Today’s data is then analyzed and processes to

Published by admin on

Today’s society is information
driven and is a world of instant access and connections. In a society where
nearly every person has access to a personal mobile phone or hand held computer
with access to worldwide internet and nearly unlimited access to information on
nearly any topic, including medicine and healthcare, it’s become paramount for
healthcare organizations and provides to adapt their practices. The change,
however is difficult and the process is slow. This paper examines challenges
for implementation of electronic health records (EHR) and patient privacy and
safety. Main drawbacks are lack of sophisticated information management
systems, the cost of implementation of system wide processes, and concern for
privacy and information safety.

healthcare is plagued by a multitude of problems, these problems are complex,
multifactorial and highly controversial. Problems include cost inflation,
growing and aging population, lack of access to healthcare in rural areas and increasing
demand for highly trained health care professionals (Adams, 2016). These
problems would not be easy to fix but to begin the process the underlying
causes of these problems need to be identified. The process of identification
is made easier with the adaptation of electronic processing systems and
implementation of electronic medical records (EMR) and electronic gathering and
analytical information management systems. The “big data” that is collected include
all interactions, encounters, examinations and outcomes for patients. This data
is then analyzed and processes to create new protocols of care and improve the
existing ones (Adams, 2016, Greennia, 2017).

Universal adaptation
of EMRs, EHRs and “big data” analysis is crucial in today’s day and age.
Management of severe or chronic disorders relies more on continues monitoring
of patient status, gathering and interpreting important data from various
sources and points of care. Care is coordinated across multiples industries and
specialties each relying on individual information management systems. A new
model of care is becoming imperative. A model which incorporates all of the
data gathering across time line of care and allows instantaneous access for
both the patient and the provider. A new model of coordination of care would
facilitate patient involvement in decision making process and improve access to
evidence-based practice. Universal implementation of this model is impeded by
factors such as cost, provider drawback and concern for patient privacy and

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

Cost associated
with implementing a new data gathering and processing system is preventing many
of the smaller healthcare providers from implementing the change. The goal EHR
adaptation is to improve outcomes, quality, and safety. Interoperability of
information management systems would increase efficiency, productivity and
provide cost reductions; and increase patient satisfaction and experience
(Harvey, & Harvey, 2014). Unfortunately, the cost of implementing a
comprehensive management system remain a major challenge, for many independent
practices and smaller or rural medical centers. Under the American Recovery and
Reinvestment Act of 2009 (ARRA), which emphasizes the need to move toward the
use of EMRs, providers are pushed to buy complex and expensive operational
systems that are not user friendly, require more expenses and extensive
training for providers if they need to be optimized or replaced at later time
(Kellermann & Jones, 2013).

The drawback form
more traditional providers is associated with lack of experience with commuter systems
and need for extensive training. Extensive training is needed to implement a
new organization wide information processing system. Many employees are
reluctant to change a familiar routine and adapt new ways of operation citing
increased time consumption, high risk for accidents during integration process,
and difficult to operate systems that require extensive training and frequent
updates (Kellermann & Jones, 2013). Car makers provide a variety of makes
and models, yet the operating principles are simple enough for any person to
drive the car off of parking lot without extensive training manual reading.
Financial corporations allow people to, with a few clicks of a mouse, easily
transfer money and access any financial information from any location.
Easy-to-use health records and operational systems would allow for patient to
easily access their information in case of need and share their result with
health care providers. Interoperable systems would allow providers to save time
on assessment and simplify diagnosing or interventions.

One of the biggest
concerns is patient safety and privacy. The Health Insurance Portability and
Accountability Act of 1996 (HIPAA) imposes costly penalties on healthcare
organizations for noncompliance with its privacy and security rules. The Health
Information Technology for Economic and Clinical Health Act (HITECH)
substantially increases the penalties for noncompliance. Any organization
covered by HIPAA and the HITECH Act must meet new minimum privacy and security
requirements, while continuing to monitor and comply with the growing number of
laws that govern patient information in every state in which the organization

Possible HIPAA
violations or data breaches due to incompetence or cyber-attacks can expose a
vast majority of people to financial and physical risks. Ethics and law regulate
that patients should have unrestricted access to their medical records.
Providers must be able to see the previous and current information to
adequately treat patients. These situations create possible openings for
privacy breaches i.e. unauthorized access to health information or
unintentional sharing of private information. A study of 949 data breaches of
personal health information that each affected more than 500 individuals found
that about two thirds of the breaches involved theft (58.2 %) or hacking (7.1
%). In the same study, another 11.1 % of breaches involved loss or improper
disposal of data (Bhuyan, Bailey-DeLeeuw, Wyant, & Chang, 2016). Technical,
regulatory, and economic issues persist.

While companies
are obligated to provide access for patients to their information, the security
of this information is often questionable. The encryption of information and
storage is often inadequate and can be frequently accesses by authorized
personal with access central EMR. A system has been proposed which allows
patients to regulate the type of data that can be accessed by the providers,
like mental or reproductive health, HIV status or other STD panels, or giving
adolescence access or sole responsibility for their EHR. Effectively, this
system would reduce access to private information and allow patients to only
share relevant or pertinent information. Such system would also allow for a
digital fingerprint to be left whenever someone accesses EHR. Unfortunately,
such system would require a highly educated consumers and raise many questions
as to what information is actually pertinent to a given situation or how to
access the information in an emergent situation or if the patient is
incapacitated (Bhuyan et al., 2016, Kellermann & Jones, 2013).

On the other hand information
technology provides an invaluable resource. Health data repositories provide a
nearly unlimited access to vast collection of information. In 2004, the
national Cancer Institute center in Bioinformatics launched the cancer
Biomedical Informatics Grip (caBIG). The data grid aimed to expedite knowledge
discovery and improve patient outcomes by supporting data sharing. CaBIG, was
built in accordance with risk assessment process and this example may serve as
a reference model for developing sharing and security frameworks for other
multi-institutional data-sharing. Review of caBIG concludes that secure,
large-scale data-sharing in a regulated environments is possible, the challenge
here is creating of models and common regularity processes and uniform
encryption and processing systems (Bromwich & Bromwich, 2016).

Cloud computing
provides a significant cost reduction and allows people with less IT expertise
to fully operate health services. Cloud computing allows for sharing of
computing resources and usage of external storage and management services. eHealth
allows smaller health care organizations to implement information processing
systems and mHealth allows for simplification of access to data repositories
while maintaining adequate level of security, flexibility and adaptability of
information (Bromwich & Bromwich, 2016, Harvey, & Harvey, 2014). These
systems use multiple layers of security, including digital signatures, hashing
and encryption and allow for benefits of using mobile devices at remote points
of care, and leveraging big data analytics to streamline the collection and
delivery of patient health information in emergency situations. These platforms
can be built on mobile phones, PDAs or tables and can be wipes to protect
personal health information (PHI). The benefits of cloud computing outweigh the
security concerns, although extensive education must be provided to both
providers and patients to ensure safe and effective use of information.

To implement these
securities several strategies have been suggested and as literature review
suggests these could be summaries as follows: Construct a separate legal entity
for governance of large-scale, federated, data-sharing initiatives, and central
auditing authority. Define risk models and risk management processes for data
within the organization, inter-organizational sharing and public access.
Develop a technical infrastructure to support the credentialing process in the
regulated environment. Develop or acquire acceptable HIPAA and research ethics
training modules for the entire federated community. Encrypt all mobile
devices, use location tracking software to remotely wipe data on device if it
is lost or stolen. Provide training of cyber security for employees so they
understand measures taken to prevent data breaches (Bromwich & Bromwich,
2016, Kruse, Smith, Vanderlinden, & Nealand, 2017, Parwan, 2017).

Ensuring these
security measure are taken has become a major concern for organizations and
their stakeholders. Clinical records hold a life-changing power. Records
documentation, gaps, inaccuracies, even tone can have a major effect on a
person’s life. When a record’s security is breached, identifying information
like diagnosis, medications, clinical history, and a patient’s most sensitive and
private information may find its way to an array of people and organizations,
perhaps exposing the patient to gossip, ridicule, identity theft, exposure of
private information on social media, and worse (Pope,
2015). Due to insufficient medical knowledge among patients, the content
of medical records might cause misunderstanding and also inappropriate sharing
of medical information. 

 Privacy is therefore a major concern and
providing safe and effective care is dependent of protection of personal
medical records. That being said, information has to be shared. Patient’s
diagnosis and test results must be shared among the team of healthcare
providers, certain information must be shared with insurance companies for
billing and coordinating purposes. Legal information may be needed for court
hearing and de-identified data may be used for research and academic purposes. This
poses a major challenge, as de-identification of data assumes that there’s a
specific, static list of identifying pieces of information and the use of such
data is sufficiently safeguarded from recognition or misuse. Plethora of
identified identity breaches and data leaks prove the opposite. The information
is not adequately safeguarded.

Transparency is
key. Transparency is data storage and use would allow for patients to be more
informed and would force a measure of accountability for the organizations.
Patients and front line providers should have a strong say in what pieces of
information should be saved, what information should be redacted and how the
information should be used. As it stands now one in six people withhold
information, provide false information, frequently change doctors, pay out of
pocket to avoid releasing insurance information or even avoid care, all in
order to protect their personal medical information out of fear that they will
somehow be reprimanded (Kaplan, B. (2016).

education of both patients and employees and building of trust is crucial for
providing security and quality patient care. Even with vast majority of people
(96% percent of people participating in medical record sharing study) agreeing
that information sharing would lead to better care aforementioned lack of trust
is concerning (Caine, & Tierney, 2014). Data security, health care quality
and work impact are major concern of different types of EHR users.

Wang et al. (2015)
performed a study which examined different users’ attitudes towards EHR, their
implementation and concerns for safety and effectiveness. The clinical staff
agreed that user interface (UI) had a great impact on willingness to use the
system, complicated UIs diverted attention and willingness to learn the system,
also clinicians expressed concern that privacy of patients may be violated and
that the implemented system should protect privacy through conditional
implementation by consent of patient. Clinicians agreed that the intentions of
implementing EHR and cloud computing in healthcare, if adequately secured,
would have a vastly positive affect on productivity, quality, and costs and may
improve the relationships between patients and physicians. Furthermore, medical
record staff, like clerical and billing department employees as well as
patients themselves expressed concern for confidentiality and ease of use for
the implemented system. This further illustrates the importance that the
developers must stress these critical aspects of the system.

care providers and administrators understand hat trust is central to achieving
good health care. Providers understand that if they violate patient trust they
will lose this trust and this will prevent them from achieving good outcomes
and effective care. Providers understand that if privacy is insufficient, some
patients will avoid care altogether or withhold health information from
providers. Insufficient privacy may also pose risk to public health, with
patients opting out of participating in health research, with nearly 30 percent
of adults declining due to concerns that their personal information would not
be kept private and confidential. Given this it’s not surprising that providers
are some of the strongest advocates for maintaining patient privacy (Caine & Tierney, 2014).

government, under HITECH legislation has developed “meaningful use” criteria
for EHT. The top priority outcomes for implementing EHR are improving quality, safety,
efficiency and reduction of disparities, engaging patients and families in
their health, improving care coordination, improving population and public health,
ensure adequate privacy and security for patient health information. Unfortunately
during this transitional phase where health information technology is being
rushed into use, is difficult to use, falls short of promises for reducing
workload, and in many cases, increasing workload. The principle that patient
trust is fundamental to success for healthcare must not be forgot in the rush
to implement technologically superior health care system. To achieve meaningful
use, the programs were to roll out in stages with specific deadlines but in
many cases the roll out has fallen short due to provider reluctance or software
vendors not keeping up with the demands and the cost or implementing, as there
are currently over 700 vendors selling EHR and over 1,750 different forms of EHRs.
(Caine & Tierney, 2014, DeAngles, 2015, Buchbinder & Shanks, 2017)

            A national
EHR network would allow the EHR data to be standardized, maximizing integration
of EHRs and allowing for interoperability and therefore, decrease needless costs
associated with poor data. DeAngles, (2015)
found a nearly 10% decrease in cost of treatment corresponding to
implementation of advanced EHR, also interoperability based on standardized
protocols for encryption and storage, would control costs associated with fraud
and abuse, associated with duplicate testing and billing. The office of
Inspector General (OIG) in 2014 suggested a plan for pushing compliance and
reducing waste in EHR implementation, OIG would review privacy and security protocols
and audit institutions receiving financial incentives for participating in EHR
implementation. Unfortunately OIG still largely ignores the interoperability issues
leaving vendors with incentive to spend time and resources to synchronize their

            Current laws regarding EHR transfer
are prohibitive of interoperability and effective information sharing. Many
states have more restrictive legislation when compared to HIPAA, rendering
access to patient data difficult and national EHR with interstate data transfer
ineffective. The federal regulation such as HIPAA and HITECH should be viewed
as most stringent, in terns or privacy regulation. National EHR may not necessarily
be run by the federal government, as many people do not trust the government to
keep their information safe and protected (Foley, 2006). Instead a third party contractor
should be in charge of information storage and safety, with central governing
agency auditing the facility and safety protocols. Qian, Li, Zhang & Han, (2014)
provide multiple approaches for establishing privacy-preserving security
protocols to assist patients with achieving access control. A de-centralized approach
to national EHR implementation with multilayer securities, such as allowing
patients to grant access to specific parts of EHR to providers of their choosing,
by providing corresponding encryption keys and digital signature with
timestamps to provide accurate access log.

            A centralized
architecture approach is based on central repository where all nationwide EHR
data are stored, with formal consent obtained, the patients’ health data is
integrated from multiple providers encrypted on both ends to provide multiple
layers of protection and de-identified in case the data could be used for
research studies. Patients may select which other data they wish to be included
in their EHR and who would have access to which parts of the EHR, for example
patients may feel that a podiatrist may not need to see therapist’s notes, yet
family members may be able to see some of the general information from system’s
portal. This system set up would allow patients to have control over their
information, the physicians would be able to access a complete data repository
in case of an emergency, and information requisition would be simplified for
the billing and insurance purposes (Fragidis,
Chatzoglou & Aggelidis, 2016).

benefits of centralized repository is fast processing of information, but the
limitations are tied into security, cost of maintenance and redundancy of information
if the entire EHR is stored and not summarized. A proposed semi-distributed approach
takes into account the benefits of both centralized and distributed data
storage approaches. With several distribution points, security is maintained if
one of the centers is compromised, but the processing speed is increased from
when the information is stored locally at provider’s locations, also
eliminating costs for individual providers to host and maintain data repositories (Fragidis, Chatzoglou & Aggelidis, 2016). To implement such system a
unique identification number such as the Social Security number may be used to
tie the repository to an individual and individualized PINs for access
granting. A centralized auditing organization is needed to oversee the implementation
of the nationwide system. Extensive education would need to be provided to the
employees, managers, patients and family.

            While the
initial costs of EHR implementation are concerning and pushback form patients
and providers is well understood. The benefits of such systems overweigh the
initial concerns. Increased speed in EHR access, medical errors prevention,
cost saving by diagnostic examinations and medication reduction, improve health
information quality. With the benefits in mind, the federal government should
focus on creation of centralized approach to data sharing with standardized protocols
so that EHR vendors would be focused on creation of user friendly interoperable
systems. Patient concerns for safety should be addressed by implementing
multilayered security system in a decentralized, semi-distributed repositories.
Cloud computing for reduction for cost and ease of access with web based application
for information sharing. The challenges for health managers are still numerous,
but well understood with multiple solution available. The focus must be made on
the fundamental problems for implementation for EHRs.


Categories: Decision Making


I'm Iren!

Would you like to get a custom essay? How about receiving a customized one?

Check it out