330 likes | 492 Views
Managing Change and Security. HLST 2040 16-11-2012. Video on security. Please watch the two videos on security. They are available on the moodle course page. Healthcare Business Environment. Pg.304 Cost Efiiciency Communication poses barriers to achieving desired Health outcomes
E N D
Managing Change and Security HLST 2040 16-11-2012
Video on security • Please watch the two videos on security. • They are available on the moodle course page
Healthcare Business Environment • Pg.304 • Cost Efiiciency • Communication poses barriers to achieving desired Health outcomes • Traditionally how much money does healthcare business invest in technical training? • Communication is an important part of healthcare
Theories about change • In the very first lecture, we saw theories of change • Kurt Levin’s change theory was covered • Organization theory – pg. 305 • Another theory that explains why and how organizations change • It looks at them at a macro level
Organizational Behavior Theory • What is the difference between Organization theory and Organizational behavior theory (OB)? • Focus on small groups and individuals – pg. 306 • OB provides deeper understanding of why, when and how the advances in IT are adopted by , or are not adopted by, an organization
Realities of our Heathcare Environment • Cost is rising every year • We are spending more then 40% of our budget on healthcare across Canada • Emphasis on teamwork- FHT • Consumers and governments are looking at performance measures more keenly
Performance Measures • See pg. 307 • Customer Satisfaction • Clinical Productivity and efficiency per physician • Financial cost per relative value unit of service • Employee satisfaction
IT challenges • How to continually update HW and SW? System downtime? • Can they develop IT systems jointly? • What is the role of standards? • What is the role of organizations like COACH, CHI and the provincial governments? • Example is EMR adoption by GPs in Ontario • Limited IT dept. resources
Dangerous choice • Neglecting the need to invest time for motivating people to use the new technology • Not just money, but other incentives • Box 14-2, right things to do • Pg. 315 – how to implement change while implementing EMR?
Capability of IT systems in Healthcare • Pg. 308 • Transfer information across settings for each encounter • Standardize the way in which records are stored • Provide feedback, immediate and meaningful feedback
Encouraging Change • Champion Users • Normative pressures – pg. 311 • Policies that encourage change • Who should make those policies? • Workflow changes • Formal informatics education • Avoid the cascade effect – pg.314
Role of the Leader • Administrator, or manager, own behavior and IT skill level – pg. 314 • How persistent is the administrator in the face of problems?
What happens when CPOE is implemented? • Pg. 313 • Acceptance of change has varied from reluctance to whole-hearted acceptance • Involve users from the start for greater success • Find Champions while rolling out • Use bench-marking?
How to do conversions? • What is a conversion? • Difference between place and method • Could be a mix • Pilot • Parallel • Cold Turkey or direct
Case Study • You are implementing a telemedicine project at your hospital, what are the issues?
Privacy and Confidentiality • Pg. 439 • Privacy refers to an individual’s desire to limit disclosure of personal information • Confidentiality deals with whether the information is released or not • Security is the measures that are taken to protect privacy and confidentiality
Access • Ability to obtain data and information for specific purposes by specific users • Many measures are afoot to control access • Technical measures • Policy measures which may be non-technical • In the last few years, eHealth and mHealth have made security and access complex issues
Integrity • Pg.439 • Integrity deals with completeness AND accuracy of data and information as well as protecting them from processes that would invalidate them • Accidental entry of incorrect information or data is a threat to the integrity of the patient’s record
Changing Data and Information • Can be accidental like transcription errors • Can be intentional like deliberate erasure • Computer viruses and worms – pg. 440
Availability • The ability of the information users to easily access data and information appropriate to their authorization level when needed • How will you implement security measures? • User roles will be explained by Sai • Archiving • Tradeoff between security and availability
Transition from a Paper Record • Both good and bad • Sharing • Security • Cost • Usage popularity by providers and patients • Change management
Legislative protection of Privacy • Assures that patient records will not be disclosed to third parties without patient consent. • Done both at Federal and Provincial levels • PROVINCIAL/TERRITORIAL LEGISLATION • Health-specific legislation: Manitoba, Alberta and Saskatchewan, Ontario • If there is no provincial rule then Federal laws apply
Legislative protection of Privacy • FEDERAL LEGISLATION • Statistics Act • applies to collected patient-identifiable health information. • Personal Information Protection and Electronic Documents Act (PIPEDA)(2002) • applies to personal health information collected, used, or disclosed in the course of commercial activities across provincial/territorial and national boundaries. • Applies to all kind of customer information, not just healthcare • Will apply to healthcare if there is no provincial law like PHIPA
Personal Health Information Protection Act 2004 • The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario’s health-specific privacy legislation. • Came into effect on Nov. 1,2004 Prof. Sai Vemulakonda
What it does? • New rules allow individuals greater control over how their personal health information is collected, used or disclosed. • PHIPA provides health care professionals with a flexible framework to access and use health information as necessary in order to deliver adequate and timely health care. • Sourec: http://www.ipc.on.ca/index.asp?navid=63&fid1=28 Prof. Sai Vemulakonda
Links for PHIPA • http://www.ipc.on.ca/index.asp?navid=63&fid1=28 • http://www.health.gov.on.ca/english/media/articles/archives/ar_04/103004a_ar.html Prof. Sai Vemulakonda
Electronic Tools used for Security • Firewall • Authentication – UID and PW • Biometric identification pg. 447 • Locks, Physical and otherwise – pg. 446 • Disabling single sign on • Audit Trails • Fencing depth
Implied Consent • PHIPA acts on the concept of implied consent • What does it mean? Prof. Sai Vemulakonda
Informed Consent • It is a basic rule that in all research involving persons a prerequisite is that each person sign an Informed Consent form prior to the study done. • Various Bioethics bodies and professional associations have outlined whatis required of the research person and the participant in order to make the informed consent valid. • Release of information consent
Assumed Consent • Exceptions to the basic rule where informed consent applies: • Reporting communicable diseases, imunizations, traumas • Data for administrative purposes, financial audits • data from medical charts or large databanks used for research • approved by a bioethics committee • stripped of patient identifiers
Privacy vs. access of EHR • It is not possible to achieve both perfect confidentiality and perfect access. • Need-to-know assessment • for healthcare professionals • for patients • How much info should be send from one provider to another? • Access health data by insurers
Summary • Change • Managing it and policies • Security, Privacy and confidentiality