Healthcare Information Governance Assignment Instructions
Research health care organizations / providers that have recently had a significant information technology failure, and complete this assignment. Write a seven to eight (7-8) page paper in which you:
- Determine the key factors contributing to the failure in question. Next, analyze how the failure impacted both the organization’s operations and patient information protection and privacy.
- Analyze the leadership team’s reaction to the failure, and indicate whether the leadership took sufficient measures to deal with various stakeholder groups impacted by the failure. Provide support for the rationale.
- Take a position on whether the health care provider that you identified should either develop a custom application or select a proprietary system. Provide support for the rationale.
- Recommend at least three (3) best practices that any organization could adopt in order to avoid such a failure in the future.
- Provide support for the recommendation. Suggest how health care leaders can use project metrics and portfolio management to ensure operational efficiency and effectiveness. Provide specific examples to support the response. Analyze a government intervention into health care businesses, meant to ensure that health care and patient information is secure and thus to minimize information breaches and technology failures.
Read also Developing An Information Assurance Policy
Health Care Organizations That Had a Significant Information Technology Failure – Sample Paper
Good information technology must enhance cognitive function, provide user experience, can be customized easily and effectively to the needs of the subspecialists and specialists, must effortlessly put the essential information to the hands of the physicians, should keep eHealth information securely, help facilitate better practice of medicine and outcomes and protect patient privacy. All these attributes point to the importance of maintaining an effective information technology in the healthcare setting. The information technology with no doubt has brought improvements in the healthcare setting and has improved the level of outcomes.
Read also Issues Surrounding Personal Health Information (PHI) Ownership
However, a poorly designed information technology can bring huge loss of patient data and sometimes can cause patient data breaches as witnessed in the Health Net, which lost a hard drive that had information of close to 1.5 million members. Numerous healthcare providers have experienced information technology breakdowns in the United States.
Read also Health Information Technology In Mayo Clinic
Health Care Organizations That Had a Significant Information Technology Failure
Network Glitch at Florida Health System
In 2014, IT network failure at Florida Health system paralyzed health operations in its MHS facilities (Stuart, 2014). According to the hospital officials, the failure in the hospital hardware system paralyzed operations for about two days. A hardware failure in the three-hospital Martin Hospital in Stuart caused an unexpected downtime in the hospital’s Epic EMR and other applications. In fact, the breakdown affected thirteen of the hospital MHS facilities.
Read also Capital one Bank Data Breach – Article Analysis
Although the breakdown occurred in the evening of Wednesday, the hospital officials reported that the IT department resolved the problem and restored the services by Friday (Stuart, 2014). The hospital officials asserted that although the problem affected the Epic EMR, the cause was attributed to the hardware breakdown. The hospital spokesperson, Scott Samples asserted that the hospital had to resort to manual patient documentation and charting system, as the patient care was their priority. In the same hospital during the launch of its Epic MRC in 2011, Samples had asserted the development of proper processes to ensure patient safety and proper documentation in such processes of downtime. He pointed that the health system would follow due processes in order to ascertain the causes of the glitch and prevent such events in future.
Read also How to Address Employees to Report Privacy and Security Breaches
Sutter-Health in Northern California
As more hospitals ditch paper work for electronic record systems, more downtime glitches are reported in the United States. The other recent occurrence of a downtime on patient care is the Sutter Health in Northern California that occurred in August 2014, (Stuart, 2014). In an event similar to that of the Florida Health system, the hospital’s $1 billion Epic EMR experienced downtime that paralyzed hospital operations for a whole day. According to a press response from Sutter nurses, the glitch caused a compromise on the patient care.
The problem extended to the hospital patient data backup system and when the hospital nurses resorted to printing the patient data using the hospital’s Pyxis system, the data print out was outdated by two to three days. According to a RN at Alta Sates Summit Medical Center and California Nurses Union representative for the hospital, the patients were concerned for failure to receive their medications for a whole day. Although the downtimes were from Citrix glitch, the hospital officials denied naming the vendor (Stuart, 2014). However, they issued a statement to regret the inconvenience that was caused to the patients.
How the Failures Impacted Both the Organization’s Operations and Patient Information Protection and Privacy
The failure of the hardware in the Florida Health system paralyzed operations in its MHS. Although the hospital was able to resort to manual chart and documentation of patient data, there was likelihood that it caused many patient inconveniences due to time taken to offer medication. In addition, given that the glitch took two days to rectify, explains the extent of inconvenience and the risks it exposed the electronic medical data.
Read also A Violation of Ethical Principles Related To Managing Healthcare Information
According to (Johnson & Willey, 2011), healthcare data loses can result in social stigma and privacy violations. The failures of the Epic EMR in Florida Health system opened an avenue for consequential changes in the patient medical information. For example, changes in information such as blood type or allergies can affect patient health. Therefore, the downtime in Florida Health system exposed patient data to possible privacy breaches and improper diagnosis.
The Sutter Health in Northern California case caused a lot of patient inconvenience, although it just occurred for a day. The fact that the retrieval of patient data from hospital backup system produced data that was outdated by two to three days, meant the system failure exposed the patients to wrong diagnosis. In addition, the system opened up loopholes for data loss in the hospital electronic data storage. The reliance of the Sutter Health in Northern California in its Epic EMR meant that many of the patients were not able to receive their medications for most of the day and almost paralyzed the operations in the hospital.
Read also Impacts of Electronic Health information on Nursing Process – Presentation
The Leadership Team’s Reaction to the Failures
The reactions of the leadership in the failures that affected Florida Health system and Sutter Health in Northern California were almost similar. Both leaderships failed to own responsibility for the failures. In addition, the hospitals response failed to give comprehensive information regarding the steps the hospitals took in order to secure patient information during the time of the failures. The spokesperson for Sutter Health in Northern California just issued a statement expressing the regret for the inconvenience caused by the downtime in the hospital EMR. In addition, the hospital leadership declined to name the vendor of the Epic EMR, only for the medical representative to name it.
However, the leadership of the Florida Health system reacted by ensuring the patient care experienced minimum inconvenience, when it resorted to the manual patient data documentation and charting. The numbers of the patients in both hospitals, whose data was exposed was huge and it could easily have led to a breach of the HIPAA regulations. According to (Gamble, 2012), a number of regulations govern the Electronic Medical Records. The first legal aspect covers the risks of medical malpractice. The Florida Health system in the case above was concerned with patient care and the hospital leadership worked to ensure that minimum inconvenience was caused and that patient care was not compromised due to the failure of its Epic EMR. Its use of the manual system worked and patient care experienced minimal inconveniences.
However, the Sutter Health in Northern California use of the Pyxis system produced outdated data, which would have exposed the hospital to the breach of the HIPAA regulations governing EMR. The reactions of the Sutter Health in Northern California to resort to Pyxis system exposed the physicians against risks of medical malpractice claims, likelihood of medical errors and vulnerability to fraud claims. In addition, the failure of the hospital leadership to provide detailed information of the cause of the downtime and the steps it took to secure patient data as well as ensure patient care was not compromised, was insufficient.
Position on Whether the Health Care Providers Should either Develop a Custom Application or Select a Proprietary System
As the healthcare system in the United States adopts more electronic healthcare records (EHRs), the numbers of vendors have narrowed. In 2013, about ten EHRs vendors accounted about 90% of the HER market in the hospital sector in the country. These vendors include Epic, Cerner, Healthland, MEDITECH, Siemens, CPSI, McKesson, NextGen Healthcare, Allscripts and Healthcare Management Systems (Gregg, 2014). However, only three of the ten vendors expanded their market in 2013. These vendors include Epic, MEDITECH and Cerner. Although there are national efforts to improve safety, effectiveness and quality, there is need for the healthcare organizations to be prepared for the failures that occasionally come up with the adoption of the EHRs applications.
In regard to the failures that occurred in the Epic EMRs in Sutter Health in Northern California and Florida Health system, there is need to adopt custom applications. When an organization adopts proprietary system, there is likelihood of the laxity from the supplier company and this poses great risk in the event of any system failure. Most of the proprietary applications are one company owned and once the companies sell the copies of its software to cover its development costs, every other unit sold generates pure profit and this reduces company emphasis on innovation or efficiency (Muir, 2011). As seen in the case of Sutter Health in Northern California, the presence of the Pyxis system would provide an alternative when the Epic system failed. Therefore, there is need for Sutter Health in Northern California and Florida Health system to integrate multiple disparate systems in order to have comprehensive custom applications for their EMRs (Vest & Gamm, 2010).
Recommendation of Best Practices That Any Organization Could Adopt In Order To Avoid Such a Failure In The Future
The failures of hospital EHRs causes inconveniences to the patients and can hinder patient care (Terry, 2013). In order to avoid such occurrences as witnessed in the Sutter Health in Northern California and Florida Health system, there is need for healthcare organizations to adopt a number of strategies. The following are the recommendations, which when adopted, can help in avoiding such failures in future.
Read also NR-512 – Safeguarding Health Information and Systems
First, avoid proprietary and adopt custom applications in order to ensure the healthcare information system is interfaced with the available information technology infrastructure. As witnessed in the case of the Florida Health system, there was no backup for the healthcare records, due to dependence on the proprietary Epic application in its EMRs. The presence of backup system in Sutter Health in North California allowed an access of patient data. However, lack of interfacing with the existent hospital information technology, led to retrieval of out dated data. Therefore, there is need to interface the HIT with the existing hospital information technology in order to ensure continuity of patient care in case of a glitch.
Second, identify and mitigate risks before they occur. The hospital information and technology department should conduct system updates and regular checks in order to troubleshoot and prevent major downtimes that can derail the operations in the hospitals. The regular checks should also take into consideration the security checks in order to ensure that appropriate measures are in place in order to prevent any data loss in case of any system failure. As noted in the case of the Sutter Health in North California, the hospital patient information is very vital and it goes a long way in enhancing the work of the physicians. Making such information available all the time is very important in ensuring the continuity of patient care.
Third, exercise good governance, learn from others and past events in order to benchmark on the best practices. There is need for the senior management should ensure the organizational mission and vision are focused on efficiency, increasing quality and delivery of services in organized and cost effective way. It is with no doubt that EMRs play a critical role in enhancing vision and mission. However, there is need for the top management to support the EMR in order to realize successful implementation (Cellucci, Wiggins, & Trimmer, 2011). Most EMR failures result from its poor implementations.
How Health Care Leaders Can Use Project Metrics and Portfolio Management to Ensure Operational Efficiency and Effectiveness
The project portfolio involves the maximization of use of the available resources and organizational capabilities in order to ensure the meeting of the desired outcomes, within the constraints of technology, finance, vision and mission (van Angeren, Blijleven, & Batenburg, 2014). The project metrics are data that give a measurement of the projects. The healthcare organizations can use a combination of shrewd resource allocation and project metrics in ensuring that its operations are effective.
An organization in analysis the costs of project, selecting the project that is cost effective and providing good control measures, it can ensure a project that is efficient and affordable. In addition, the evaluation and controls in portfolio management help in prevention of inconveniences caused by failures in projects. Besides, the use of metrics ensures that the right projects are selection and implemented.
Government Intervention into Health Care Businesses, Meant To Ensure That Health Care and Patient Information Is Secure and Thus To Minimize Information Breaches and Technology Failures
The federal government through the HIPAA act has enacted a number of regulations that govern the safety of patient data (DesRoches & Miralles, 2010). The federal government through its federal stimulus package of 2009, the American Recovery and Reinvestment Act 2009 has a number of provisions as drafted in the Health Information Technology for Economic and Clinical Health Act provide an encouragement for the hospitals to adopt electronic medical records. It is evident that as much as the government provides framework for adoption of the EMR, it exercises also it other core responsibility of regulation.
The most important aspect of the healthcare security is the security of the patient information, which includes the medical information. Any lose of the patient information is not like lose of a financial card, which can be re-issued and another one issued. When patient data is lost, it can be used for impersonation or to solicit for money. Therefore, the government through the HIPAA has provided a number of regulations that protects the patient against risks associated with loss of their medical information in case of security breaches or system failures.