Section 5.1 Maintain Ongoing System Maintenance and Data Quality Management Use this tool for guidance on the importance of ongoing system maintenance, tools to evaluate system administration, and tips to ensure data quality management. Time needed: 8 – 12 hours Suggested other tools: Section 4.1 Implementing System Overview How to Use 1. Use the information on ongoing system maintenance to ensure that your information systems are well-maintained and you have contingency plans in the event of any service disruption. 2. Evaluate the need for and management of system administration. 3. Implement a process to ensure data quality. Ongoing System Maintenance Four types of ongoing system maintenance generally must be addressed in every information systems environment. 1. Corrective maintenance refers to any remedial steps needed to correct problems with the network, hardware, software, or utilization of information systems. These often reach the attention of IT staff through an informal process that, if not well managed, can become burdensome for your staff. If you are using an application service provider (ASP) or software as a service (SaaS) vendor as your primary support, your informal process could cause you to exceed your “routine maintenance” budget and you could be charged extra for service calls. Whether you use internal staff or a third party for IT support, one person within the organization (with appropriate backup) should track all corrective maintenance requests and be responsible for their documentation and resolution. Essentially, corrective maintenance is an extension of the issues management process set up during planning for implementation. Corrective maintenance includes additional training or support for users to appropriately and fully utilize the information systems. Users may seek help directly and training needs may be identified through system audits. These should be documented. Many organizations refer to corrective maintenance and ongoing issues management as help desk functions. You may not have a formal help desk, but someone in the facility should support this function. If your vendor has a help desk and you have contracted for ongoing maintenance and support, be aware that some vendors charge more for help when the information is already available to you through their system documentation. This is another good reason to have someone in your organization designated to receive these requests and to review the documentation to determine whether the problem can be fixed internally or needs to be referred to the vendor. 2. Customized maintenance refers to modifying information system features that need to be updated or otherwise changed for user needs. Customized maintenance is essential in clinical information systems, which are constantly changing in health care with new drugs, new treatment guidance, etc. Customized maintenance may be a part of help desk functionality. In Section 5 Maintain—Ongoing System Maintenance and Data Quality Management - 1 addition to issues management, change control, is an important element of customized maintenance (see Section 4.1 Implementing Systems Overview). Changes to HIT systems can have a ripple effect, which is not always desirable. IT staff should never act upon a customization project without the approvals required by your change control policy. 3. Enhancement maintenance refers to improving the performance of the network, hardware, application, or even the role of people in their development and use of these tools. IT staff and/or end users may be further trained as super users and be offered advanced skills in systems use and/or development (e.g., a super user may learn more advanced reporting skills, or an IT staff member may take an online relational database design course). Most of the enhancement maintenance is directed to the network, hardware, and software. Unfortunately, such enhancements are often made in reaction to a problem rather than proactively. For example, an electronic document management system (EDMS) application may necessitate network enhancement, or the fact that the vendor no longer supports an application may result in the search for a new product. All enhancements should be made within the context of appropriate issues management and change control procedures. 4. Preventive maintenance involves taking steps in advance to reduce the risk of a serious problem. It may include resetting a person’s password, performing a backup, recharging batteries, applying operating system patches, running a network scan, or replacing devices when they become obsolete. Some of these are routine system administration, while others may be major projects. Maintaining system documentation and managing all aspects of security, including contingency planning, also fall within the category of preventive maintenance. Many organizations have been somewhat lax about preventive maintenance, especially relating to contingency planning. However, as more mission critical HIT applications are adopted, preventive maintenance must be planned for as thoroughly as the original applications. Some key preventive maintenance steps include: Install all patches and updates for the operating system, application (including interfaces), and security software. Review information system activity, including system utilization, capacity, and response time. Replace servers, client devices, and network devices on a routine schedule. Provide for system administration services 24/7. Maintain network schematics, application inventories, and network inventories, potentially using automated tools to detect rogue devices or applications. Ensure network, server, and device redundancy with failure and fault tolerance capability. Maintain and test contingency plans for routine backup and restoration, business continuity, and disaster recovery—including manual contingency plans to be performed by end users if necessary. Utilize Internet and email usage/monitoring tools, firewalls, intrusion detection, and antimalware tools. Secure all servers and network devices in an applicable data center environment. Ensure system administration passwords are especially strong and protected. Separate system administration duties from authorization responsibilities. Section 5 Maintain—Ongoing System Maintenance and Data Quality Management - 2 System Administration System administration is the process of maintaining and operating computer systems and networks. This may be a relatively small job for IT in an ASP or SaaS. For an organization maintaining their own servers and network components, the systems administrator has wide-ranging duties. Whatever the scope of your needs, there must be at least one person tasked to perform or oversee these functions. Even when an outside company supplies system administration functions, including remote hosting, someone needs to manage that account and someone must be able to perform basic system administration duties relating to hardware and the documentation of needed changes. As more HIT become adopted in your agency, you may need to find a staff member who can take on more system administration tasks, or even hire or contract for a system administrator. The following are general systems administrator responsibilities: Perform routine audits of systems and software. Perform backups. Apply operating system updates, patches, and configuration changes. Install and configure new hardware and software, including supporting and maintaining severs and other computers. Add, remove, or update user account information, reset passwords, etc. Answer technical queries. Perform security functions, including responding to service outages. Participate in system build and document the configuration of the system. Troubleshoot any reported problems. Fine-tune system performance. Insure that the network infrastructure is up and running. Handle basic programming. Conduct basic end user training. Manage projects. Participate in systems selection. Provide periodic reports to management. Data Quality Management HIT should become important tools for the work you perform. As such, the quality of the data captured by these systems needs to be assured. Data quality principles have been introduced to health care by the American Health Information Management Association in its Data Quality Management Model, depicted below. For a comprehensive discussion of how to ensure the quality of the data you are collecting, see: http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_049664.hcsp?dDocName=bok 1_049664 Section 5 Maintain—Ongoing System Maintenance and Data Quality Management - 3 1 There are two key ways to manage data quality: Ensure that there is a well-maintained data dictionary for each of your applications, or for all of them collectively. A data dictionary is a descriptive list of the names, definitions, and attributes of all data elements to be collected in a database. Once a data dictionary is established, one should be very careful about changes. While there will be new terms that are are necessary, adding a “new” term simply because of personal preference works against data quality. Ensure that the vendor utilizes standard definitions and terminologies and that users adhere to these standards. Every vendor should maintain a data dictionary for its products, but not every vendor uses standard names, definitions, and attributes. Some apply standards to only some of the data collected. Applying standard data definitions and terminologies helps users ensure data consistency and supports the ability to share data with other organizations. To monitor for data quality: • • • • • • Conduct periodic audits of the HIT applications and resulting reports, looking for inconsistencies. Monitor complaint logs compiled by end users to determine whether data fields allow for precision and whether edit checks occur correctly. Test data entry to determine that alerts and reminders fire correctly/can be performed. Review the contents of comments or narrative fields to determine: o Where structured data templating is not occurring when it should be o Where there are inconsistencies between data templating and narrative fields o Where there is repetition between data templating and narrative fields Run reports to perform reasonableness tests. Review decision alert overrides to see if they point to data quality issues. AHIMA. Pocket Glossary of Health Information Management and Technology, Third Edition. Chicago: AHIMA Press, 2012. Section 5 Maintain—Ongoing System Maintenance and Data Quality Management - 4 As data quality issues are identified, remediation activities are needed, such as retraining, application modification, or policy modifications. Ensure that any changes made are documented in your Change Control log. Copyright © 2014 Stratis Health. Section 5 Maintain—Ongoing System Maintenance and Data Quality Management - 5 Updated 01-01-14