Information Systems for Electronic Health Records

✅ Paper Type: Free Essay	✅ Subject: Information Systems
✅ Wordcount: 6822 words	✅ Published: 23rd Sep 2019

Reference this

Share this: Facebook Twitter Reddit LinkedIn WhatsApp

Health Service Executive

(HSE)

EHR – Electronic Health Records

Contents

Introduction……………………………………………….3

Introduction to the organisation……………………………………3

EHR – Electronic Health Records……………………………………4

Review of current organisation/sector………………………………..4

Vision/ Goals of Organisation……………………………………..5

EHR – a pillar of eHealth Strategy…………………………………..5

Key components of the EHR………………………………………6

ICT within healthcare reform……………………………………..7

IT structure and approach to IT (estimate)………………………………7

PESTEL…………………………………………………..8

SWOT Analysis………………………………………………9

Stakeholder Analysis…………………………………………..9

The key stakeholders are:……………………………………….9

Risks…………………………………………………..10

The below key risks have been identified, with the risk to data security being the main one…10

Risk Review /mitigation / controls / effectiveness of controls ………………….12

References……………………………………………….18

Appendixes……………………………………………….20

a)E-Health org structure……………………………………….20

Introduction

Information Management Systems (IMS) offer many advantages and opportunities if they are set up properly and managed and controlled effectively and are supporting an organization’s work. The scope of the IMS is determined by the needs and expectations of the stakeholders.

As laid out in detail on their website http://www.ehealthireland.ie/, the HSE’s new e-health strategy includes the setup of an IMS of Electronic Health Records (EHR) nationwide i.e. for the whole of Ireland.

Availability of personal data, in this case patient health records, offers a lot of benefits but at the same time puts the security of this data at risk. The bigger the volume of data and the higher the number of people accessing the personal data of individual patients, the higher the risk to data security and the exposure to external threats. Increased benefits for patient healthcare, socio-economic benefits and new opportunities go hand in hand with increased risks and vulnerability of the system.

An IMS of that scale i.e. on the national level, creates a challenge for Information Management System Security (IMSS) and IT. It requires an architecture that champions data security and compliance with GDPR.

Such a system requires buy in from management, stakeholders and staff as well as expert solution architects and substantial, continuous government funding during the length of the project.

As the HSE is a public service organization, compromised data and data leaks will result at least in loss of faith in the EHR IMS amongst the public and potentially also in a loss of trust in any medical evaluations and treatment programs designed which are based on electronic patient records. In the worst case scenario compromised health records can result in loss of life.

Therefore, data security is the most important concern which if compromised will destroy the public’s trust in the HSE and its new e-Health strategy irreparably and will jeopardize the vital buy-in from management and stakeholders.

According to a research study commissioned by McAfee (Samani, 2016) patient records are a most wanted commodity in the dark web and the EHR IMS will need to prevent and address such external threats if it is to succeed in supporting the organization’s work.

This paper will discuss benefits, opportunities and the cost associated with EHR as well as the risks which will, if not controlled, cancel out any possible benefits and advantages. It is this aspect of looking into benefits and gains versus high risk to data security that makes the EHR so interesting from an IT perspective.

As the general public / patients are amongst the stakeholders the HSE’s eHealth initiative should be of concern and interest to everyone.

Introduction to the organisation

The HSE is responsible for providing all public health services in Ireland in hospitals as well as local communities throughout Ireland.

Goals of the HSE:

Providing health services as well as social care services all over Ireland
Deliver the best health services and medical care to everyone in the country
Ensuring access for everyone in Ireland to save and quality care

In response to advances in technology and increased internet usage as well as demographic and other factors, changes in healthcare are required urgently to support the goals set by the HSE.

A new strategy for the healthcare sector is required to address these changes and also to meet the challenge set by the EU’s task force report “European Union eHealth Action Plan 2012-2020”(2012). The aim of this study and EU strategy is to provide access to high level healthcare for all European citizens.

Part of the organisation’s new strategy is eHealth, with the EHR (Electronic Health Record) initiative at its core. Patient records will be available online for all medical professionals in order to increase efficiency of the healthcare delivery systems as well as to drive economic growth and development by providing better care for the individual patient.

In the centre of the new healthcare delivery system is the patient and the patient will be empowered to pursue their health and wellbeing and the provision of the healthcare services.

EHR – Electronic Health Records

What is eHealth (Electronic Health)? It demands the integration of all the information and sources of information which are involved with the delivery of healthcare through technology Information Management Systems.

Amongst others, this includes patients and their health records as part of a digital supply chain which involves a high level of automation as well as the sharing of information.

Review of current organisation/sector

Organisation Structure

The HSE employs over 100,000 people, whose job it is to run all of the public health services on a national level in Ireland. As patients are at the centre of this organization, the HSE manages its services through a structure that is designed to support that. An overview of the principles, policies, procedures and guidelines can be found in the HSE Code of Governance.

It’s by these Policies and Guidelines that the HSE directs and controls its functions and oversees its business. This code is meant to guide the Directorate, leadership groups/teams and everybody else working with the HSE as well as the agencies funded by the HSE, in doing their duties to the greatest standards of responsibility, integrity and propriety.

Representatives from city and county councils are organized respectively in four Regional Health Forums. The below org chart (Figure 1) which can be found on the HSE website (https://www.hse.ie/eng/about/who/) gives a more detailed insight into the HSE structure.

Figure 1 – HSE org chart – https://www.hse.ie/eng/about/who/ – last accessed 23-12-2018

Vision/ Goals of Organisation

Strategy of Organization

Introduction of a national EHR (Electronic Health Records) system / IMS (Information Management System)

This is part of the Integrated Services Framework (ISF) to bring standardization to the HSE’s specialised, application and information architectures. This is also part of the e-Health strategy for Ireland.The access to high quality, accurate and timely information is essential to efficient medical staff and patient relationships resulting in improved results.

The EHR IMS will permit the electronic storage of medical records and evaluations utilising a special individual identifier on a nationwide level. The digital patient documents are shared securely with proper patient consent as outlined at the eHealth Strategic Programme (http://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/)

EHR – a pillar of eHealth Strategy

The production and sharing of crucial patient data lie at the center of the national EHR solution. This alternative will unite core operational options (with functions like ePrescribing and Case Management), in addition to the aggregation of information from such systems into a comprehensive nationwide document, which is available to health and healthcare professionals, service users and carers. The availability and accessibility of patient information across the various organizations with the remit of the HSE – this opportunity will be offered by the EHR system as one of the pillars of the eHealth strategy.

The programme is currently focused on the design of the overall implementation strategy and roadmap that:

Combines pragmatic use of existing systems
Meets Special needs like the Introduction of the Children’s Hospital Group as a ‘Electronic/digital hospital’ at 2019
Supports HSE reform’s broader objectives
Extends the capability offered across care settings and organisations in A phased strategy.

This design stage will require extensive consultation with clinical, administrative, managerial and technical stakeholders to make sure the layout is directed by the requirements of those groups with the required support to guarantee success in future installation. This is a complicated and large transformation programme, requiring a substantial investment within 10 – 15 decades.

Key components of the EHR

As outlined in the National Business Case (9), the below 4 key components constitute the National EHR for Ireland:

National Shared Record

Community Operational Systems
Acute Operational Systems
Integration Capability

Benefits of EHR

There are a number of potential benefits of a national EHR IMS. Amongst these are increased patient safety and high quality of care, lower risk of error in diagnostics and treatments as well more efficient administration and socio-economic benefits. This valuable knowledge database based on the collection of data facilitates advanced medical knowledge and so much better management of disease and healthcare planning.

Figure 2 – EHR benefitshttp://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/

Background

The HSE has experienced serious issues in the past with for example long waiting lists for medical care by patients and increased costs (, EHR-Vision-and-Direction)

According to a recent article in the Irish Times (https://www.irishtimes.com/news/ireland/irish-news/rcpi-calls-for-implementation-of-electronic-health-records-1.3504892), the Royal College of Physicians of Ireland (RCPI) has supported the call for the full implementation of electronic patient records, stating such a move would help to protect patient privacy. Data privacy has and still is an issue as patient records exist in paper format, are at times exposed to staff who have no need to access these.

Future delivery of health care

A new thing called “eHealth Ireland” will be created, originally in an administrative basis inside the System Reform Group (SRG) of the HSE. The Chief Information Officer (CIO) who will work closely with each one the major business organisations within the healthcare, so as to push the eHealth strategy and make sure that key IT systems have been implemented on time and to budget.

A new IT strategy for the health system as by state and government Health Information and Quality Authority (HIQA) a including financing, legal agencies like the Health Services Executive ICT Directorate and SRG, the Empowering, public awareness, stakeholder participation and construction the eHealth Ecosystem.

Figure 3 – national EHR system – http://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/

A national Electronic Health Record (EHR) has been identified by HSE while technology solutions are a key component, the national EHR programme represents a substantial transformation in the use National Directors and clinical leaders as a key component requirement for the future delivery of healthcare. There’ll be a main focus on the way clinicians and administrative personnel utilise this technology in a manner that closely aligns with and underpins the ambition for Integrated care and other national healthcare reform priorities.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

ICT within healthcare reform

IT structure and approach to IT (estimate)

ICT is going to be an element in healthcare reform. Ireland is put within an ambitious journey at the reform of health care in recognition of their need to radically alter health provision to meet with the challenge of providing sustainable high excellent care for the whole population. Knowledge and information are a core strength of the health systems and the development and application of the advantage in an efficient manner is vital to improving performance throughout the system. The capacity to document and discuss crucial information on individuals’ and service users’ interaction across businesses and care settings is an integral part of eHealth and provides advantages for individuals, service users, carers, health and social care professionals and broader stakeholders from the healthcare. The programme intends to exploit the capacity of ICT to become consistent in our delivery of better, safer and more, personalised care.

IT resources

IT Manager, Technical and Solution Architects, IT Project Manager, IT engineers

3rd party software development / implementation vendors (vetting in progress)

Facilities

Hospitals, starting with the National Children’s Hospital

Private practices

Ambulances

Equipment

Smartphones
Laptops
Tablets

Budget

The HSE / EHR is dependent on government funding and budgets will be allocated as below over the next couple of years:

The Minister for Health has vowed to bring proposals to government in coming months about how to move this program forward and it’s planned that the first hospital setting to get an electronic health record (EHR) will be the New Children’s Hospital in Dublin.

The Government will spend $60 million on health IT at 2018, $70 million in 2019, $85 million in 2020, $87 million in 2021.

The Government Intends to spend $55 million on health Services Information and communications technology (ICT) in this year and next year The HSE recently filed a business case for a national EHR for Ireland, which can offer for a digital platform round the acute, community and primary care places, allowing the connectivity required to support models of integrated care, €412 million will be spent over six years.

PESTEL

Definition: A PESTEL, PEST or PESTLE analysis is a framework or tool used to analyze and monitor the macro-environmental factors that have an impact on an organization. The result of which is used to identify threats and weaknesses which is used in a SWOT analysis.

PESTEL Analysis
Political	Economical	Social	Technological	Environmental	Legal
Government funding EU	Services from 3^rd party vendors	general public, medical staff, HSE admin staff	ever changing technology	external factors such as natural disaster	GDPR*
	ROI		IT expertise
			system architecture
			digitalization, broadband

*GDPR: “General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.” (https://www.dataprotection.ie/en)

SWOT Analysis

Definition: SWOT analysis is a strategic planning technique used to help an organization identify strengths, weaknesses, opportunities, and threats related to project planning.

SWOT
Strenghts	Weaknesses	Opportunities	Threats
qualified and experienced healthcare admin staff & medical professionals (GPs etc.)	dependency on government funding	co-operation with other departments/organizations for better services	rapidly changing technology
nationwide network	no such system exists yet	new funding initiatives for improved IT infrastructure	budget deficits
extra ordinary IT infrastructure	delays in implementing system fully	efficient training and educational programs for staff & medical professionals	un-necessary political intervention
efficient & fast service e.g. access to patient health records	delayed ROI	initiatives for better management	data security leaks
improved treatment/ health of patients	Dependency on 3^rd party vendors	economic opportunity through the use of technology enabled solutions	data integrity issues

Stakeholder Analysis

The key stakeholders are:

Office of the Chief Information Officer (IT etc.)

General public (patients)

Medical Professionals (Hospitals, GPs, Ambulances etc.)
Admin / Clerical

Finance (CFO)

Department of Health / Minister of Health

eHealth Ireland Board

PR / Head of PR & marketing

Risks

The below key risks have been identified, with the risk to data security being the main one.

Confidentiality

Information security breach

Integrity

Incorrect and /or missing data / data quality issue

Availability

Project delays / system not ready when needed
External & functional threats resulting in loss of data/ unavailability of data
Insufficient architecture
Loss / disruption of funding
Lack of competence of 3^rd party vendors

Risk / Effect review

Confidentiality

Cause: Information security breach

There is a high demand for medical records on the black market as they are more valuable than financial records. Electronic health records can sell for as much as €40, compared to just €1 for credit cards in the dark web. Medical records are more valuable because their theft is harder to detect and more difficult to resolve and medical history cannot be cancelled.

Effects:

Individual patient data is available to others – GDPR violation by the organization (legal) as well as identity theft (criminal); loss of reputation of organization as well as possibly loss of funding

Integrity – Data Quality Issue

Cause: Human error due to unskilled resources/sabotage; lack of buy-in; due to external hacking

Effects:

Results in potentially wrong medication/treatment of patients caused by compromised data Blackmail/ phishing attempts threatening data integrity

Availability – external threats

Effects:

• Loss of data; data not accessible when needed affects patient care / service provision

• System failure

• IT architecture issues i.e. IT not delivering expected outcome

• Technology not up to date; technical vulnerability

• Planning, delay of implementation i.e. system not available when needed = financial impact

• Loss or disruption of funding & ROI issues

Risk Review /mitigation / controls / effectiveness of controls

To ensure risks are reviewed, controlled and measured on a regular basis it is essential to create and maintain a risk register.

A risk register should state the risk, the controls in place and the measuring of the effectiveness of these controls.

Management support and buy-in are essential in managing risks and controls / improvements as lack of support filters down to other stakeholders and negatively affects the whole IMS implementation and maintenance process.

Please find the three main risks plus controls and how the effectiveness of these is measured below:

Confidentiality – Information security breach

Risk Mitigation: Set up a system of user access controls

Data security education of users

Set up system of controls
- Create access control policy
- Circulate access control policy amongst all users as compulsory reading
- Raise awareness regarding unauthorized access requests, e.g. Phishing emails

Measuring of effectiveness of controls
- Send fake phishing emails to see who clicks on the links
- Get all users to docu sign the access policy and certify awareness
- Visual inspection – check for exposed / written passwords

Implementation of user access control system

Set up system of controls
- Register IP addresses and associated passwords to check if a different IP address is used
- Password encryption – minimum of 2 passwords
- Requirement to change passwords once a week
- Privacy screens on laptops & monitors
- Limited network access on a per need basis which is password restricted
- Technology always up to date to prevent vulnerability i.e. unauthorized external access
- Sophisticated / best of anti-virus software / malware protection in use

Measuring of effectiveness of controls
- Run log file to check passwords used against IP addresses
- Visual inspection at facilities – check hardware in use for privacy screens
- Engage professional hacker to test vulnerability of system / network and performance of malware protection when simulating a zero day attack
- Send regular updates to users of the latest security threats and how to avoid them

Continuous improvement

Learn from any security breaches and constantly review and adjust controls

Integrity – Integrity Issue

Set up system of controls:

Staff competency – training of users entering and managing data on system use
Create quality and security objectives (management) and circulate tom raise awareness
Ensure buy in of staff to provide high quality of data into the system
Completeness of data / timeliness of data in system – funding to be secured
Planning for contingencies timewise
Management buy in
Enough resources no overworked staff etc
Raise awareness regarding unauthorized access requests, e.g. Phishing emails
Raise awareness of blackmail to corrupt data

Measuring effectiveness:

Send fake phishing emails to see who clicks on the links
Quarterly financial reports (P&L)
Status reports (weekly) to check if project implementation milestones are being met
QA data entered to ensure quality & integrity of data
Send regular updates to users of the latest security threats to data integrity and how to avoid them

Continuous improvement:

Retrain users, run refresher sessions of training

Update / improve training documentation

Availability – external threats

Set up system of controls:

• Monitor project milestones

• Manage & monitor financials

Facility inspections / test – check for vulnerabilities to environmental threats such as flooding, defect facility equipment, fire hazards physical e.g. water damage
Create emergency response plan & engage all necessary stakeholders to ensure awareness
Ensure systems are fully functioning
Manage Hardware functionality & to ensure latest OS appliance and performance
Trigger regular OS updates to ensure latest security protection patches & upgrades are applied
Implement sophisticated malware protection system

Effectiveness of resolution

Run log files to identify users that haven’t installed latest updates

Simulate an emergency and test emergency contingency plan effectiveness e.g. fire drill
Test system functionality and run performance reports to be aware of any deviations that could indicate an upcoming malfunctioning
Keep inventory of hardware and users assigned to as well as life time of hardware devices
Install intrust detection systems
Password policy in place
Install VPN systems, encrypt Wi-Fi and general hospital traffic and use firewall technology where needed.

Continuous improvement

Vary inspections

Simulate different scenarios of emergency and try to increase response time
Constantly compare malware protection options available to ensure you have the best one

All three categories have an impact on the overall success of the IMS EHR system. Effectiveness results in cost reduction, better health care and patient satisfaction as well as a sophisticated IT infrastructure and expert resources.

Summary

If risks are properly managed the EHR offers immense opportunities to digitalize and improve the Irish National healthcare system in a sustainable way. The scale of the project is a concern and a huge challenge for Solution Architects and IT but as well as HSE management and key stakeholders but even if challenges occurr improvement from the current decentralized system will be achieved.