Don't use plagiarized sources. Get Your Custom Essay on
Information Systems for Electronic Health Records
Just from $13/Page
Health Service Executive
(HSE)
EHR – Electronic Health Records
Contents
Introduction……………………………………………….3
Introduction to the organisation……………………………………3
EHR – Electronic Health Records……………………………………4
Review of current organisation/sector………………………………..4
Vision/ Goals of Organisation……………………………………..5
EHR – a pillar of eHealth Strategy…………………………………..5
Key components of the EHR………………………………………6
ICT within healthcare reform……………………………………..7
IT structure and approach to IT (estimate)………………………………7
PESTEL…………………………………………………..8
SWOT Analysis………………………………………………9
Stakeholder Analysis…………………………………………..9
The key stakeholders are:……………………………………….9
Risks…………………………………………………..10
The below key risks have been identified, with the risk to data security being the main one…10
Risk Review /mitigation / controls / effectiveness of controls ………………….12
References……………………………………………….18
Appendixes……………………………………………….20
a)E-Health org structure……………………………………….20
Information Management Systems (IMS) offer many advantages and opportunities if they are set up properly and managed and controlled effectively and are supporting an organization’s work. The scope of the IMS is determined by the needs and expectations of the stakeholders.
As laid out in detail on their website http://www.ehealthireland.ie/, the HSE’s new e-health strategy includes the setup of an IMS of Electronic Health Records (EHR) nationwide i.e. for the whole of Ireland.
Availability of personal data, in this case patient health records, offers a lot of benefits but at the same time puts the security of this data at risk. The bigger the volume of data and the higher the number of people accessing the personal data of individual patients, the higher the risk to data security and the exposure to external threats. Increased benefits for patient healthcare, socio-economic benefits and new opportunities go hand in hand with increased risks and vulnerability of the system.
An IMS of that scale i.e. on the national level, creates a challenge for Information Management System Security (IMSS) and IT. It requires an architecture that champions data security and compliance with GDPR.
Such a system requires buy in from management, stakeholders and staff as well as expert solution architects and substantial, continuous government funding during the length of the project.
As the HSE is a public service organization, compromised data and data leaks will result at least in loss of faith in the EHR IMS amongst the public and potentially also in a loss of trust in any medical evaluations and treatment programs designed which are based on electronic patient records. In the worst case scenario compromised health records can result in loss of life.
Therefore, data security is the most important concern which if compromised will destroy the public’s trust in the HSE and its new e-Health strategy irreparably and will jeopardize the vital buy-in from management and stakeholders.
According to a research study commissioned by McAfee (Samani, 2016) patient records are a most wanted commodity in the dark web and the EHR IMS will need to prevent and address such external threats if it is to succeed in supporting the organization’s work.
This paper will discuss benefits, opportunities and the cost associated with EHR as well as the risks which will, if not controlled, cancel out any possible benefits and advantages. It is this aspect of looking into benefits and gains versus high risk to data security that makes the EHR so interesting from an IT perspective.
As the general public / patients are amongst the stakeholders the HSE’s eHealth initiative should be of concern and interest to everyone.
The HSE is responsible for providing all public health services in Ireland in hospitals as well as local communities throughout Ireland.
Goals of the HSE:
Providing health services as well as social care services all over Ireland
Deliver the best health services and medical care to everyone in the country
Ensuring access for everyone in Ireland to save and quality care
In response to advances in technology and increased internet usage as well as demographic and other factors, changes in healthcare are required urgently to support the goals set by the HSE.
A new strategy for the healthcare sector is required to address these changes and also to meet the challenge set by the EU’s task force report “European Union eHealth Action Plan 2012-2020”(2012). The aim of this study and EU strategy is to provide access to high level healthcare for all European citizens.
Part of the organisation’s new strategy is eHealth, with the EHR (Electronic Health Record) initiative at its core. Patient records will be available online for all medical professionals in order to increase efficiency of the healthcare delivery systems as well as to drive economic growth and development by providing better care for the individual patient.
In the centre of the new healthcare delivery system is the patient and the patient will be empowered to pursue their health and wellbeing and the provision of the healthcare services.
What is eHealth (Electronic Health)? It demands the integration of all the information and sources of information which are involved with the delivery of healthcare through technology Information Management Systems.
Amongst others, this includes patients and their health records as part of a digital supply chain which involves a high level of automation as well as the sharing of information.
Organisation Structure
The HSE employs over 100,000 people, whose job it is to run all of the public health services on a national level in Ireland. As patients are at the centre of this organization, the HSE manages its services through a structure that is designed to support that. An overview of the principles, policies, procedures and guidelines can be found in the HSE Code of Governance.
It’s by these Policies and Guidelines that the HSE directs and controls its functions and oversees its business. This code is meant to guide the Directorate, leadership groups/teams and everybody else working with the HSE as well as the agencies funded by the HSE, in doing their duties to the greatest standards of responsibility, integrity and propriety.
Representatives from city and county councils are organized respectively in four Regional Health Forums. The below org chart (Figure 1) which can be found on the HSE website (https://www.hse.ie/eng/about/who/) gives a more detailed insight into the HSE structure.
Figure 1 – HSE org chart – https://www.hse.ie/eng/about/who/ – last accessed 23-12-2018
Strategy of Organization
Introduction of a national EHR (Electronic Health Records) system / IMS (Information Management System)
This is part of the Integrated Services Framework (ISF) to bring standardization to the HSE’s specialised, application and information architectures. This is also part of the e-Health strategy for Ireland.The access to high quality, accurate and timely information is essential to efficient medical staff and patient relationships resulting in improved results.
EHR – a pillar of eHealth Strategy
The production and sharing of crucial patient data lie at the center of the national EHR solution. This alternative will unite core operational options (with functions like ePrescribing and Case Management), in addition to the aggregation of information from such systems into a comprehensive nationwide document, which is available to health and healthcare professionals, service users and carers. The availability and accessibility of patient information across the various organizations with the remit of the HSE – this opportunity will be offered by the EHR system as one of the pillars of the eHealth strategy.
The programme is currently focused on the design of the overall implementation strategy and roadmap that:
Combines pragmatic use of existing systems
Meets Special needs like the Introduction of the Children’s Hospital Group as a ‘Electronic/digital hospital’ at 2019
Supports HSE reform’s broader objectives
Extends the capability offered across care settings and organisations in A phased strategy.
This design stage will require extensive consultation with clinical, administrative, managerial and technical stakeholders to make sure the layout is directed by the requirements of those groups with the required support to guarantee success in future installation. This is a complicated and large transformation programme, requiring a substantial investment within 10 – 15 decades.
As outlined in the National Business Case (9), the below 4 key components constitute the National EHR for Ireland:
Community Operational Systems
Acute Operational Systems
Integration Capability
Benefits of EHR
There are a number of potential benefits of a national EHR IMS. Amongst these are increased patient safety and high quality of care, lower risk of error in diagnostics and treatments as well more efficient administration and socio-economic benefits. This valuable knowledge database based on the collection of data facilitates advanced medical knowledge and so much better management of disease and healthcare planning.
Figure 2 – EHR benefitshttp://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/
Background
The HSE has experienced serious issues in the past with for example long waiting lists for medical care by patients and increased costs (, EHR-Vision-and-Direction)
According to a recent article in the Irish Times (https://www.irishtimes.com/news/ireland/irish-news/rcpi-calls-for-implementation-of-electronic-health-records-1.3504892), the Royal College of Physicians of Ireland (RCPI) has supported the call for the full implementation of electronic patient records, stating such a move would help to protect patient privacy. Data privacy has and still is an issue as patient records exist in paper format, are at times exposed to staff who have no need to access these.
Future delivery of health care
A new thing called “eHealth Ireland” will be created, originally in an administrative basis inside the System Reform Group (SRG) of the HSE. The Chief Information Officer (CIO) who will work closely with each one the major business organisations within the healthcare, so as to push the eHealth strategy and make sure that key IT systems have been implemented on time and to budget.
A new IT strategy for the health system as by state and government Health Information and Quality Authority (HIQA) a including financing, legal agencies like the Health Services Executive ICT Directorate and SRG, the Empowering, public awareness, stakeholder participation and construction the eHealth Ecosystem.
Figure 3 – national EHR system – http://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/
A national Electronic Health Record (EHR) has been identified by HSE while technology solutions are a key component, the national EHR programme represents a substantial transformation in the use National Directors and clinical leaders as a key component requirement for the future delivery of healthcare. There’ll be a main focus on the way clinicians and administrative personnel utilise this technology in a manner that closely aligns with and underpins the ambition for Integrated care and other national healthcare reform priorities.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing Service
ICT within healthcare reform
ICT is going to be an element in healthcare reform. Ireland is put within an ambitious journey at the reform of health care in recognition of their need to radically alter health provision to meet with the challenge of providing sustainable high excellent care for the whole population. Knowledge and information are a core strength of the health systems and the development and application of the advantage in an efficient manner is vital to improving performance throughout the system. The capacity to document and discuss crucial information on individuals’ and service users’ interaction across businesses and care settings is an integral part of eHealth and provides advantages for individuals, service users, carers, health and social care professionals and broader stakeholders from the healthcare. The programme intends to exploit the capacity of ICT to become consistent in our delivery of better, safer and more, personalised care.
IT resources
IT Manager, Technical and Solution Architects, IT Project Manager, IT engineers
3rd party software development / implementation vendors (vetting in progress)
Facilities
Hospitals, starting with the National Children’s Hospital
Equipment
Smartphones
Laptops
Tablets
Budget
The HSE / EHR is dependent on government funding and budgets will be allocated as below over the next couple of years:
The Minister for Health has vowed to bring proposals to government in coming months about how to move this program forward and it’s planned that the first hospital setting to get an electronic health record (EHR) will be the New Children’s Hospital in Dublin.
The Government will spend $60 million on health IT at 2018, $70 million in 2019, $85 million in 2020, $87 million in 2021.
The Government Intends to spend $55 million on health Services Information and communications technology (ICT) in this year and next year The HSE recently filed a business case for a national EHR for Ireland, which can offer for a digital platform round the acute, community and primary care places, allowing the connectivity required to support models of integrated care, €412 million will be spent over six years.
Definition: A PESTEL, PEST or PESTLE analysis is a framework or tool used to analyze and monitor the macro-environmental factors that have an impact on an organization. The result of which is used to identify threats and weaknesses which is used in a SWOT analysis.
PESTEL Analysis
Political
Economical
Social
Technological
Environmental
Legal
Government funding
EU
Services from 3rd party vendors
general public, medical staff, HSE admin staff
ever changing technology
external factors such as natural disaster
GDPR*
ROI
IT expertise
system architecture
digitalization, broadband
*GDPR: “General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.” (https://www.dataprotection.ie/en)
Definition: SWOT analysis is a strategic planning technique used to help an organization identify strengths, weaknesses, opportunities, and threats related to project planning.
SWOT
Strenghts
Weaknesses
Opportunities
Threats
qualified and experienced healthcare admin staff & medical professionals (GPs etc.)
dependency on government funding
co-operation with other departments/organizations for better services
rapidly changing technology
nationwide network
no such system exists yet
new funding initiatives for improved IT infrastructure
budget deficits
extra ordinary IT infrastructure
delays in implementing system fully
efficient training and educational programs for staff & medical professionals
un-necessary political intervention
efficient & fast service e.g. access to patient health records
delayed ROI
initiatives for better management
data security leaks
improved treatment/ health of patients
Dependency on 3rd party vendors
economic opportunity through the use of technology enabled solutions
data integrity issues
Office of the Chief Information Officer (IT etc.)
General public (patients)
Medical Professionals (Hospitals, GPs, Ambulances etc.)
Admin / Clerical
Department of Health / Minister of Health
PR / Head of PR & marketing
Confidentiality
Information security breach
Integrity
Incorrect and /or missing data / data quality issue
Availability
Project delays / system not ready when needed
External & functional threats resulting in loss of data/ unavailability of data
Insufficient architecture
Loss / disruption of funding
Lack of competence of 3rd party vendors
Risk / Effect review
Confidentiality
Cause: Information security breach
There is a high demand for medical records on the black market as they are more valuable than financial records. Electronic health records can sell for as much as €40, compared to just €1 for credit cards in the dark web. Medical records are more valuable because their theft is harder to detect and more difficult to resolve and medical history cannot be cancelled.
Effects:
Individual patient data is available to others – GDPR violation by the organization (legal) as well as identity theft (criminal); loss of reputation of organization as well as possibly loss of funding
Integrity – Data Quality Issue
Cause: Human error due to unskilled resources/sabotage; lack of buy-in; due to external hacking
Effects:
Results in potentially wrong medication/treatment of patients caused by compromised data Blackmail/ phishing attempts threatening data integrity
Availability – external threats
Effects:
• Loss of data; data not accessible when needed affects patient care / service provision
• System failure
• IT architecture issues i.e. IT not delivering expected outcome
• Technology not up to date; technical vulnerability
• Planning, delay of implementation i.e. system not available when needed = financial impact
• Loss or disruption of funding & ROI issues
To ensure risks are reviewed, controlled and measured on a regular basis it is essential to create and maintain a risk register.
A risk register should state the risk, the controls in place and the measuring of the effectiveness of these controls.
Management support and buy-in are essential in managing risks and controls / improvements as lack of support filters down to other stakeholders and negatively affects the whole IMS implementation and maintenance process.
Please find the three main risks plus controls and how the effectiveness of these is measured below:
Confidentiality – Information security breach
Risk Mitigation: Set up a system of user access controls
Data security education of users
Set up system of controls
Create access control policy
Circulate access control policy amongst all users as compulsory reading
Raise awareness regarding unauthorized access requests, e.g. Phishing emails
Measuring of effectiveness of controls
Send fake phishing emails to see who clicks on the links
Get all users to docu sign the access policy and certify awareness
Visual inspection – check for exposed / written passwords
Implementation of user access control system
Set up system of controls
Register IP addresses and associated passwords to check if a different IP address is used
Password encryption – minimum of 2 passwords
Requirement to change passwords once a week
Privacy screens on laptops & monitors
Limited network access on a per need basis which is password restricted
Technology always up to date to prevent vulnerability i.e. unauthorized external access
Sophisticated / best of anti-virus software / malware protection in use
Measuring of effectiveness of controls
Run log file to check passwords used against IP addresses
Visual inspection at facilities – check hardware in use for privacy screens
Engage professional hacker to test vulnerability of system / network and performance of malware protection when simulating a zero day attack
Send regular updates to users of the latest security threats and how to avoid them
Continuous improvement
Learn from any security breaches and constantly review and adjust controls
Integrity – Integrity Issue
Set up system of controls:
Staff competency – training of users entering and managing data on system use
Create quality and security objectives (management) and circulate tom raise awareness
Ensure buy in of staff to provide high quality of data into the system
Completeness of data / timeliness of data in system – funding to be secured
Planning for contingencies timewise
Management buy in
Enough resources no overworked staff etc
Raise awareness regarding unauthorized access requests, e.g. Phishing emails
Raise awareness of blackmail to corrupt data
Measuring effectiveness:
Send fake phishing emails to see who clicks on the links
Quarterly financial reports (P&L)
Status reports (weekly) to check if project implementation milestones are being met
QA data entered to ensure quality & integrity of data
Send regular updates to users of the latest security threats to data integrity and how to avoid them
Continuous improvement:
Retrain users, run refresher sessions of training
Update / improve training documentation
Availability – external threats
Set up system of controls:
• Monitor project milestones
• Manage & monitor financials
Facility inspections / test – check for vulnerabilities to environmental threats such as flooding, defect facility equipment, fire hazards physical e.g. water damage
Create emergency response plan & engage all necessary stakeholders to ensure awareness
Ensure systems are fully functioning
Manage Hardware functionality & to ensure latest OS appliance and performance
Trigger regular OS updates to ensure latest security protection patches & upgrades are applied
Implement sophisticated malware protection system
Effectiveness of resolution
Run log files to identify users that haven’t installed latest updates
Simulate an emergency and test emergency contingency plan effectiveness e.g. fire drill
Test system functionality and run performance reports to be aware of any deviations that could indicate an upcoming malfunctioning
Keep inventory of hardware and users assigned to as well as life time of hardware devices
Install intrust detection systems
Password policy in place
Install VPN systems, encrypt Wi-Fi and general hospital traffic and use firewall technology where needed.
Continuous improvement
Simulate different scenarios of emergency and try to increase response time
Constantly compare malware protection options available to ensure you have the best one
All three categories have an impact on the overall success of the IMS EHR system. Effectiveness results in cost reduction, better health care and patient satisfaction as well as a sophisticated IT infrastructure and expert resources.
Summary
If risks are properly managed the EHR offers immense opportunities to digitalize and improve the Irish National healthcare system in a sustainable way. The scale of the project is a concern and a huge challenge for Solution Architects and IT but as well as HSE management and key stakeholders but even if challenges occurr improvement from the current decentralized system will be achieved.
1) https://www.hse.ie
2) https://www.hse.ie/eng/about/who/
3) Samani, Raj (2016) Health Warning Report, https://www.mcafee.com/enterprise/en-us/assets/reports/rp-health-warning.pdf
4) http://www.ehealthireland.ie/Strategic-Programmes/Electronic-Health-Record-EHR-/
5) http://www.ehealthireland.ie/Knowledge-Information-Plan/eHealth-Strategy-for-Ireland.pdf
6) Carroll, Aine and Corbridge, Richard (2015) National Health Record – Vision and Direction.
http://www.ehealthireland.ie/Library/Document-Library/EHR-Vision-and-Direction.pdf
7) https://www.imt.ie/
8) https://www.imt.ie/news/e412-million-it-spend-due-by-2022-14-12-2016/
9) https://www.hse.ie/eng/services/publications/pp/ict/access-control-policy.pdf
10) https://www.dataprotection.ie/en
11) eHealth Action Plan 2012-2020: Innovative Healthcare for the 21st Century. European Commission 2012, Com (2012)
Carroll, Áine and Corbridge, Richard, (2016), National Electronic Health Record – Strategic Business Needs
1) Caselet-1-Risk-Identification_res_Eng_0415
2) Caselet-2-Risk-Assessment_res_Eng_0415
3) Caselet-3-Risk-Response-and-Mitigation_res_Eng_0415
4) Caselet-4-Risk-and-Control-Monitoring-and-Reporting_res_Eng_0415
Figure 4 – (Carroll & Corbridge 2015)
