90 likes | 251 Views
Secure Practice Management System for Small Healthcare Providers. Kingdom Iweajunwa Saeed Rajput. Introduction. Need to provide small practices with cost-effective patient management solutions that meets privacy and security standards of HIPAA
E N D
Secure Practice Management SystemforSmall Healthcare Providers Kingdom Iweajunwa Saeed Rajput
Introduction • Need to provide small practices with cost-effective patient management solutions that meets privacy and security standards of HIPAA • Majority of the population receive health care through small practices • In 2001, the Workgroup for Electronic Data Interchange (WEDI) estimated 400,000 small practices will be affected by HIPAA[1]
Impact of HIPAA on Small Practices • All entities that exchange electronic data directly or through clearing houses are affected • Medicare will not honor non-electronic claims • Small practices must change existing PMS to handle HIPAA standardized transaction formats, new code sets,National Identifier scheme, privacy and security standards
Privacy:what needs to be protected • Demographic data (age, sex, personal identifiers etc) • Consultation and treatment records (doctor’s notes, prescription, immunization etc) • Billing and payment information • Provider data • Patient visit schedules
Obstacles to small practice Compliance • Low network connectivity • Small providers still use non-secure communication channels eg dial-up, faxes • High volume paper correspondence • Doctors’ apathy towards information sharing • Doctors’ low budget for information technology • Lack of personnel to handle HIPAA-mandated administrative tasks
Security: methods to protect privacy • Authentication : users must be uniquely identified. Use of user id/password may be sufficient • Authorization: access to protected data must be on need-to-know basis • Audit Trails: all attempts to access, copy,create or modify protected data must be recorded concurrently with the attempts • Disclosure Log: disclosure of patient record must be • authorized by patient and logged • Secure data storage and transmission: data exchange • should be via secure channels and storage media physically secure • Disaster Prevention/Recovery: allow for regular data backup
A few Use Cases Patient clerk Patient Registration uses Payer Validate Billing Info. uses Patient Visit Lab services provider External Lab Work Nurse Release Medical Record External Physician Transcribe Prescription Transcription provider Doctor Billing for Services Billing provider
Authorization model Patient <<role>> Rights read modify create delete release 1 Rights read approveRelease owns 1 Clerk <<role>> 1..* Medical Record * Doctor <<role>> * Rights read create modify * 1 1 1 * PersonalData AuditLog TreatmentRecord Transaction Payer <<role>> * * Rights read * Rights read modify create * Nurse <<role>>
Sequence Diagram: Releasing patient medical record to External Physician External Physician <<actor>> Doctor <<actor>> Patient <<actor>> :Treatment Record :AuditLog RequestRecord RequestRelease Authorized writeDisclosure return return sendRecord