The healthcare organization has developed a security audit policy and procedures that hold members accountable for their actions when accessing the electronically protected health information. The current audit policy allows for the detection of unauthorized access to patients information, reduced risks that come with inappropriate access, and tracking the disclosure of the PHI. These conform to the HIPAA security rule in section 164, which require for the implementation of the procedures to review records of the information (Rezaeibagha & Mu, 2016). The current e-security policy for the organization aims at protecting the information and information systems from unauthorized access, disclosure, or destruction. The e-security policy seeks to enhance integrity, confidentiality, and availability. To achieve this, the healthcare organization has established security measures that allow for the identification and assessment of new risks and threats for appropriate actions to be taken. However, the e-security policy has a weakness because it fails to detect any unauthorized access to protected information, thus putting a risk to the electronic data. The third policy is the password policy which states what a password should look like; a combination of letters, numbers, and special characters to prevent unauthorized access. The policy also requires the change of password after every six months and use of a different password for every account. This policy has been good at promoting data protection.
For the improvement of the elements included in the design of audit trails, I recommend the following. First, the organization should maintain a useable and retrievable form audit trails that is capable of logging all access to the clinical information. Secondly, all the logs need to include the time and date of access, the user ID, and the kind of information that was accessed. This helps ensure that every access to information is identified. Lastly, since the organization also provide health care services to its staff, it should allow the employees to do audits of access to their health information.
Delegate your assignment to our experts and they will do the rest.
Critique of System Capabilities
One of the regulatory requirements for electronic signatures is a clear demonstration of consent and verification of identities. Currently, the hospital e-signature system fails to demonstrate that the patient was aware while consenting to the issue at hand. This fails to meet the regulatory requirement. The audit log of the hospital has been currently set to record the time and date of access, the user ID, and the kind of information that was accessed. This complies with the HIPAA requirements the audit log to prevent any unauthorized access to the protected information.
Critique of Human Factors
While the goal of health information technology is to enhance patient care, efficiency, and quality, significant concerns still exist on lack of integration of human factors and ergonomics in the design of the system. The hospital health information system has not been integrated with human factors and ergonomics. I recommend the training of the hospital staff so that their knowledge matches the required knowledge to perform certain tasks to achieve the specified goal. This will enhance the intellectual abilities of the users to the electronic machines used to record the health data. Secondly, I recommend the need to address the compatibility of the system behavior with the needs if the users. Enhancing the compatibility will help ensure that the human-machine mismatch, which is one of the major causes of human error, has been addressed (Schnall et al., 2016). Thirdly, I recommend the need for the hospital to emphasize on the user-centric design, which allows more control and flexibility for the users. The increased flexibility while using the machines ensures that there is a guaranteed overall performance and safety of the overall hospital system.
System’s Architecture
The hospital currently uses an enterprise model data warehouse. This type of system’s architecture is complex and involves a top-down that entails the construction of a large centralized data warehouse at the planning phase. The enterprise model warehouse requires the determination of all the data elements that will be required during the system, including data analysis on the safety and health outcome (Jaber et al., 2016). While this model is useful in meeting the objectives of the hospital, it creates additional expenses and delays due to the required transformations. As a result, it is not the most effective system architecture for the hospital to achieve its goals. Testing of the EHRs is one of the activities to ensure that there are effectiveness and safety. The hospital currently has a testing system that integrates safely testing process in the production environment. The testing system has been effectively incorporated into the EHRs testing practices, thus enhancing the safety and effectiveness of the whole hospital system. Also, the hospital has an effective interface that has been integrated with the EHRs system. This interface allows for sending and receiving of patients information, thus saving costs while at the same time increasing safety and efficiency.
Information Management Plan
One of the first issues that are significant in the operations improvement plan for a hospital is the human personnel factors. Hospital staff plays a key role in the provision of the care services to the patients. Having the right staff who are highly skilled and able to handle hospital operations is the initial step to success (Theivendran, Hassan & Clark, 2016). While focusing on the protection of patients’ electronic information, the user-centric factor still comes in. The idea of human-machine mismatch leads to an error and must be overcome through training. System choice and development can also play a crucial role in the operational improvement plan of a hospital. While planning to improve the operations, it is important to consider the system in terms of the architecture and the design as this will influence the quality and efficiency of the operations. The hospital, through the management, needs to focus on the database management and other cost-effective factors that can ensure that the overall operations and efficiency in the hospital are up to standards.
Challenges
One of the challenges that occur during the requirements gathering phase is the communication problem that occurs between the parties involved. Lack of proper communication leads to misalignment and uncertainty in the next phases, thus affecting the overall goal of the project. Areas such as the EHRs fail to achieve the required data protection due to ineffectiveness in the communication. Another challenge that comes in the system development life cycle is the management and late request additions into the system. While at some stage, the end-users may request for addition into the system, and this can lead to a rework from the top. The compatibility issue is also another challenge that comes in during the last phases of the system development life cycle. Compatibility issues are based on the user-centric factors and whether the human factors will fit into the system. In some cases, failing to consider the compatibility and usability may lead to the whole system, failing to function as planned. Testing is usually done to ascertain whether the system works as planned. However, crunch time testing can fail to ascertain the workability of the whole system leading to failure.
References
Jaber, M. M., Ghani, M. K. A., Suryana, N., Mohammed, M. A., & Abbas, T. (2015). Flexible data warehouse parameters: Toward building an integrated architecture. International Journal of Computer Theory and Engineering , 7 (5), 349.
Rezaeibagha, F., & Mu, Y. (2016). Distributed clinical data sharing via dynamic access-control policy transformation. International journal of medical informatics , 89 , 25-31.
Schnall, R., Rojas, M., Bakken, S., Brown, W., Carballo-Dieguez, A., Carry, M., ... & Travers, J. (2016). A user-centered model for designing consumer mobile health (mHealth) applications (apps). Journal of biomedical informatics , 60 , 243-251.
Theivendran, K., Hassan, S., & Clark, D. I. (2016). Improving the quality of operative notes by implementing a new electronic template for upper limb surgery at the Royal Derby Hospital. BMJ Open Quality , 5 (1), u208727-w3498.
