Please see attached document
• The body of your document should be at least 1,200 words in length.
• Quoting should be less than 10% of the entire paper. Paraphrasing is necessary.
• You must cite and reference at least four credible sources from the Library.
• Please be sure to visit the Academic Success Center for assistance with meeting APA expectations for written Assignments.
Imagine that you are the Director of Health Information for a large hospital. As Director, you sit on various institution-wide committees that govern the organization’s policies. In collaboration with interdepartmental committees, you have made recommendations regarding the improvement of policies, procedures, and operations across the institution. The CEO and Board of Directors have approved funding for several initiatives but have asked you to narrow changes to just a few. Therefore, you will develop an action plan for the hospital.
Please follow the instructions below in completion of this Assignment.
Part 1. Appraise at least three (3) policies that cover data security (i.e., audits, control data recovery, e-security, data recovery planning, and business continuity planning). Make three (3) recommendations for improvements to the elements included in the design of audit trails and data quality monitoring programs within the hospital.
Part 2. Critique the systems capabilities to meet regulatory requirements by judging the technologies that relate to electronic signatures, data correction, and audit logs.
Part 3. Critique at least three (3) human factors and user interface design of health information technologies by making at least (3) recommendations for device selection based on workflow, ergonomics, and human factors.
Part 4. Evaluate a health information system’s architecture in terms of database design and data warehousing. Critique issues with systems implementation related to systems testing, interface management, and data relationships.
Part 5. Participate in the development of information management plans that support the organization’s current and future strategy and goals by comparing and contrasting at least three (3) issues related to a corporate strategic plan, operation improvement planning, information management plans, and/or disaster and recovery planning.
Part 6. Analyze at least three (3) challenges that exist in each phase of the systems development life cycle. Distinguish issues related to EHRs, HIEs, and RECs within your analysis.
Part 7. Analyze at least three (3) challenges that exist in each phase of the systems development life cycle. Distinguish issues related to EHRs, HIEs, and RECs within your analysis.
Health Information Exchange
Health Information Exchange
Access controls would help in ensuring the security and privacy of electronically protected health information in a perfect world. Some complexities limit the healthcare environment today, making it extremely challenging to restrict access to the least information required by members in performing their jobs. In community-based hospitals and other smaller organizations, multiple functions might be performed by employees who require different levels of access. Without access to specific portions of the health record of every patient, the effectiveness of employees could be inhibited significantly compromising patient care and safety. As the director of Health Information for the hospital, some policies cover data security like audits, business continuity planning and data recovery planning, which the hospital requires in data protection.
Data recovery plan
Data recovery is the process used to retrieve backed up data to be restored and utilized. One of the critical challenges in organizations is recoverability. It does not matter is data is stored in an off-premises cloud server; being able to recover it is where the problem lies. For a data recovery plan to be successful, data on target has to be identified, safeguarded from loss and made available in an acceptable recovery timeframe. Identifying the locations and usage characteristics of electronic files stored on PCs, stand-alone arrays, server-captive storage arrays, network-attached storage devices and storage area networks does not define the criticality of the data or how suitable it is for a backup strategy. Policies are usually set based on the application that produces data and their priority. A system driven management is required for Distributed data backups to be performed.
Security audits have to be performed in the hospital systems using audit trails and audit logs that give a backend view of the system. Audit logs and trails record key activities, thereby showing system threads of modifications, access and transactions (Duncan & Whittington, 2016). Periodic reviews performance of audit logs is used in detecting unauthorized access to the information of patients. Secondly, it is used in the establishment of a culture of responsibility and accountability. Thirdly, it reduces the risk associated with unauthorized access. Fourth, it provides forensic evidence at the time of investigations of incidents of suspected or known that relate to security and any breaches to the privacy of patients. Fifth, it helps in the detection of new threats and intrusion attempts, identifies potential issues and addresses compliance with accreditation and regulatory requirements.
Business continuity planning
Business continuity planning can be described as the process involved in the creation of a system of recovery and prevention from threats that can potentially hit an organization. The plan makes sure that assets and personnel are protected ad can function faster in case of a disaster. The hospital must have a BC plan in place. The security team should start by assessing the business processes to determine the vulnerable areas which could suffer a potential loss in case of an incident. The next step involves coming up with a plan whereby the team has to identify the scope of the plan, key business areas, critical functions, dependencies between different business functions and regions. The team has to determine the downtime that is acceptable for each essential role and create a plan for maintaining operations. A standard business continuity tool is a checklist which has equipment and supplies, backup sites and data backups location, availability of a plan and the person responsible, and contact information for key personnel, emergency responders and backup site providers.
There is need for the hospital to implement expanded audit trails used in tracking the behaviour of employees, reviewing the capability and capacity of a system in carrying out functions like overload detection, and pointing out computer failure sites and times in allowing data reconstruction among other things. Other functions of the audit trail are performing the role of electronic signature and electronic documentation. The second recommendation is that the hospital should embrace the role of the audit trails that monitors the viewing, modification and deletion of information. For example, a healthcare security officer could come up with a policy to search access to the PHI of an employee, VIPs, terminated employee to avoid leakage of data. Lastly, the hospital has to ensure that the data quality monitoring program is well implemented and effective. The health workers should be ready to accept change, understand the margin for error, avoid cherry-picking data, and a quality team should be built to ensure data is well maintained.
Part 2: Regulatory requirements.
The hospital systems should be able to meet regulatory requirements. Technologies that relate to data correction, electronic signature and audit logs, simply the audit trails are expected to be generated independently of the operator. They should also include the local date and time of the actions that could alter the records (Vayena, Dzenowagis, Brownstein & Sheikh, 2018). The audit trails should not overwrite the old data and should be stored as long as there is kept a record. They should be available, convertible into a form that is readable and checked daily. Sometimes the hospital fails to comply with these regulations, and that is why there is a case of lack of data integrity concerning electronic signature, audit logs and data correction. Other times, the technology is designed in a way that some of these regulations are compromised.
Part 3: Human factors.
The things that affect a person’s performance are human factors, for example, cognitive functions like detection, attention, memory, reasoning and judgement. When the human factors affect health IT, either nurses, physicians and other health professionals, this can produce multiple adverse outcomes for patients like threats to their safety. The healthcare professionals are impacted too since they get frustrated, burnout and workarounds. The ergonomic problems can cause an effect on the hospital systems, therefore affecting the data integrity. Ergonomic issues are caused by repetitive motion tasks like stress, an awkward posture which lead to Carpal Tunnel Syndrome or Repetitive Strain Injury. Workflow, which are processes that relate to a particular operation, runs smoothly when analyzed and optimized. When applied to the hospital’s IT sector, it could run without any defects.
Part 4: Data warehousing
Methodologies used in data warehousing share a common task that includes data design, business requirements analysis, architectural design, deployment and implementation (Santos & Costa, 2016). Data warehouses in a hospital setup are time-consuming and complicated in reviewing a series of records belonging to the patients. Still, it is among the most efficient data repository that exists in delivering quality care to the patients. Some issues concern the implementation of systems related to interface management, systems testing and data relationships. They include data quality issues, among others. For these issues to be solved, an agile, late-binding architecture is a good option since it gives the ideal architecture for a healthcare data warehouse. The hospital should do testing and maintenance of the interfaces on a routine basis.
Part 5: Information management plan
In developing information management plans, there are issues related to each plan that I came across. The problems associated with a corporate strategic plan include a weak strategy since it a new one, inadequate training where a new technique requires proper training for it to get off the ground and lack of resources. Issues related to operation improvement planning are such as communication, lack of resources and low development of the strategy. The ones related to information management plans include lack of access to documentation, quickly querying information and time stamping information. Those pertaining to disaster and recovery planning are lack of a plan, wrong or inadequate plan and lack of proper testing of the plan.
Part 6: Systems development life cycle
The systems development life cycle has three phases which include EHRs, HIEs, and RECs and each phase have issues. Electronic Health Records have issues like security risks from hackers. This poorly designed interface causes data bottlenecks and lack of adequate training to personnel to help them switch from paper to EHRs (Kramer, 2018). The issues faced by HIEs include the diversity of stakeholders, varieties of organizational structures and a comprehensive hardware and software assortment. RECs or the Regional Extension Centers face various issues that have issues with the administration, vendor issues and attestation process issues.
In conclusion, as the Director of Health Information, many issues have to be changed, implemented and planned. The hospital should enforce the policies that cover data security due to the increase and escalation of cybercrime that threatens the hospital data. Although ensuring that the hospital’s data is private and adequately used by those who have access is nearly impossible, involving multiple layers of security that includes technology used in scanning vulnerabilities can be of help. Audit trails can also be used by the hospital in ensuring checks and balances for financial transactions and inquiring into the access of sensitive information like credit card and salary information. There is a need for human factors to be taken seriously by getting involved in the implementation and design of health IT.
Vayena, E., Dzenowagis, J., Brownstein, J. S., & Sheikh, A. (2018). Policy implications of big data in the health sector. Bulletin of the World Health Organization, 96(1), 66.
Duncan, R. A. K., & Whittington, M. (2016). Enhancing cloud security and privacy: the power and the weakness of the audit trail. CLOUD COMPUTING, 2016.
Kramer, M. (2018). Best practices in systems development lifecycle: An analyses based on the waterfall model. Review of Business & Finance Studies, 9(1), 77-84.
Santos, M. Y., & Costa, C. (2016, July). Data warehousing in big data: from multidimensional to tabular data models. In Proceedings of the Ninth International C* Conference on Computer Science & Software Engineering (pp. 51-60).