HAN 364 Test #1

EHR (electronic health record)

"An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed and consulted by authorized clinicians and staff across more than one healthcare organization" While the "experts" can debate the difference between EHR and EMR, we will not and will stick with EHR throughout the textbook and slides

characters

"a" and "z" are examples of which data type?

strings

"hello" or "ball" are examples of which data type?

floating

(decimal point) 3.14159, -12.014, and 14.01 are examples of which data type?

ways the EMR is accessed

*Citrix* *VPN* Smart Phones Tablets Single Sign On Virtual Desktop Hard/Soft Token

3 safeguard categories of HIPAA

1) administrative: Security management processes to reduce risks and vulnerabilities Security personnel responsible for developing and implementing security policies Information access management-minimum access to perform duties Workforce training and management Evaluation of security policies and procedures 2) physical Limit physical access to facilities Workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media 3) technical: Access control that restricts access to authorized personnel Audit controls for hardware, software, and transactions Integrity controls to ensure data is not altered or destroyed Transmission security to protect against unauthorized access to data transmitted on networks and via email

The Open Systems Interconnection (OSI) Model

A conceptual model was created in 1984 to help understand network architectures It divides computer-to-computer communication into seven layers known as the OSI Stack seven layers: *application: http, telnet, email, HL7* presentation session transport *network - Internet* data link physical

Clinical Document Architecture (CDA)

Accepts free text and is capable of vocabulary specific semantic interoperability It contains the most common information about patients in a summary XML format that can be shared by most computer applications and web browsers. It can be printed (pdf) or shared as html CDA will be mandated for stage 2 meaningful use. CDAs are used in EHRs, personal health records, discharge summaries and progress notes. CDA delineates the structure and semantics of clinical documents, consisting of a header and body Templates can be used for a variety of purposes; for example, CDA for History and Physical Notes, CDA for Consultation Notes, CDA for Operative Notes, etc.

the 4 approaches of standards

Ad hoc Groups agree to informal specifications De facto Single vendor controls industry Government mandate Govt. agency creates standard and mandates its use Consensus Interested parties work in open process

World Medical Associations (WMA) Declaration of Helsinki

Added the right to privacy and confidentiality of personal information of research subjects to the Nuremberg Code

eRx challenges

Alert fatigue: too many alerts result in deletions, some justified, others not. Hot topic and area of much future research Prescribing errors still occur with eRx but they are different; wrong drug or wrong dose There are still issues at the pharmacist's end but these should improve over time Still not clear how many adverse drug events are prevented with eRx; perhaps too soon to know

consumer rights under HIPAA

Ask to see and get a copy of their health records Have corrections added to their health information Receive a notice that discusses how health information may be used and shared Provide permission on whether health information can be used or shared for certain purposes, such as for marketing Get reports on when and why health information was shared for certain purposes File a complaint with a provider, health insurer, and/or the U.S. Government if patient rights are being denied or health information is not being protected

HIOS (health information organizations) are part of what overall network system?

At last count (2013), there were about 200 HIOs in the US but only a minority are mature and successful Many large hospitals/health care systems have decided to create their own mini-HIOs to share only with clinicians and offices in their network; thus thwarting the efforts of state and federal HIE plans to exchange information broadly

challenges of CPOE

CPOE is difficult to implement in hospitals because it disrupts workflow and slows physicians down. They often don't realize, however, that CPOE benefits others on the team, such as nurses and pharmacists

Current Procedural Terminology (CPT)

CPT is a procedural coding system published and maintained by the American Medical Association. Originally used strictly for: Reimbursement of services Procedures Operations Now contains quality measure tracking codes Cannot be submitted for reimbursement without an ICD-CM code to justify the medical necessity of the procedure or the level of service performed Clinicians use CPT codes to obtain reimbursement for their work regardless of where the work is performed Hospitals also use CPT codes to get reimbursed for utilization of hospital resources for all outpatient hospital-based services CPT is divided into: Evaluation & Management (E&M) Codes (Code range 99201-99499) Healthcare Common Procedure Coding System (HCPCS)

CDC

Centers for Disease Control and Prevention They support the Public Health Information Network They use HIT to improve and maintain public health using a variety of surveillance programs They have a Data and Statistics section and a Health Data Interactive program They have a variety of HIT-related projects, such as text messaging health education to patients

CMS

Centers for Medicare and Medicaid Services An insurer for about 100 million Americans CMS reimburses for "meaningful use" of certified EHRs by clinicians and hospitals under Medicare or Medicaid As of April 2014 they have paid out about $22 billion to clinicians and hospitals as part of the HITECH Act meaningful use program They have a CMS Data Navigator that provides healthcare data from over 300 federal sources

unstructured data

Clinical notes which can be freeform text and not necessarily standardized.

What are the types of Healthcare Data Shared?

Clinical results: Lab, pathology, medication , allergies, immunizations and microbiology data Images: Actual images and radiology reports Documents: Office notes, discharge notes and emergency room notes Clinical summaries: Continuity of Care Documents (CCDs); XML-based documents that standardize and summarize care Financial information: Claims data and eligibility checks Medication data: Electronic prescriptions, formulary status, and prescription history Performance data: Quality measures like blood pressure or diabetes control, cholesterol levels, etc. Case management: Management of the underserved and emergency room utilization Public health data: Infectious diseases outbreak data, immunization records Referral management: Management of referrals to specialists

Medical Coding and Reimbursement

Coding requires extensive knowledge of the medical sciences in order to: Abstract key clinical information Determine which information impacts the current episode of care Translate that information into appropriate diagnostic and procedural codes Codes are entered into electronic claims for submission to third party payers to obtain reimbursement Inpatient use Diagnosis Related Groups (DRGs) Outpatient use Ambulatory Patient Classifications (APCs) which are procedure-driven

3 pillars of data security

Confidentiality - refers to the prevention of data loss, and is the category most easily identified with HIPAA privacy and security within healthcare environments. Usernames, passwords, and encryption are common measures implemented to ensure confidentiality Availability - refers to system and network accessibility, and often focuses on power loss or network connectivity outages. Loss of availability may be attributed to natural or accidental disasters such as tornados, earthquakes, hurricanes or fire, but also refer to man-made scenarios, such as a Denial of Service (DoS) attack or a malicious infection which compromises a network and prevents system use. To counteract such issues, backup generators, continuity of operations planning and peripheral network security equipment are used to maintain availability Integrity - describes the trustworthiness and permanence of data, an assurance that the lab results or personal medical history of a patient is not modifiable by unauthorized entities or corrupted by a poorly designed process. Database best practices, data loss solutions, and data backup and archival tools are implemented to prevent data manipulation, corruption, or loss; thereby maintaining the integrity of patient data

Cloud Computing

Delivery of computing as a service Providers deliver data via the internet Data stored on remote computers Healthcare Security is an issue that must be resolved Allows unlimited storage No Data Center Required Can also have vendor support applications

3 types of analytics

Descriptive - standard types of reporting that describe current situations and problems (how many uninsured patients do we have with type 2 diabetes?) Predictive - simulation and modeling techniques that identify trends and portend outcomes of actions taken (can we predict who will be readmitted for heart failure in the next 30 days?) Prescriptive - optimizing clinical, financial, and other outcomes (of those patients identified as high risk for readmission for heart failure is it more cost effective to case manage in the hospital or at home?)

obstacles to HIO's

Each HIO has a different business model Long term funding for HIO Will universal standards be adopted or will different standards for different HIOs prevail Poor cities, states and regions tend to be at a disadvantage Nationwide exchange of health information with a low number of sustainable HIOs fail and incomplete adoption of EHRs? Will the newest HIPAA regulations become impediments to HIO implementation and operation? Opt-in and opt-out patient consent models vary How to solve the patient matching and identity problem? Is there a strong reason to accredit HIOs? How will patient privacy and security rules under Meaningful Use? How can payers be more consistently involved in support of HIOs?

Different Views of Ethics

Ethics does not exist outside the law, and exists only for the good of a properly ordered and legal society Ethics is usually strongly informed by the law, society, and the prevailing culture, and are extensions of these Ethics exists entirely outside of the law, and is a matter of personal conscience. Where there is conflict the ethical viewpoint must prevail

RESTful operations

GET - get a resource (read a resource) POST - create a resource PUT - update a resource DELETE - delete a resource

What are the key components of Clinical Decision Support Systems(CDSS)?

In reality, any software that assists decisions is a CDSS: Knowledge support: programs embedded into the EHR that educate clinicians or patients Calculators: part of the EHR Flow charts and graphs: to look at lab or vital sign trends over time Order sets: inpatient clinical practice guidelines for specific scenarios (e.g. pneumonia), standardizing care Reminders: remind clinician or patient about pending tests, etc. Differential diagnosis: software exists that helps clinicians analyze symptoms and signs, to arrive at a diagnosis Lab and Imaging decision support: what tests are indicated and at what costs? Public health alerts: primarily infectious disease alerts for new outbreaks, e.g. MERS virus

challenges of data analytics

Incomplete/Inaccurate Information Data generated in the routine care of patients may be limited in its use for analytical purposes. Uncertain information. Eg Coding for Billing Censored Information The first instance of disease in record may not be when it was first manifested or the data source may not cover a sufficiently long time interval Vague information Unclear information Non Standardized Information Doesn't adhere to standards which makes it difficult to combine data from different sources Clinical data mostly allows observational and not experimental studies, thus raising issues of cause-and-effect of findings discovered Research questions asked of the data tend to be driven by what can be answered, as opposed to prospective hypotheses Data are not always as objective as one might like, and "bigger" is not necessarily better

driving forces behind health informatics

Increase healthcare efficiency and productivity Improve healthcare quality (patient outcomes) resulting in improved patient safety Reduce healthcare costs Improve healthcare access with technologies such as telemedicine and online scheduling Improve coordination and continuity of care Improve medical education of clinicians and patients Standardize medical care

interoperability

Interoperability describes the extent to which systems and devices can exchange data, and interpret that shared data. For two systems to be interoperable, they must be able to exchange data and subsequently present that data such that it can be understood by a user.(HIMSS) Blocking- the practice of knowingly and unreasonably interfering with the exchange or use of electronic health information The U.S. Office of the National Coordinator for Health Information Technology (ONC) outlines three criteria for identifying when information blocking has occurred -- there has been interference, there has been knowledge and there is no reasonable justification for the data to be inaccessible

Limiting Collection of Visitor Data to Your Website

Most web sites use tracking cookies or tracking tools that are used without consent or even notification Ideally should obtain consent and state clearly What information will be gathered? How will it be stored and secured? With whom will it be shared? For how long will it be kept and then destroyed?

barriers to HIT adoption

Not enough: Time to learn new systems Useful information Skilled workers to manage systems Funding Interoperability (data structure & interface standardization) Too much: Change in office workflow & business processes Security required for HIPAA compliance Legal red tape between hospitals & referring doctors Behavior change Hype Hype versus Fact: there have been many overly optimistic predictions by vendors, academicians, the government and early adopters that HIT will revolutionize healthcare While we are still early in the game, the reviews are mixed whether adoption today has improved quality, safety or reduced medical costs The most recent review by the RAND Corp. in 2014 was positive about HIT, but was funded by ONC

Is NYS an Opt In or Opt Out State?

Opt-In and Opt-Out Refers to patient consent policies New York State is an Opt In state You must specify each and every entity that you would like to Opt in

benefits of Computerized Physician Order Entry (CPOE)

Overcomes the issue of illegibility Fewer errors associated with ordering drugs with similar names, More easily integrated with decision support systems than paper, Easily linked to drug-drug interaction warning More likely to identify the prescribing physician, Able to link to adverse drug event (ADE) reporting systems Able to avoid medication errors like trailing zeroes Creates data that is available for analysis Can point out treatment and drugs of choice Can reduce under and over-prescribing, Prescriptions reach the pharmacy quicker

why do we need EHR's

Paper records are severely limited: less legible, more difficult to retrieve, store and share and unstructured data. Also, electronic records less likely to be missing and available 24/7 from multiple locations. Paper records do not permit clinical decision support Need for improved efficiency and productivity: clinicians are more productive if charts are available and retrieval of results is faster. EHR access from home while on call helps productivity Quality of care and patient safety: the factors already described in last two bullets plus patient reminders, quality reports and secure messaging as part of an EHR Public expectations: EHRs may increase patient satisfaction through faster results, messaging, patient portals, electronic patient education, e-prescribing and online scheduling Governmental expectations: federal government considers EHR to be transformational and hence why they support reimbursement for use Financial savings: EHRs may save money by eliminating transcription and improving coding. Decreased file room storage and faster chart pulls and info retrieval may result in cost savings Technological advances: computers are much faster, the Internet is more prevalent, wireless and mobile technologies are ubiquitous; all supporting EHRs Need for aggregated data: healthcare data must be electronic to be shared, stored and analyzed. Research depends on large study populations and data sets which EHRs can provide Need for integrated data: electronic data permits integration with health information organizations, data analytics, public health reporting, artificial intelligence and genomic information EHR as a transformational tool: select organizations such as the VA and Kaiser Permanente made huge investments in EHRs to standardize care and transform delivery and analysis of healthcare Need for coordinated care: with an aging population with multiple physicians and medications, care coordination is important. Sharing electronically has great potential, but barriers exist as we point out in the chapter on health information exchange

key players involved with HIT

Physicians and nurses Patients Hospitals and healthcare organizations Support staff Medical educators Public health HIT vendors Insurance companies Federal and state governments Medical research

why does HIT fail?

Poor planning, and unrealistic time or resource estimates Key stakeholders not involved in the entire process There is a large gap between healthcare data generated and information (semantic gap) Increasing Evidence that HIT adoption does not guarantee benefits.

administrative software systems

Registration/ADT Systems Coding/Medical Billing Systems Scheduling Systems Contract/Materials Management Systems Financial Systems Risk Management Systems Payroll/Human Resources Systems Quality Assurance Systems Decision Support/Expert Systems

Nuremburg code

Related to the Holocaust (death of 11 million people by the Nazis) Medical crimes against humanity were committed Code established voluntary consent and right to withdraw from experiment and right to qualified medical experimenter

structured data

Simple, repeatable format (e.g. billing codes, sodium = 140 mg/dll) easy to automate analytical processing

Difference between ICD9 and ICD10

The US uses ICD-9CM for morbidity, while the rest of the world has used ICD-10 since 1990 ICD-9 was not created for billing, it was used for disease reporting Delay in adopting ICD-10 CM due to changes needed in: Every disease registry Electronic health record Practice management system Third-party payer processing systems Database containing coded healthcare information. The maximum field length has to change from 5 characters to 7 and all data dictionaries (and transport standards) must be changed to accommodate the new system Code structure in ICD-10 is different Effective October 1st, 2015 Number of codes in 2013 ICD-9 = 14,000 ICD-10 = 69,000 US had to develop a replacement for Volume 3 of ICD-9-CM so hospital systems could report procedures on inpatients, the procedural coding system, ICD-10-PCS ICD-10-CM provides extensive expansion and significantly more specification than ICD-9-CM (see next 2 slides) ICD9 format: xxx (category) xx (etiology, anamtomic site, manifestation) ICD10 format: xxx (category) xxx (etiology, anatomic site, severity) x (extension)

Internet and WWW which one lays on top of the other?

The World Wide Web (WWW) operates on top of the Internet and was created by Tim Berners-Lee in 1989

data cleansing

The use of software to improve the quality of data Also known as 'Scrubbing' Remove inconsistencies Remove duplicate data Remove erroneous data Remove defaulted data

data mining

The use of software to look for hidden patterns or relationships However, data mining in healthcare today remains, for the most part, an *academic exercise with only a few pragmatic success stories.*

characteristics of quality data

Timely Precise Accurate Quantifiable Verifiable Accessible Free from Bias Complete Appropriate Clear Reliable Current

four V's in Big Data Attributes

Volume - ever-increasing amounts Velocity - quickly generated Variety - many different types Veracity - from trustable sources

Ransomware

What is it? Software that is installed on machines without consent Coded by NSA to allow us to get into any machine What does it do? Will encrypt all data on machines and asks for money to release User is not able to access anything on machine Who falls for it? Users That Click on Link in E-mail Once Installed on One machine It Will Jump to Other Machines What are some recent examples? May 17th 2017 Infected Radiology Medical Devices in 48 Hospitals in UK and US. June 26th 2017 Spread across Europe and into US Merck and Nuance Infected Heritage Valley Health System in Western PA forced offline Princeton Community Hospital in West Virginia forced to replace all computer hard drives and network What does it cost? $5 Billion in 2017 from $350 Million in 2015 How do we stop it? Encrypted Offline Backups not stored on Main Network Segment Software Patch Older Legacy Systems Limit End Users Via Policy Do Ethical Hacking Tests for Vulnerability Have a plan in place if systems are hacked Verify all Vendors have Good Cybersecurity Policies and Procedures in Place

biometric authentication

When combined with passphrases or the tokens, cards, and OTP solutions discussed previously, a two or multi-factor authentication solution can be employed Physical user identifiers: fingerprint, retinal scan, voice imprint Palm Vein Scanners-"Palm scanning is 100 percent more accurate than fingerprints," Nader Mherabi, the chief information officer at NYU Langone Medical Center

clinical data warehouse

a shared database that collects, integrates and stores clinical data from a variety of sources including electronic health records, radiology and other information systems. They enable organizations to Monitor quality and trends Conduct practice-based research Track pathogens within hospitals Conduct epidemiological surveillance

data

characters, numbers, or facts gathered for analysis and possibly later action (bottom of information hierarchy)

synthesis

data -> information

integers

data type 32767, 15, and -20 are examples of which data type

cda template

header body

analysis

information -> knowledge

information

interpreted data ex) BP readings

RHIO (regional health information organization)

is "a health information organization that brings together health care stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community."

XML (Extensible markup language)

is a data packaging standard useful for sharing XML documents are both human and machine readable Elements-envelop data Attributes-describe the data (elements) XML messages have headings and message bodies packaging information by wrapping it in layers of "tags." Software must be written to send, receive or display these structures a content standard

HL7 (health level seven)

is an international standards development organization (SDO) HL7's domain is clinical and administrative data transmission and perhaps is the most prolific set of healthcare standards This standard helps communication between: Patient administrative systems (PAS) Electronic practice management systems Lab information systems (interfaces) Dietary Pharmacy (clinical decision support) Billing Electronic health records (EHRs)

abstraction

knowledge -> wisdom

LAN

local area network one room LANs generally refer to linked computers in an office, hospital, home or close proximity situation A typical network consists of nodes (computers, printers, etc.), a connecting technology (wired or wireless) and specialized equipment such as *hubs, routers and switches* LANs can be wired or wireless wired LAN's: Connect several computers or devices, a hub or a network switch is needed Routers-communicate between networks and the internet Switches-communicate between computers Unlike Hubs that share bandwidth, switches operate at full bandwidth. Switches are like traffic cops that direct simultaneous messages in the right direction Larger enterprises demands Gigabit Ethernet 100/1000 instead of 10/100 Greater bandwidth is necessary for many hospital systems that now have multiple IT systems, an electronic medical record and picture archiving and communication systems (PACS) Phone lines can connect a computer to the internet by using a dial-up modem. Digital subscription lines (DSL) also use standard phone lines that have additional capacity (bandwidth) and are much faster network connection than dial up DSL also has the advantage over modems of being able to access the internet and use the telephone at the same time Power lines are another option using standard power outlets to create a network. Ethernet is a network protocol and most networks are connected by fiber or twisted-pair/copper wire connections. Ethernet networks are faster, less expensive and more secure than wireless networks. wireless lans Wireless networks are based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard and operate in the 900 MHz, 2.4 GHz and 5 GHz frequencies Wireless networks have become much cheaper and easier to install so many offices and hospitals have opted to go wireless This allows laptop/tablet PCs and smartphones in exam and patient rooms to be connected to the local network or internet without the limitations of hardwiring but it does require a wireless router and access points

Flesch Reading Ease Test

measure to ensure documents are understood Assigns a value of 1 (most difficult) to 100 (easy)

wisdom

occurs when knowledge is used appropriately to manage and solve problems top of info hierarchy

blocking

opp of interoperability the practice of knowingly and unreasonably interfering with the exchange or use of electronic health information The U.S. Office of the National Coordinator for Health Information Technology (ONC) outlines three criteria for identifying when information blocking has occurred -- there has been interference, there has been knowledge and there is no reasonable justification for the data to be inaccessible

superbill

physicians use a --- , a list of the most common codes used in that practice Coding Specialist then bills out the claim

accountable care organizations (ACO's)

provide incentives to deliver high-quality care in cost-efficient ways that will require a robust IT architecture, health information exchange (HIE) plus analytics . This approach would be used to predict and quickly act on excess costs

knowledge

synthesis of information from several sources to produce a single concept 2nd highest on info hierarchy

HIE (health information exchange)

the "electronic movement of health-related information among organizations according to nationally recognized standards"

analytics

the extensive use of data, statistical and quantitative analysis, explanatory and predictive models, and fact-based management to drive decisions and actions" IBM defines analytics as "the systematic use of data and related business insights developed through applied analytical disciplines to drive fact-based decision making for planning, management, measurement and learning

health informatics

the science of combining heathcare data into information, to derive knowledge and create wisdom is the field of information science concerned with management of healthcare data and information through the application of computers and other technologies In reality, it is more about applying information in the healthcare field than it is about technology Technology can generate, transport and analyze useful healthcare data "Technology is the transportation, not the destination" also known as clinical informatics, medical informatics and biomedical informatics leading to confusion The most inclusive term is biomedical informatics because it encompasses bioinformatics as well as medical, dental, nursing, public health, pharmacy, medical imaging and veterinary informatics Bioinformatics is concerned with biological data, particularly DNA and genomic information

bandwith

the size of the pipe to transmit packets packets - data

WAN

wide area network a computer network in which the computers connected may be far apart, generally having a radius of *half a mile or more.*