past few weeks (10 12) we looked beneath the surface to explore deeper economic, ethical and social
issues that influence the adoption of consumer health informatics tools in healthcare
settings.
This week we will continue our discussion of security, privacy and confidentiality in
consumer health informatics, extending it to technical questions surrounding the
security of electronic health information.
Years ago, the California HealthCare Foundation conducted a survey of 2,000
consumers on their health and privacy concerns. Please review the
document: http://www.chcf.org/publications/2005/11/national-consumer-health-privacysurvey-2005
Although this research took place quite a few years ago, many of the same issues still
linger. Why is this the case? What can we do to ease real and imagined concerns?
Despite implementation of HIPAA in 1996, 76% of the respondents reported that they
were “somewhat” or “very concerned” about the privacy of their personal health
information. Interestingly, more people (68%) believe paper records are more secure
than electronic health records.1 This remains true today, with people increasingly
concerned that their privacy will be violated if health information is available online or
digitally.
However, in reality, paper-based records are actually less secure than properly
monitored digital health data. For example, a few years ago, the Boston Herald
reported that for six months Brigham and Women’s Hospital had been faxing patient
information sheets (including social security numbers and the results of test for sexually
transmitted diseases) to a local bank.2 There have also been cases in which paper
records were dumped in trash bins without being shredded. Anyone could have taken
the materials out of those bins.
Electronic breaches do occur, however. Seven years ago, for example, the Indianapolis
Star reported that the Indianapolis Public Schools had inadvertently made available on
the web private student information, including social security numbers. Because minors
were involved, the Star held-off on reporting the security breaches until after the school
district had been notified and given time to rectify the problem. As far as anyone could
tell as time went by, these breaches did not result in any negative consequences for the
students involved.
More recently, Target stores – during the “Black Friday” shopping season -- lost control
of millions of consumers’ credit card information. These consumers were encouraged
2
to cancel their cards and change their account passwords to keep secure information
out of the hands of identity thieves.
These were corporate consumer breaches; and consumer health data IS more heavily
protected.
Even though privacy of personal health information is a concern, most Americans know
little about security of electronic medical data. We think of privacy and security as
being interchangeable, but they often are not. Privacy has to do with the person – his or
her rights to share health information only with specific, limited numbers of people.
Security happens on the systems administration side – the computerized systems that
house our data and information must be kept secure so that breaches do not occur.
Electronic health records (EHRs) evolved from paper-based medical records, which
were developed as a log of transactions between physicians and patients. The original
purpose of the patients “chart” was to maintain a record of the care that was delivered.
This paper chart has evolved into a complex EHR system that is heavily regulated.
The medical record was developed by and for the care provider and was housed in the
doctor’s office or the medical record department of a hospital. Such an arrangement
was suitable when people maintained a relationship with one provider over a lifetime.
However, with our increasingly mobile society and the proliferation of medical
specialties, the traditional medical record no longer serves the needs of providing
information to influence decision making. Nevertheless, the structure of most electronic
health record systems remains, as Schoenberg term it, “provider-centric”.
Schoenberg (Lewis, Chapter 14) provides a comprehensive overview of the technical
aspects of online security. He emphasizes the systematic assessment of potential
threats is fundamental to ensuring security of health information (see page 165).
Meaningful Use
The Office of the National Coordinator for Health Information Technology (ONC)
Certification Program provides a process for ensuring that EHRs meet specific standards,
criteria for hospital certification, and Centers for Medicare and Medicaid Services (CMS)
goals. These standards are called MEANINGFUL USE. One of the initial goals of
meaningful use was to ensure that all EHRs collected the same kinds of information.
Another goal is related to information privacy and security.
The goals of meaningful use are to implement the certified electronic health record
(EHR) to achieve the following outcomes in healthcare:

Improve quality, safety, efficiency, and reduce health disparities

Engage patients and family

Improve care coordination, and population and public health
3

Maintain privacy and security of patient health information
Ultimately, the overall goal is to impact positively on medical outcomes:

Better clinical outcomes

Improved population health outcomes

Increased transparency and efficiency

Empowered individuals

More robust research data on health systems
There are incentive programs that pay hospitals and providers to adopt and implement
meaningful use objectives. These incentive programs are managed by the Centers for
Medicare & Medicaid Services (CSM) – called the CMS Incentive Program.
Meaningful use is complicated and includes multiple stages of implementation to occur
between 2011 through 2016:
Stage
Dates
Stage 1
2011 - 2012
Goals
Data capture and sharing:





Stage 2
2014
Advance clinical processes:




Stage 3
2016
Electronically capturing health information in a
standardized format
Using that information to track key clinical
conditions
Communicating that information for care
coordination processes
Initiating the reporting of clinical quality measures
and public health information
Using information to engage patients and their
families in their care
More rigorous health information exchange (HIE)
Increased requirements for e-prescribing and
incorporating lab results
Electronic transmission of patient care
summaries across multiple settings
More patient-controlled data
Improved patient outcomes:
4





Improving quality, safety, and efficiency, leading
to improved health outcomes
Decision support for national high-priority
conditions
Patient access to self-management tools
Access to comprehensive patient data through
patient-centered HIE
Improving population health
From HealthIT.gov: http://www.healthit.gov/providers-professionals/how-attain-meaningful-use
References and Additional Resources
1
Bishop, L., Holmes, B.J., & Kelly, C.M. National consumer health privacy survey. Available
at: http://www.chcf.org/documents/ihealth/ConsumerPrivacy2005ExecSum.pdf
2
Appold, K. Hospital mistakenly faxes patient record to bank. Advance for Health Information
Professionals. Available at: http://healthinformation.advanceweb.com/common/Editorial/editorial.aspx?CC=67803
EHR Meaningful Use Specification Sheets for eligible professionals (EPs):
https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/downloads/EP-MU-TOC.pdf
Meaningful use specifications for eligible hospitals https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/downloads/Hosp_CAH_MU-TOC.pdf
In this week’s activities, you’ll read more about meaningful use and security and privacy.
Week 12 Readings

Lewis, Chapter 14

Andrews, Thief vs. Patient...

Advances and current state of the security and privacy in electronic health records
survey from a social perspective. Tejero A. de la Torre I. Journal of Medical
Systems. 36(5):3019-27, 2012 Oct.

e-Health promises and challenges: some ethical considerations. Kluge EH. Studies
in Health Technology & Informatics. 164:148-53, 2011.

Integrating telehealth and the EHR. Organizations make progress remotely linking
physicians and patients, but documenting the remote consult will require much
integration work. Prestigiacomo J. Healthcare Informatics. 29(6):60, 62-3, 2012 JunJul.
5

mHealth data security: the need for HIPAA-compliant standardization. Luxton DD.
Kayl RA. Mishkind MC. Telemedicine Journal & E-Health. 18(4):284-8, 2012 May.
Week 12 Independent Learning Activities
A. Read the ONC “Guide to Privacy and Security of Health Information”
http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide-chapter2.pdf
As you read, think about how these issues impact on consumer health…
Week 12 Forum Discussion
This week, your discussion forum activities are limited to the following case study
analysis. Please read the brief case below and discuss it with classmates. You may
want to (but don’t have to) begin with the questions that appear at the end of the case.
CASE STUDY: Medical Records: A Real Life Patient’s Perspective
“This is a real patient's story. This one begins in an office: Patient Andrew goes to the
washroom, and discovers blood in the basin after a bowel movement.
Patient Andrew goes to see colleague Bill, who happens to be a nurse, explains the
problem and seeks advice. Whilst Bill is reassuring Andrew, Andrew loses
consciousness. Fortunately Bill is a big guy who is able to lower Andrew to the floor.
Andrew is unconscious for five minutes and comes around to hear colleague Bill on the
phone to call an ambulance with some urgency. First aid support arrives followed in a
short time by paramedics. The paramedics get a drip in and ask questions to check the
patient's status. By now there is blood on the carpet.
Andrew is placed in a chair because the paramedics can't get a stretcher up to the
second floor where he has collapsed.
Andrew is removed to hospital by ambulance where access to the emergency room is
delayed due to a fire alarm. Once inside, Andrew is examined by a nurse and then by a
doctor. Blood samples are taken. Andrew is placed on a saline drip to replace lost fluids.
A medical history is taken from the patient including details of current medications and
allergies. From here, after 40 minutes in the emergency department, Andrew is
removed to an assessment ward. On the way, the emergency room nurse tells Andrew
that he is “nil by mouth”. He has no idea what this means.
On arrival, there is no bed for Andrew, who waits an hour to be assigned to a bed. Once
placed in a bed, Andrew is re-examined, and another medical history is taken from the
patient including details of current medications and allergies. The blood tests have been
6
sent to the lab, but unfortunately, the computer which makes them available across the
hospital is not working correctly and these lab results cannot be accessed. The
conclusion is that overnight observation is required, and Andrew is moved to a regular
ward.
Once in the ward, Andrew is asked if they want to order some meals for tomorrow, but
his reply is that he doesn't know if it's allowed. The menu is brought and removed twice
during the evening. At lights out, Andrew is offered a hot drink and again questions its
wisdom but the staff member is able to check and reassure Andrew that this is OK.
Next morning, Andrew is relieved that all bleeding has stopped and that he feels
relatively well with no pain. Andrew is visited by the doctor who takes another medical
history before deciding that an internal camera examination is required and Andrew is
discharged awaiting an outpatient appointment to have an internal camera investigation.
Five days later, at a follow up visit in primary care, discharge details have not reached
the primary care physician, so she has no idea what to do with Andrew.”
_______________________________________________
Discuss the case with classmates this week, talking about key issues and themes. You
can begin with these or any framing questions that strike you as interesting and
relevant:
What kinds of information and IT issues are highlighted in Andrew’s journey?
Although Andrew’s medical history is always available with his primary care physician,
others cannot access it from the hospital or ambulance. Incorrect or incomplete
information from a confused patient could lead to an adverse event. What kinds of IT
solutions can be applied to this issue?
What are the most significant pros and cons of the electronic medical record?
Should patients manage their own healthcare more directly? Why or why not? How can
IT applications help?
Debate the pros and cons of provider-centric versus consumer-centric information
systems.
Explore the current debate over and trends toward the implementation of the personal
health record.
Differentiate between privacy, confidentiality, and security in the context of CHI and this
case study.
Discuss the principles of information security to consumer health informatics
applications.
7
Discuss the principles of information security within the context of the personal health
record.
8
Related documents
St. Andrew`s C. E. Primary School Curriculum Statement for PSHE At
St. Andrew`s C. E. Primary School Curriculum Statement for PSHE At
Preview12-8
Preview12-8
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
The Janus Figure
The Janus Figure
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
BMS Hallways 1 - Bloomer School District
BMS Hallways 1 - Bloomer School District
Introduction - Deep Learning
Introduction - Deep Learning
Download
advertisement