Health Information Systems Quiz

Questions and Answers

What is a primary purpose of a Request for Proposal (RFP)?

• To provide a brief overview of the system features
• To assess the internal environment of an organization
• To request feedback from users on system design
• To solicit detailed proposals from vendors that outline their capabilities (correct)

Which of the following is NOT typically included in the technical criteria for system evaluation?

• Compliance with legal requirements (correct)
• Test and training environments
• Support for other technology
• Response time

What role do questionnaires and interviews play in assessing the internal environment?

• They evaluate the technical specifications of the hardware.
• They document the organization's contractual requirements.
• They only collect data related to system security.
• They help determine who uses the information and how. (correct)

What is one critical component of the system implementation phase?

Selecting the implementation committee (A)

Which aspect is emphasized in the administrative criteria for system evaluation?

Purging and restoring data (B)

What are the three classifications for interoperable data?

Emerging, Pilot, National (A)

Which type of interoperability ensures the meaning of the exchanged data is consistent on both ends of the transaction?

Semantic (D)

What does Health Information Exchange (HIE) primarily involve?

Electronic movement of health-related information (B)

Which of the following is NOT mentioned as an effort for interoperability?

RESTful APIs (D)

What is one major benefit of interoperability in healthcare?

Improved access to information (A)

What is a significant integration issue faced in achieving interoperability?

Vendors' failure to deliver on promises (C)

Which standard is primarily used for the exchange of clinical data?

HL7 (D)

Which of the following is a category not associated with data exchange standards?

CSV (D)

What estimated percentage of annual U.S. healthcare expenditures can interoperability potentially save?

5% (A)

What is the first step in the strategic planning process?

Define the corporate vision and mission (D)

Which of the following is NOT a role of the project manager?

Analyze the organization needs (A)

In the needs assessment process, what is the purpose of identifying deficits and issues?

To analyze organizational needs (C)

Who should chair the steering committee?

A member of administration (D)

Which characteristic is important for members of the steering committee?

Good organizational skills (D)

What role does technology play in strategic planning?

It must be factored into the strategic plan (B)

What is the outcome of strategic thinking?

Creating a strategic plan (C)

Which aspect is NOT included in the analysis of the current system?

Development of a communication plan (C)

What requirement is necessary for steering committee members?

They should have good communication skills (C)

What is the primary purpose of setting policy guidelines in the strategic planning process?

To guide the implementation of strategies (C)

What is the primary purpose of access control in security safeguards?

To ensure that only authorized users can access information (D)

Which type of risk is determined as having a high likelihood of occurring?

Risk that poses a serious threat and requires immediate action (A)

What is entity authentication primarily used to determine?

If an individual is genuinely who they claim to be (D)

Which of the following elements is NOT a component of a comprehensive security plan?

Financial audit techniques (B)

What is considered a method of access authentication?

Biometric measures such as fingerprints (D)

What role does the Chief Security Officer (CSO) play in an organization?

Manages security plans and enforces compliance (A)

Which of the following describes a context-based access control?

Access depends on the specific circumstances of the request (C)

What is the primary distinction between data and information?

Data is gathered for analysis, while information is interpreted data. (C)

Which of the following is NOT a force driving information technology in healthcare?

Consolidation of healthcare institutions (C)

What synthesizes data to create knowledge?

Combination of multiple information sources (B)

Which technology improves accurate patient identification?

Bar-Code and RFID Medication Administration (C)

What is considered wisdom in the context of information usage?

Using knowledge to solve problems appropriately (A)

Which of the following concepts relates to using information for research?

Evidence-based practice (B)

What role does decision support software (DSS) play in healthcare?

It assists healthcare providers in clinical decision-making. (C)

Which option is a goal of pay for performance initiatives?

To incentivize quality and efficiency in care. (A)

What best describes the concept of knowledge in the data-information-wisdom continuum?

Synthesis of information creating a singular understanding (C)

Which is an example of evidence-based practice?

Using the latest clinical guidelines based on research findings (D)

What are some examples of classroom techniques that engage participants in Instructor-led Training?

All of the above (D)

Instructor-led Training is known for its low cost and labor-intensive nature.

False (B)

Which of the following is NOT a type of Technology-based training?

Field training (A)

Technology-based training is often more flexible than classroom training.

False (B)

What is a key advantage of On-the-job Training?

It allows trainees to learn by doing in a real work environment

On-the-job training typically requires shorter sessions compared to classroom training.

True (A)

What does a blended approach to training combine?

All of the above (D)

Blended learning is typically more expensive than classroom training.

False (B)

What are some examples of training materials that could be used in an Adjunct aids/training materials approach to training?

Job aids, email reminders, training tips, audio-video clips, or even the presence of trainers in work areas.

The Adjunct aids/training materials approach tends to be more costly than other training approaches.

False (B)

What is the primary goal of Risk Analysis in the Administrative Approach?

To identify potential threats to an organization's network and information systems

What is the purpose of Boundary definitions in the Administrative Approach?

To create a detailed inventory of Information Systems within an organization

What is the aim of Vulnerability identification in the Administrative Approach?

To uncover weaknesses or flaws in the system design that could be exploited by malicious actors.

Which of the following is a type of preventive control typically used in Security Control Analysis?

All of the above (D)

What is the purpose of Control design in Security Control Analysis?

To implement security measures like audit trails and alarms to monitor system activity and detect potential breaches.

Audit trails are primarily used to monitor system performance and identify flaws in applications.

False (B)

What is the main purpose of Data encryption in technical safeguards?

To protect information from unauthorized access by transforming it into an unreadable format.

What is the primary function of a Firewall in security mechanisms?

To act as a barrier between a network and external threats, blocking unauthorized access while allowing authorized communications.

What is the primary goal of Antivirus Software?

To detect, isolate, and remove malicious software from a computer or network.

What is Ransomware, and how does it work?

It is a form of malware that hijacks user files, encrypts them making them inaccessible, and demands payment for the decryption key.

User sign-on and passwords are the only means of identity management.

False (B)

Access on a need-to-know basis is a less important security measure compared to automatic sign-off.

False (B)

Physical restrictions to system access are primarily meant to prevent theft or unauthorized physical access to computers or data centers.

True (A)

What is the key benefit of using bar code technology in pharmacy systems?

It can significantly reduce the number of medication errors by ensuring that the correct medication is dispensed to the right patient, at the right dose, and at the right time.

What is the primary focus of knowledge discovery in databases (KDD)?

To analyze raw data for patterns and insights (D)

Which component is essential for the successful implementation of a healthcare information system?

Comprehensive workflow and process analysis (A)

What is the primary role of the steering committee in selecting a healthcare information system?

Guiding the analysis of the current system and evaluation of criteria (C)

Which aspect is critical in ensuring the quality of healthcare information?

Accuracy, consistency, and reliability of data (D)

Which approach is essential for ensuring information security in healthcare systems?

A combined administration and technical approach (D)

What is a significant factor that can lead to implementation failure in healthcare information systems?

Insufficient stakeholder engagement and communication (B)

Which component is a key focus during the strategic planning process for information systems?

Ongoing assessment of systemic needs and deficits (C)

Which factor contributes significantly to the interoperability of healthcare information systems?

Uniform coding standards and data formats (C)

According to the Office of National Coordinator for Health Information Technology (OCHIT), what are the three classifications for interoperable data?

Emerging, Pilot, National (A)

What are the two types of interoperability?

Syntactic and Semantic (B)

What is Health Information Exchange (HIE)?

The electronic movement of health-related information or clinical data that follows patients across delivery settings, according to nationally recognized standards.

What is the purpose of a clinical data repository?

To store clinical data from various sources within an organization. (A)

Which of the following is NOT considered a threat to business operation and information systems?

Increased staffing levels (A)

Which method of data backup involves replicating data to a secondary location for redundancy?

Data mirroring (D)

What is the significance of a test environment in system implementation?

It provides a platform for testing and validating system changes before deployment. (B)

The selection committee for a new information system should only include members from the IT department.

False (B)

What is a key function of a project manager in system implementation?

Defining the project's scope, timeline, and resources. (B)

What is the difference between a Request for Information (RFI) and a Request for Proposal (RFP)?

An RFI is a brief document sent to vendors to gather initial information about their products and services, while an RFP is a more detailed document that outlines specific system requirements and solicits proposals from vendors.

What is the primary responsibility of Health Information Management (HIM) professionals throughout the system implementation and maintenance phases?

Providing input and guidance on data standards and patient privacy. (D)

A primary benefit of mobile computing in healthcare is the ability to facilitate documentation at the point of care for improved accuracy.

True (A)

What are some of the fundamental driving forces behind the adoption of information technology in healthcare?

Improved patient safety, increased accessibility of information, and demands for cost-efficient care. (A)

What is the primary purpose of a Computerized Provider Order Entry (CPOE) system?

CPOE systems streamline the ordering process, eliminate transcription errors, and reduce medication errors.

What is a major function of a Laboratory Information System (LIS)?

To manage laboratory data, including test results and specimen collection. (D)

Describe the key features of a Radiology Information System (RIS)?

RIS systems allow for direct order entry, scheduling of diagnostic tests, client instruction generation, transcription of results, picture archiving and transmission, and charge generation.

Pharmacy Information Systems (PIS) primarily focus on reducing medication errors and improving medication safety.

True (A)

What are the key benefits of e-prescribing for healthcare providers and patients?

E-prescribing provides a longitudinal prescription record, checks formulary compliance and reimbursement, provides medication interaction alerts, generates reminders for refills, and eliminates phone authorization for refills.

Which of the following is NOT typically a feature of Physician Practice Management Systems?

Tracking patient medication allergies and reactions. (D)

What is the primary purpose of a Home Healthcare System?

To coordinate home health services with other healthcare providers. (D)

Why are Long-term Healthcare Systems particularly important?

To manage complex medical conditions requiring extended care. (D)

Briefly describe the goal of Decision Support and Expert Systems in healthcare.

These systems aim to guide and support healthcare professionals in making informed decisions by organizing and presenting relevant information from within the organization to enhance efficiency and improve patient outcomes.

What is the primary role of an Admission/Discharge/Transfer (ADT) system in a hospital setting?

To collect and store patient demographic and financial information. (C)

Mobile computing in healthcare primarily focuses on improving access to patient data at the point of care.

True (A)

What is a primary advantage of incorporating technology into the strategic planning process for healthcare organizations?

It allows for a more comprehensive and data-driven approach to decision-making. (B)

Describe the key stages of the Strategic Planning Process for healthcare organizations.

The key stages involve defining the organization's vision and mission, specifying achievable goals and objectives, developing strategies, setting policy guidelines, and determining products and services to be offered.

What is the primary purpose of a needs assessment in the context of healthcare system implementation?

To identify and prioritize the needs and requirements of various stakeholders within the organization. (B)

Which training approach maximizes retention and targets different learning styles?

Blended Learning (A)

Instructor-led Training is high-cost and low-effort.

False (B)

What is the primary benefit of using adjunct training materials?

They provide ongoing support and resources for learners.

_______ training uses a trainer or super user to guide learners through tasks in their work environment.

On-the-Job

Match the training approaches with their primary characteristics:

Instructor-led Training = High cost, labor-intensive Technology-based Training = Lower cost, computer/web-based On-the-Job Training = Trainer-guided, may be interrupted Adjunct Training Materials = Supplemental resources and reminders

Which type of interoperability guarantees the meaning of exchanged data on both ends of the transaction?

Semantic (B)

Which of the following statements is true regarding technology-based training?

It is less flexible than classroom training. (D)

Health information exchange (HIE) involves the movement of health-related information without following recognized standards.

False (B)

What does blended learning combine?

Web- or print-based instruction with classroom time.

The major standard for the exchange of clinical data is called _____ level seven.

Health

Match the following interoperability classifications with their descriptions:

Emerging = Newly developing standards Pilot = Trial or test stage of interoperability National = Widespread standardized implementation Syntactic = Exchanging the structure of data without meaning

Which of the following is NOT a method of entity authentication?

Network speeds (C)

Data encryption is considered a form of technical safeguard.

True (A)

What is the role of a Chief Security Officer (CSO) in an organization?

Manage security plans and influence employees.

The process of rating risks is categorized as __________, which includes high, medium, and low classifications.

risk likelihood determination

Match the following elements to their respective security categories:

Access control = Technical Safeguards Comprehensive security plan = Administrative Approach Training and support = Administrative Approach Audit trail = Technical Safeguards

Which component of a comprehensive security plan outlines procedures for monitoring and responding to security incidents?

Audit trails and alarms (B)

Role-based access determines who can access data based on their role in the organization.

True (A)

Name one method used in access authentication.

Logon passwords.

The identification of comprehensive security programs includes __________ and sensitivity classification.

information asset ownership

What is the primary purpose of audit trails in security systems?

To record user activity and monitor security violations (A)

Passwords are considered the most effective means of authentication.

False (B)

What mechanism logs a user off the system after a period of inactivity?

Automatic sign-off

A _____ is a component designed to block unauthorized access while allowing authorized communications.

firewall

Match the following security mechanisms to their descriptions:

Antivirus Software = Removes viruses from devices Ransomware = Hijacks and encrypts user files Packet Filter = Network-level filtering of data packets Proxy Server = Acts as a gatekeeper for application-level access

Which type of malware encrypts user files and demands a ransom for decryption?

Ransomware (D)

Automatic sign-off is a technique that prevents unauthorized access by logging users off after inactivity.

True (A)

What is the role of application security in cybersecurity?

To identify vulnerabilities in applications

Audit trails help in _______ electronic events for monitoring purposes.

reconstructing

What is one disadvantage of using passwords for access authentication?

They are not the most effective means of authentication (D)

What method does signature-based scanning use to identify viruses?

Organizing unique patterns or signatures of the virus (B)

Spyware installs itself with user permission.

False (B)

What is the purpose of automatic sign-off in security measures?

To minimize unauthorized access by logging users out after a period of inactivity.

The two types of processing methods discussed are ___ processing and batch processing.

real-time

Match the following security measures with their descriptions:

User sign-on = A method to authenticate user identity Physical restrictions = Limiting access to sensitive areas Audit trails = Monitoring access for accountability Proper disposal = Safely managing confidential materials

What is a primary characteristic of spyware detection software?

It collects sensitive information without permission. (D)

Batch processing occurs immediately after data is generated.

False (B)

Define multilevel generic security.

A security approach that utilizes expert analysis techniques across multiple levels.

Spyware collects passwords, PIN numbers, and ___ numbers.

account

Which of the following best describes traditional data collection methods in healthcare?

Supports daily operations but not suited for decision support (B)

Flashcards

Entity authentication

The process of verifying the identity of a person or entity trying to access a system.

Role-based access control

A type of access control that restricts access based on the user's role or position within the organization.

Audit trail

A record of all activities that have occurred within a system.

Access control

A security measure that restricts access to data and systems based on the user's identity, context, and authorization.

Preventive control

A set of security measures implemented to prevent unauthorized access, use, disclosure, disruption, modification, or destruction of information.

Chief Security Officer (CSO)

A security officer responsible for overseeing all security-related aspects of an organization's information systems.

Data encryption

A security measure that uses cryptographic algorithms to transform data into an unreadable format, protecting it from unauthorized access.

Interoperability Classifications

Defines the level of interoperability between systems, including Emerging, Pilot, and National.

Syntactic Interoperability

Focuses on the structure of data, allowing systems to exchange information but not necessarily understanding the meaning.

Semantic Interoperability

Ensures that both systems correctly interpret the meaning of exchanged data, crucial for clinical data.

Health Information Exchange (HIE)

The electronic sharing of health records across different settings, following national standards.

Health Level Seven (HL7)

A standard for exchanging clinical data, enabling better communication between healthcare systems.

Digital Imaging and Communications in Medicine (DICOM)

A standard for exchanging medical images between devices and systems.

Integration Issues

A major challenge in implementing interoperability due to differing data standards, vendor issues, and resistance to change.

Benefits of Interoperability

Improved access to patient information, better workflow, enhanced patient safety, and cost savings for healthcare.

Estimated Savings from Interoperability

The potential savings from improved healthcare information exchange can reach 5% of annual US healthcare expenditures.

Data

Raw facts and figures gathered for analysis and potential action. Think of it as the building blocks of information.

Information

Data that has been interpreted and given meaning, making it useful and understandable. It provides context to raw data.

Knowledge

The result of combining information from various sources to create a comprehensive understanding of a concept. A synthesis of information.

Wisdom

The application of knowledge to manage and solve complex problems in a wise and effective manner. It's about applying knowledge for good.

Internal Environment Analysis

The process of gathering information about the current state of an organization's systems, processes, and resources to identify strengths and weaknesses.

Technical Criteria

A document that outlines a system's performance expectations in terms of hardware and software needs, architecture compatibility, response time, downtime, and testing.

Request for Information (RFI)

A document sent to potential vendors requesting information about their systems and company capabilities. It serves as an initial step in selecting a system.

Request for Proposal (RFP)

A detailed document outlining specific system requirements and soliciting proposals from vendors. It serves as a formal invitation to bid on a project.

System Implementation

The third phase of the system lifecycle, encompassing the purchase, planning, and implementation of a new system, including the formation of an implementation committee.

Strategic planning

A process that outlines how an organization will achieve its vision.

Corporate vision and mission

The heart of strategic planning, outlining an organization's purpose and values.

Goals and objectives

Specific, measurable, achievable, relevant, and time-bound goals that guide progress towards the vision.

Strategies

A detailed plan that outlines the actions needed to achieve each objective.

Policy guidelines

The foundation for making informed decisions and guiding organizational actions.

Project manager role

The key to success in any organization.

Needs assessment

A process for identifying needs, gaps, and opportunities within an organization.

Steering committee

A group of individuals responsible for guiding and overseeing the needs assessment process.

Analysis of current system

A detailed record of the current system used by an organization.

Need identification

The process of analyzing an organization's needs to identify solutions that will improve its performance.

Instructor-led Training (ILT)

A training approach that uses a live instructor to deliver content to a group of learners in a classroom setting.

Technology-based Training

Training that utilizes technology, including computers, websites, and mobile devices, to deliver content and assess learning.

On-the-Job Training

Training that occurs in the workplace, where learners are guided through real-world tasks and processes.

Blended Learning

A training approach that combines classroom instruction with technology-based learning, creating a more engaging and flexible experience.

Adjunct Training Materials

A variety of materials used to support training, including documents, videos, and online resources.

Comprehensive Security Plan

A comprehensive security plan that outlines strategies to mitigate risks to an organization's information systems.

Risk Analysis

A systematic approach to identifying, assessing, and mitigating risks to an organization's information systems.

Boundary Definitions

A detailed inventory of an organization's information systems, including hardware, software, and networks.

Threat Identification

A list of all potential threats to an organization's information systems, including human, natural, and environmental threats.

Vulnerability Identification

Identifying weaknesses or flaws in the design or implementation of an organization's information systems.

Control Design

A security control designed to monitor and detect security violations or suspicious activities.

Risk Likelihood Determination

Assessing the likelihood of threats occurring and their impact on an organization.

Impact Analysis

Analyzing the impact of security breaches on an organization's operations, reputation, and finances.

Risk Determination

Determining the overall risk to an organization's information systems based on the likelihood and impact of threats.

Risk Control

Implementing security controls to mitigate risks to an organization's information systems.

Centralized Security Functions

A centralized function within an organization that focuses on information security policies, procedures, and awareness.

Comprehensive Security Plan

A document that outlines an organization's security policies, procedures, and responsibilities.

Information Security Policies

A set of rules and guidelines that govern the use, access, and protection of information within an organization.

Information Asset Ownership and Sensitivity Classification

The process of classifying information assets based on their sensitivity and value to the organization.

Comprehensive Security Program

A comprehensive program that encompasses all aspects of information security within an organization.

Information Security Training and User Support

Training and education programs designed to educate users on information security best practices and policies.

Institution-wide Information Security Awareness

Creating awareness about information security throughout an organization.

Firewall Protection

A hardware or software barrier that protects a network from unauthorized access.

Virus Checking

Software that detects and removes viruses and other malicious programs from computers and networks.

Ransomware

A type of malware that encrypts a user's files and demands a ransom for the decryption key.

Spyware

A type of malware that secretly collects personal information and sends it to another party without the user's knowledge.

What is data?

Raw facts and figures collected for analysis. Consider it the building blocks of information.

What is information?

Data that has been interpreted and given meaning. It provides context to raw data.

What is knowledge?

Combining information from various sources to create a comprehensive understanding of a concept. It is a synthesis of information.

What is wisdom?

Applying knowledge to manage and solve complex problems in a wise and effective manner. It is about implementing knowledge for good.

What is strategic planning?

A process that outlines how an organization will achieve its vision, including goals, objectives, strategies, etc.

What is a Request for Proposal (RFP)?

A detailed document that outlines specific system requirements and solicits proposals from vendors. It is a formal invitation to bid on a project.

What is risk analysis?

A systematic approach to identifying, assessing, and mitigating risks to an organization's information systems.

What is virus checking?

Software that detects and removes viruses and other malicious programs from computers and networks.

Technology-based Training/eLearning

A training approach that uses technology, such as computers, websites, and mobile devices, to deliver content, assess learning, and provides a more flexible and cost-effective solution than classroom training.

Information Asset Classification

The process of classifying information assets based on their sensitivity and value to the organization. Examples include confidential, sensitive, and public.

Signature-based scanning

A type of antivirus software that identifies malware based on its unique characteristics or patterns.

Terminate and Stay Resident Monitoring

Antivirus software that constantly monitors system activity and identifies suspicious behavior in real-time.

Multilevel Generic Security

A multi-layered approach to security, using expert analysis to detect and prevent malware.

Clinical Data Repository

A large database that gathers data from various sources within an organization, supporting decision-making and analysis.

Real-time processing

A method of data processing that occurs immediately or almost immediately, often used when speed is crucial.

Batch processing

Data processing that occurs at specific intervals, usually at the end of the day, when system demands are lower.

Antivirus software

A software program designed to find and remove malicious programs like viruses from computers, storage devices, and networks.

Firewall

A barrier or set of safety measures that protects a computer network from unauthorized access. It is like a gatekeeper for the network.

Automatic sign-off

A security feature that automatically logs a user off a system after a period of inactivity. It prevents unauthorized access from an unattended computer.

Passwords

A collection of characters (letters, numbers, and symbols) that users type in to access a computer system. They're like a password to access a specific account.

Authentication

A method of verifying the authenticity of a user or entity trying to gain access to a system. Ensures the user is who they claim to be.

Application security

A security measure that safeguards applications from vulnerabilities and security holes. It’s like a security check-up for apps.

Packet filter (firewall)

A specific type of firewall that operates at the network level (router) and filters data packets based on predefined rules.

Proxy server (firewall)

A type of firewall that operates at the application level (gatekeeper) and acts as an intermediary between clients and servers.

Study Notes

Training Approaches

• Five training approaches are listed: instructor-led, technology based, on-the-job training, blended approach, and adjunct aids/training materials.

Instructor-Led Training (ILT)

• Classroom techniques engage participants through active participation, group activities, hands-on exercises, and various instructional approaches to enhance attention and learning.
• Classroom training is expensive and labor-intensive.

Technology-Based/eLearning

• Uses technology to teach technology.
• Includes computer-based and web-based training.
• Web-based training is a lower-cost alternative, typically viewable on any computer.
• Less flexible than classroom training.

On-the-Job Training/Just-in-Time

• Suitable for short sessions.
• Prone to interruptions.
• May not include all necessary trainees.
• A trainer or a super user will guide the needed training.

Blended Learning

• Maximizes retention.
• Addresses different learning styles.
• Encourages active participation.
• Combines web- or print-based instruction with classroom time.
• Less expensive than classroom training.

Adjunct Training Materials

• Includes job aids, e-mail reminders, ongoing training tips, easily accessible audio-video clips, and ongoing trainer/super user presence in work areas.

Administrative Approach

• Risk analysis: risks attacking network components at any time, hence real-time management is crucial.
• Boundary definitions: detailed inventory of IS systems.
• Threat Identification: listing all potential threats (human, natural, or environmental).
• Vulnerability identification: identifying system design weaknesses or flaws/

Security Control Analysis

• Preventive control: access control, authentication, procedures.
• Control design: audit trails and alarms.
• Risk likelihood determination: high, medium, low risk rating system.
• Impact analysis: impact of security on the organization.
• Risk determination.
• Risk control

Centralized Security Functions (Administrative Approach, cont.)

• A comprehensive security plan.
• Accurate and complete information security policies.
• Information asset ownership and sensitivity classification.
• Identification of a comprehensive security program.
• Information security training and user support.
• Institution-wide information security awareness.

Chief Security Officer

• Reports to CIO.
• Manages security plans.
• Applies sanctions and influences employees.

Technical Safeguards

• Access control
• Entity authentication
• Audit trail
• Data encryption
• Firewall protection
• Virus checking

Access Control-Technical Safeguards, Cont.

• Need-to-know.
• User-based access (who and how-read, write, edit, execute, print).
• Role-based access (who and how-easily assign new application privileges).
• Context-based access (who, how, context).

Entity Authentication-Technical Safeguards, Cont.

• The process of determining if someone is who they claim to be.
• Something you know (passwords, PIN).
• Something you have (ATM cards, tokens, swipe cards).
• Something you are (biometric fingerprints, voice scan, iris or retina scan).

Access Authentication Methods (Technical Safeguards, cont.)

• Access codes.
• Logon passwords.
• Digital certificates.
• Public or private keys used for encryption.
• Biometric measures, voice recognition, fingerprints.

Passwords (Technical Safeguards)

• Collection of alphanumeric characters.
• Required after access code or user name entry.
• Assigned after successful system training.
• Inexpensive but not the most effective authentication method.

Audit Trails (Technical Safeguards, cont)

• Record system and application process and user activity of systems and applications.
• Individual accountability.
• Rebuilding of electronic transactions.
• Monitoring of problems.
• Intrusion detection.
• Security violations.
• Performance issues.
• Application flaws.

Security Mechanisms-Automatic Sign-Off

• Logs a user off the system after inactivity.

Security Mechanisms-Firewalls

• Component of computer systems/networks.
• Prevents unauthorized access but permits authorized communications.
• Software and hardware created barrier.
• Two types: packet filter (network level router), proxy server (application level gatekeeper).

Security Mechanisms-Antivirus Software

• Locates and eradicates viruses and malicious programs.
• Identifies issues in scanned devices, computers and networks.
• Includes ransomware - malware that hijacks, encrypts and demands payment for decryption keys.

Security Measures - Antivirus and Spyware

• Signature-based scanning: organizes unique virus patterns.
• Terminator and stay-resident monitoring: runs in background for application runs in foreground;
• Multilevel generic security: uses expert analysis techniques

Security Measures-Other

• User sign-on and passwords or other identity management.
• Access on a need-to-know basis.
• Automatic sign-off.
• Physical restrictions to system access.
• Spyware detection software: installs itself without permission collects passwords/PINs and sends data to third parties.

Security Measures-Proper Handling and Disposal

• Acceptable uses.
• Audit trails to monitor access.
• Encourage accuracy review.
• Establish controls for information use
• Use lock receptacles
• Shred materials with personal health details

Clinical Data Repository

• Online transaction processing (OLTP) is a traditional data collection method.
• It supports daily operations for healthcare organizations.
• Not suited for decision support; tracking patterns or trends is challenging.
• Clinical data repository is a large database that aggregates data from various application systems across an organization

Real-Time VS. Batch Processing

• Real-time processing occurs immediately for speed needs.
• Batch processing runs once daily to reduce processor demands.

Classification of Interoperability

• Emerging, Pilot, and National classifications based on the Office of National Coordinator for Health Information Technology (OCHIT).
• Top standards and implementations are in Table 14-1 (Textbook version 6th).

Types of Interoperability

• Syntactic (functional): exchanging data structure, but not meaning.
• Semantic: guarantees meaning exchange between points.

Health Information Exchange (HIE)

• Electronic transfer of health-related information.
• Clinical data follows patients across care settings.
• Follows nationally recognized standards.

Effort for Interoperability

• Health Level Seven (HL7) Clinical Document Architecture (CDA).
• European Committee for Standardization (CEN) EN 13606-1 (EHRcom).
• OpenEHR.
• Service-oriented architecture (SOA).

Integration Issues

• Massive undertaking.
• Vendors fail to deliver promises.
• Lack of agreement on standards.
• Politics and power.
  • Lack of agreement on data dictionary, data mapping and clinical data repository.
  • Fear of change.
  • Competition.

Benefits of Interoperability

• Improved access to information.
• Improved physician workflow, productivity, and patient care.
• Improved safety.
• Fully standardized healthcare information exchange.
• Estimated savings of 5% of annual U.S. healthcare expenditures

Data Exchange Standards

• HL7 is a major standard for the exchange of clinical data.
• DICOM is used for digital imaging communications in medicine.

Steps in Developing a Preparedness Program

• Program management.
• Planning.
• Implementation.
• Testing and exercise.
• Program improvement.

Steps of the Continuity Planning Process

• Business Impact Assessment or Analysis (BIA).
• Planning.
• Implementation of strategies for continuity.
• Evaluation.

Planning Process

• Secure top management support and commitment.
• Select the planning committee.
• Risk assessment: disaster types, risk range (low-high), impact, and cost of disaster, cost of replacement, and restoration, establishing processing and operating priorities.
• Data collection.
• Write the plan.

Threats to Business Operations and Information Systems (IS)

• Environmental disasters.
• Human error.
• Sabotage.
• Acts of terrorism and bioterrorism.
• High-tech crime.
• Viruses.
• Overtaxed infrastructure
• Power fluctuations and outages.
• Equipment failure.
• Operating system or application software bugs.

Data Backup

• Continuous delivery of services.
• Zero downtime options are expensive.
• Common anti-disaster protection:
  • Automated backups.
  • Off-site media storage.
  • Data mirroring.
  • Server replication.
  • Remote data replication.

Downtime or Backup Procedures

• Different means for common tasks than ordinary methods.

Recovery Cost

• Lost consumer confidence and profits.
• Temporary services, space, equipment, utilities, personnel.
• Shipping and installation costs.
• Post-disaster replacement of equipment and repairs.
• Overtime hours for staff.
• Reconstruction of lost data.

Data→Wisdom

• Data-characters, numbers, or facts to analyze and take action.
• Information-interpreted data, such as blood pressure readings.
• Knowledge-synthesis of information from many sources to create a single concept.
• Wisdom-when knowledge is used correctly to manage problems.

Forces Driving Information Technology-Push for Patient Safety

• Accurate Patient Identification.
• Computerized Provider Order Entry (CPOE).
• E-Prescribing.
• Bar-Code and RFID Medication Administration.
• Decision support software (DSS).

Forces Driving Information Technology-Other Forces

• Increase accessibility of information.
• Move towards evidence-based practice.
• Genomics.
• Demand for cost-efficient and quality care.
• Research.
• Pay for performance

Hospital Information Systems-Lecture 1

• Informatics in Healthcare Profession and Information Technology Overview

Hospital Information Systems-Lecture 2

• Ensuring the Quality of information, Electronic Communication and the Internet

System Checks

• System mechanisms to prompt user completion & verification of tasks, and prevent inappropriate input.
• Data cleansing software at entry point to verify/select "right" patients and remove redundant data.
• Force users to complete required fields.
• Alert users about duplicate entries.
• Generate reports of incomplete actions

Data Storage Considerations

• Speed/frequency of access needs.
• Environmental hazards.
• Equipment/media control and contingency planning.
• Storage periods of each record type.
• Media degradation and obsolescence of hardware/software.
• Maintenance of access devices.

Outsourcing

• Costs.
• Personnel.
• Space.
• Equipment maintenance.
• Expertise.

Quality Information

• Timely.
• Precise.
• Accurate.
• Numerically quantifiable
• Verifiable by independent means.
• Rapidly and easily available
• Free from bias.
• Comprehensive.
• Appropriate to the user's need
• Clear.
• Reliable.
• Convenient

Data Mining-Knowledge Discovery in Databases (KDD)

• Technique using software for analyzing large datasets
• Hidden patterns and relationships analysis
• Data used for research, outcomes/treatment efficacy

Hospital Information Systems - Lecture 3

• Healthcare Information Systems History and Evolution

Information Systems

• Use computer hardware/software for data-to-information conversion.
• Healthcare information systems (including hospital information systems) are groups of systems that effectively support and enhance healthcare.

Why Health Care Lags in IT

1. Health care information is complex (texts, images, graphics). No single standards procedures are present. Health terminology is complex.
2. Health care is highly sensitive and personal (confidentiality is important).
3. Health care IT is expensive.
4. US health systems are a combination of heterogeneous systems (integration is needed)

Types of Information Systems-Clinical/Administrative Systems

• Clinical Information Systems (CISs): Directly supporting care, individual systems (may be stand-alone), data exchange among systems
• Administrative Systems: Indirectly supporting patient care, individual systems (may be stand-alone), data exchange among systems

Clinical Information Systems

• Support provider order entry, results retrieval, documentation, evidence-based practice, and decision support across locations and disciplines.

Clinical Information Systems (CISSs)-Subsystems

• Nursing.
• Multidisciplinary Monitoring.
• Laboratory.
• Pharmacy.
• Radiology.
• Emergency Department.
• Physician practice management.
• Long-term care.
• Homecare

Monitoring

• Devices monitoring temperature, pulse, respirations, blood pressure, oxygen saturation, or other measures; automatically inputting into clinical information systems.
• Alarms notify caregivers of abnormal readings.

Order Entry Systems

• Orders entered into the computer, transmitted to relevant hospital areas (e.g., pharmacy, lab, radiology, social service).
• Direct entry by physician, nurse practitioner, physical therapist, etc. is preferred (CPOE).

Administrative Systems

• Client management (registration).
• Financial.
• Payroll.
• Human resources (HR).
• Quality assurance (QA).
• Contract management.
• Risk management systems.
• Materials management.

Computerized Provider Order Entry (CPOE)

• Initiative by the Institute of Medicine and the Leapfrog Group.
• To improve quality of care and reduce medication errors.
• Eliminates transcription errors, expedites treatment and increases accuracy

Laboratory Information Systems

• Turnaround time, duplicate testing, errors management
• Alert providers about new/stat test results
• Sending results to clinical systems for viewing.
• Receiving input from bedside devices.
• Generating specimen collection labels.
• Using rules for ordering additional tests.

Radiology Information Systems

• Allows order entry or acceptance of orders from other systems.
• Provides scheduling for diagnostic imaging tests.
• Generates client instructions.
• Allows transcription of results.
• Provides picture archiving and transmission of images, and image tracking after procedures done.

Pharmacy Information Systems

• Provide check in order and administration process using evidence-based guidelines,
• Errors when used with bar code technology
• Use lab results, allergy, and interaction information from clinical systems.
• Track medication use, costs, and billing information.

Pharmacy Information Systems, Cont.

• May incorporate more than one system.
• Involve pharmacy dispensing systems (robots) and unit-based dispensing cabinets in patient care areas.
• Utilize barcode and RFID medication administration.
• Incorporate E-prescribing as a process that allows physicians to enter prescriptions electronically which are then sent to the pharmacy electronically via computers and PDAs.

Barcode and RFID Medication Administration

• Quality initiative by Leapfrog Group and the VA National Center for Patient Safety.
• Uses barcodes on medication packages and patient bracelets to ensure right patient, right drug, right dose, right time, right route.

E-Prescribing Benefits

• Provides a longitudinal prescription record.
• Checks formulary compliance and reimbursement.
• Provides alerts about drug interactions.
• Generates reminders for home medications for discharged clients.
• Eliminates phone authorization for refills.

Physician Practice Management Systems

• Includes capturing demographic and insurance data.
• Facilitates scheduling, billing, outcome tracking, and report capability.
• May or may not connect to hospital electronic patient records; may maintain separate patient records.

Home Healthcare Systems

• May exchange data with hospital systems.
• Support excessive documentation demands.
• Improve payment for services; easier to find information needed for billing.

Long-Term Healthcare Systems

• Slow to develop in this area.
• Needed for enhanced care quality and efficiency.
• Important for business survival.
• Integration with other systems is essential for best patient care.
• Can include similar features as other clinical information systems

Decision Support and Expert Systems

• Aid in selecting viable options; using organizational information to facilitate decision-making and overall efficiency.
• Decision support software organizes information to suit new environments.

Registration Systems

• Admission/discharge/transfer (ADT) systems collect and store demographic/insurance data, verified at each visit.
• Crucial for accurate patient identification and reimbursement.

Impact of Mobile Computing

• Allows data access at the point of care to improve treatment decisions.
• Supports evidence-based guidelines/test results.
• Facilitates improved documentation accuracy at point of care.

Hospital Information Systems - Lecture 4

• IT Strategic Planning, IT alignment and strategic planning

Strategic Planning Process

• Define the corporate vision and mission
• Specify achievable goals and objectives
• Develop strategies
• Set policy guidelines
• Determine products and services offered for market penetration
• Articulate goals for planned outcomes and acceptable progress

Strategic Planning Process-Considerations

• Technology must be factored into the strategic plan.
• Strategic planning is an outcome of strategic thinking.

Strategic Planning

• Provides the focus for how the vision will be achieved.

Project Manager Role

• Define scope and results of project.
• Identify tasks within the project.
• Identify when tasks must occur.
• Define who is responsible for each task.
• Establish timelines for completion.
• Establish process for project decisions.
• Provide communication about project status

Needs Assessment

• Initiated by someone with a vision of the future.
• Analyzes the organization’s needs.
• Examines segments within the organization.
• Identifies deficits and issues.
• Uses data to generate a list of possible solutions for developing a timeline or Gantt chart.

Steering Committee Members

• Key process members, ensure congruence with strategic plan.
• Include representatives from all impacted departments to prevent overlooking problems.
• Incorporate end-users.
• Chair should be a member of the administration.

Committee Considerations

• Steering committee members need release time from other duties.
• Require members with functional expertise, good communication skills, and computing background.
• Seek input from consultants when needed.

Analysis of Current System

• A documented process of hardware and software produces a blueprint.
• Must involve a thorough understanding of the used information including who uses the data and its usage.
• May involve questionnaires, observation and interviews to assess the internal environment and to weigh strengths and weaknesses.

Technical Criteria

• Necessary hardware/software for desired performance level.
• Architecture type (compatibility with other systems).
• Response time.
• Downtime.
• Test/training environments.
• Support for other technologies.

Administrative Criteria

• Compliance with regulatory and legal requirements.
• Report capability.
• Ease of use.
• Purging and restoring data.
• Security levels.

Request for Information (RFI)

• Brief document for vendors to state purchase and installation plans.
• Asks for vendor system descriptions, company information (installed sites, service/technical capabilities, updates).

Request for Proposal (RFP)

• Formal document for vendors describing system requirements.
• Solicited proposals from vendors describing their capabilities to meet 'wants' and 'needs'.
• Responses used for narrowing choices.

Request for Proposal (RFP), cont.

• RFP sections may include instructions for vendors, organization objectives, organization background, system goals/requirements, vendor qualifications, proposal solutions, criteria for evaluating proposals, general contractual requirements, and pricing/support information.

System Implementation and Maintenance and Role HIM Professionals-Lecture 6

• Third phase of the life cycle.
• Begins with purchase of the system; pre-purchase planning essential.
• Implementation committee selection needed.

System Implementation Process

1. Organize the implementation team and identify a system champion.
2. Determine project scope and expectations.
3. Establish and institute a project plan.

Typical Component of an Implementation Plan

1. Workflow and process analysis: analyze/determine existing procedures/identify ways to improve processes/identify data sources from other systems/determine workstation needs/revise physical location
2. System installation: determine system configurations/order and install hardware/prepare computer room/upgrade and implement IT infrastructure
3. Staff training: train staff and trainers/update procedure manuals
4. Conversion: convert data. Data should be cleaned first. Test data
5. Communications: establish mechanism for identifying and resolving/involving stakeholders in problem solving
6. Preparation for go-live: select time for go-live when patient volume is low; ensure sufficient staffing; establish problem reporting mechanisms/process reengineering review.
7. Go-Live Planning: GoLive of the systems/implementation strategy (staggered/all); data conversion process (older data transfer); establishing the support schedule/developing evaluation procedures and procedures to request post-go-live changes

Test Environment

• Copy of information system software.
• Programmed changes tested for proper design implementation.

Implementation Pitfalls

• Underestimating time and resources.
• Continuous feature and scope creep additions.
• Considerations of maintenance costs and expenses.
• Problems with testing/user training.
• Lack of user ownership of system.

The Role of HIM

• HIM professionals input to integrate clinical and financial information.
• Understand patient data origins and contents.

HIM Responsibilities During the Analysis Phase

• Assist with identifying issues in current health record systems.
• Determine the needs of various user groups.
• Aid project team in outlining user requirements for RFPs.

HIM Responsibilities During the Design Phase

• Share knowledge about designing/implementing/using vendor systems.
• Participate/attend vendor demonstrations.
• Conduct site visits and evaluate vendors’ RFP responses.
• Provide valuable input when security and confidentiality are needed.

HIM Responsibilities During the Maintenance and Support Phases

• Evaluate the system’s impact on the department on an ongoing basis.
• Identify and communicate issues to vendors and IT personnel.
• Develop ongoing training programs.

HIM Responsibilities During the Implementation Phase

• Participate in system testing.
• Train staff on system procedures.
• Identify errors.
• Create backup and disaster recovery plans.