Healthcare Information Systems Privacy and Security in KSA

Solution.pdf

Assignment1-Module 9

Describe the security requirements for electronic protected health information (ePHI) by evaluating the HIPAA security administrative, physical, and technical safeguards. Analyze how these security measures can be applied to the KSA healthcare initiatives currently under development in the Vision 2030 and Ministry of Health initiatives.

 

Outline:

• Introduction

• Privacy, Confidentiality, and Security

• HIPAA Security Model

• Administrative Safeguards

• Physical Safeguards

• Technical Safeguards

• Healthcare Organization Security Program

• Conclusion

 

Create a slide presentation with the following structural requirements:

• Be 8-12 slides in length, not including the cover or reference slides.

• Be formatted according to the  Guide to Writing and APA.

• Provide support for your statements with in-text citations from a minimum of four (4)scholarly articles. Two (2) of these sources may be from the class readings, textbook, or lectures, but two (2) must be external. The CSU-Global Library is a good place to find these references.

• Presentation notes are required for each slide and should be put in the notes section to support the slide content. These can be part of the presentation or delivered as a separate document. If you opt for the former, be aware that the presentation cannot be submitted in PDF format.

1. Innovative Technology in Healthcare

Click to Enlarge

Many technological innovations, such as mobile technologies and telemedicine, offer new ways to provide access to healthcare. Telemedicine allows two-way interactive videoconferencing to provide face-to-face consultations. Telehealth uses devices linked to cell phones to capture and monitor patient data from home, like blood sugar levels and INR anticoagulation levels. These devices report values directly to physicians so that they can remotely monitor the patient. This is an invaluable capability, as physicians can make adjustments in medications so patients stay out of the hospital and on their medications at therapeutic levels. The idea behind telemedicine is that patients do not always need to have an in-person visit to receive care.

This means that there is no need to travel, therein reducing costs and inconvenience from having to check in at the desk, and waiting times. The potential cost benefits for physicians, hospitals, and patients are significant (Asch, 2015). Leveraging these health IT capabilities opens up new opportunities to provide greater access to healthcare for patients who live in remote locations in the Kingdom. These patients may have less access to care because of distance or travel difficulties that would be resolved through innovations like telemedicine.

Click on the video to hear Dr. Halamka discuss healthcare standards, challenges, and emerging solutions.

Dr. John Halamka, Harvard Medical School, on Healthcare Standardization

http://www.youtube.com/watch?v=KYLeZJcf9jc

Dr. Halamka remotely presented during the ANSI-SPRING Services Conference on October 17-18, 2017, in Washington, DC. The event was part of ANSI's annual World Standards Week.

The ability to detect and treat complex medical problems is aided by the systematic integration of health information tools. Information technology is changing the way healthcare is delivered and improves the overall quality of healthcare. These improvements are not limited to just the general management of healthcare as found in healthcare clinics or hospitals in a therapeutic sense, but also, the incorporation of big data analytics with cloud computing can reveal trends in predictive medicine. Technologies such as the Fitbit or the Apple Watch have piqued interest in the capability to monitor long-term patient health data.

Click on the titles below to read about IT security best practices for mobile devices.

Protecting Mobile Devices

Use strong authentication and access controls.

Ensure password protection is used on laptops.

Utilize password protection on handheld devices.

Encrypt PHI if it is not used on an internal secure system like Wi-Fi or the Internet.

If a mobile device is removed from a secure area, encrypt the data on it.

Develop and enforce policies specifying the circumstances under which the devices may be removed from the facility.

Prevent unauthorized viewing of PHI displayed on a mobile device; people should not be looking over your shoulder.

 

IT Department Guidelines

 

No unnecessary software applications should be installed on computers used in the medical practice that are not essential to providing the organization’s services.

IT staff should install software and configure it; staff should not be installing software unless directed to do so by the IT staff.

IT should find out if there is an open connection (back door) to the EHR software where updates and support can occur. There must be an agreement of how that access is used or who is responsible for providing updates and how that is carried out.

Remote file sharing and remote printing within the operating system must be disabled.

Automate software updates should occur weekly.

IT staff monitors for critical and urgent patches and updates that require immediate attention and acts on them as soon as possible.

User accounts for former employees should be disabled quickly and appropriately.

If an employee is involuntarily terminated, close access to the ++ before the notice of termination is given.

Prior to disposal, sanitize computers and any other devices that have had data stored on them.

Archive old data files for storage if needed or clean them off the system if not needed, subject to applicable data retention policy requirements.

Fully uninstall software that is no longer needed.

Install a hardware (best) or software firewall to protect EHR information if connected to the Internet.

In today’s wired environment, there are threats to the security of the PHI data, particularly with the proliferation of mobile devices. With mobile devices used on the information systems, healthcare organizations must observe additional precautions.

2. Rogers’ Theory of Diffusion of Innovation

Click to Enlarge

Rogers’s Theory of Diffusion of Innovation is where any idea, practice or object perceived as new by a group or individual defines the innovation. Diffusion takes place among people or organizations over a period of time through communication and practices. Communication between the people or organizations allows or encourages the innovative information to be transferred from one group to another and one person to another. Innovation gives the perception that efficiencies will be gained that improve on the current procedures or tools in use. Innovations are also disruptive to the normal way of doing those tasks. Adopters are usually individuals who see the value gained through using the innovation.

Designing for Dissemination Using Diffusion of Innovation Theory

http://www.youtube.com/watch?v=IIumNjYD9aE

Dissemination is a communication of an evidence-based intervention to a target audience. This video discusses designing for dissemination using the Diffusion of Innovation Theory.

Characteristics of the Innovation:

• Relative advantage is about the perception of the innovation that the idea is better than the one it is replacing. It is like the return on your investment—what is the advantage or benefit of adopting the innovation?

• Compatibility of innovation with existing norms and values:These changes will occur quickly if the adopters are administrative leaders lending their commitment and support to the innovation. In turn, this will cause a shift in organizational cultural behaviors and values.

• Ease of use will be that the learning curve and challenges of the innovation are within the reach of the staff.

• Trialability is the quality of the innovation that allows it to be used and experimented with—that is, does it work or can it be made to work?

Communicating these advantages depends on the channels of communication. Mass communication, such as in a large organizational meeting, will spread the knowledge about the innovation faster than going from one individual to the next.

Adopter groups:

• Innovators – first to adopt, technology enthusiasts, adoption driven by novelty, want to be seen with leading-edge technologies

• Early adopters – innovative, have a vision for how to use the technology in their workplace, look for opportunities to increase effectiveness

• Early majority – pragmatists, are efficiency-driven, will look at incremental steps in using the technology

• Late majority – conservative but will adopt if others in the market adopt, need greater support and direction, particularly respective of how to use the technology in their work environment

• Laggards – skeptics who do not see any potential for the innovation, will resist as long as possible

• Sloths – will go to great lengths to avoid adoption, often pride themselves in non-adoption.

3. Standardization of Technology

Click to Enlarge

The EHR has created the ability to aggregate data on specific diseases and analyze best practices and treatments that achieve the best outcomes. Health information technology has given us powerful tools to help support better patient outcomes. Some of the challenges that persist are the issue of standardization between systems, medical terminologies, and interoperability.

Interoperability at its foundation is the ability of an electronic health information system to exchange electronic health information with another system. Interoperability between legacy systems is a goal that has yet to be realized completely since there are many factors that create challenges and barriers to interoperability. One barrier is that health information itself has not been sufficiently standardized, even with the use of ICD-10 codes that provide great detail and specificity.

The top barriers identified by Binobaid, Fan, and Almeziny (2016) were organizational, semantic, and technical.

Click the following tabs to learn more about these barriers.

Organizational Barriers

Organizational barriers included resistance to change, lack of training, financial support, and knowledge of using health information systems (HIS).

 

Semantic Barriers

Semantic barriers were mapping issues to integrate the various information systems, workflow redesign, HIS modules not fully integrated, interoperability, and information exchange.

Technical Barriers

 

Technical barriers were inadequate IT support and maintenance, security, lack of standards, complexity of the system, and inadequacy of ICT infrastructure.

One of the findings was the use of HL7 standards and interface engines that provided interface mapping and allowed legacy systems to communicate.

4. Organizational Culture Change in Healthcare

Click to Enlarge

Communication is very important to help the staff negotiate organizational change. The CEO and CIO are leaders who can communicate the vision of adopting the new system to the staff. This can include sharing information and empowering the staff by including their input during the planning and implementation stages of the new EHR system. Educating the staff during the process and training them in the new system will help mitigate their fears. In addition, communicating the vision can also include informing patients of the increase in the quality of patient care that will result from the new system.

Organizational behaviors will change as the new system is implemented. Savvy leadership does not underestimate the possibility of user resistance to the change. Many changes will come to both the clinical and administrative staff, so it is important to make sure that the resources are available that are needed to complete the project. Clinical staff are often not tech savvy, as going into medicine, for many, had nothing to do with computers. Their focus is different (patient-centered), and they can be a source of resistance when the learning curve seems to be rather steep.

Healthcare organizations recognize that a culture of patient safety is achieved by leadership commitment and learning from errors through documentation. Leadership supports a culture of safety by encouraging teamwork, identification of risks, system reporting, and analysis of adverse events. It is critical to have a blame-free environment so that errors can be discovered and corrected.

The factors that characterize a culture of safety are the identification of risk of an error due to organizational activities, a blame-free environment for reporting errors, organizational collaboration, and resources for patient safety (Alahmadi, 2017). These strategies help the organization develop safety practices by learning from errors and developing training to prevent those errors in the future.

Many organizations have effectively been using technology, and specifically the Internet, to improve healthcare.

Click the following tabs to see how healthcare organizations leverage the Internet.

• Common Uses

• Disseminating medical and health information;

• Providing information on healthcare providers, services, and products;

• Communicating with patients;

• Sharing personal medical history and billing information; and

• Making appointments and refilling prescriptions.

(HHS.gov, 2013).

• Key Benefits

• Speed in the delivery of information

• Expanded access to health information geographically

• Cost-effectiveness for disseminating information to a massive number of people

• Collaborative interactions

• Improved communication between healthcare providers and patients

• Convenient alternative to an actual visit for patients

• Supported by a variety of mobile devices (e.g., smartphones, iPads, and computers)

Tired of the boring assignments to be submitted to colleges and universities? MyAssignmentMart.com gives you multiple reasons to trust it with your orders. We employ PhD experts handpicked from prestigious universities over the globe. We cater to quality assignment help, dissertation writing services and online essay help, covering more than 100 academic subjects. We pledge to complete your assignments on time and never compromise when it comes to deadline. Our prices for assignments are the most competitive in the market and make sure the cost suits your budget.