BHA FPX 4006 Assessment 2: Privacy and Data Breach in Healthcare Report
Sample Answer for BHA FPX 4006 Assessment 2: Privacy and Data Breach in Healthcare Report
IOM and Conceptualizing EHRs
The Institute of Medicine (IOM) played an instrumental role in the conceptualization of EHRs. One of the IOM’s vital functions in the process was to facilitate studies and creating reports for conceptualizing EHR. As Joos et al. (2019) explained, the IOM was involved in the naming process, including developing names such as electronic medical records, electronic charts, and computerized medical records. Getting such names looked forward to getting an electronic format of health records to replace paper charts. The IOM also developed the eight core functions of EHRs explaining what EHRs should perform to be functional. These core functions are relevant up-to-date and have been among the building blocks promoting EHRs’ usage in health practice.
The IOM’s Core Functions of EHR
As part of the IOM’s roles in conceptualizing EHR, it is important to examine the core functions of EHR applicable up-to-date. A leading function is health information and data characterized by facilitating immediate access to patients’ key information. Other functions include result and order management and decision support. As Zerwekh and Garneau (2020) explained, result management is founded on the principle that enabling healthcare providers to quickly access all test results (current and past) would enhance patient safety and care effectiveness. Order management involves the EHR’s capacity to enter and store orders related with tests and prescriptions among other vital services. Decision support helps to improve compliance with best clinical practices through reminders, alerts, and prompts.
Electronic communication and connectivity is among the IOM’s core functions for promoting efficient, safe, and timely communication among providers and patients. Such communication is critical for increasing timeliness of diagnoses and treatments and reducing adverse events. Patient support involves tools that enable patients to access their health records. A suitable example of such tools is patient portals. Zerwekh and Garneau (2020) noted that patient support provides interactive patient education to facilitate home-monitoring and illness management and control. Administrative processes include computerized tools in the administration processes such as scheduling systems to improve efficiency and offer timely services. Reporting is employing uniform data standards to respond to reporting requirements as stated in the federal, state, and private requirements.
Computer-Based Patient Record Institute (CPRI) and EHRs’ Conceptualization
Like the IOM, the role of Computer-Based Patient Record Institute (CPRI) in conceptualizing EHR was characterized by commitment towards health care evolution. CPRI worked towards computerizing patient records and engaged stakeholders to develop the basic components of a computer-based patient record before the name changed to EHR. As seen in the case of the IOM, the basic components of EHR became the building blocks for a complete, functional, and fully integrated EHR. Together with the IOM, CPRI defined the elements of an EHR system enabling developers to come up with systems that would facilitate information storage and sharing within and across health organizations. The IOM and CPRI also standardized the requirements and formats of what a functional system should encompass.
Need a high-quality paper urgently?
We can deliver within hours.
The HITECH Act, EHR Design, Use
An Act is a policy intervention to encourage, regulate, or control something. According to Onyejekwe et al. (2019), the HITECH (Health Information Technology for Economic and Clinical Health) Act was established to promote information technology in healthcare as EHRs’ use becomes the standard. Signed into law in 2009, the HITECH Act is part of the American Recovery and Reinvestment Act. Onyejekwe et al. (2019) further explained that the HITECH Act fixed some loopholes in the HIPAA Act by tightening the language to ensure that third party associates complied with HIPAA rules. The other major feature of the HITECH Act is requiring healthcare organizations to notify patients or health plan members in case of a breach in their files. The HITECH Act also introduced harsher penalties for HIPAA non-compliance.
The HITECH Act- Impact on EHR Design and Use
When it comes to the design, the HITECH Act ensures that EHR’s basic structure (architecture) complies with the HIPAA Privacy and Security Rules. The other basic consideration is safeguards to uphold privacy and confidentiality of patient information maximally. On the use of EHRs, the HITECH Act advanced the HIPAA Act that gave patients the right to their health information by obliging healthcare providers to give patients EHRs’ copies and share them with other providers appropriately (Onyejekwe et al., 2019). The HITECH Act also regulated use and disclosure by third-party associates by requiring patient consent when using electronic health information for non-health purpose. Patients can also revoke previously given powers.
Benefits of the HITECH Act
The benefits of the HITECH Act in healthcare delivery are profound. Considering the implications of data loss and misuse, the HITECT Act introduced comprehensive cybersecurity protections to secure data. The Act also requires patients to consent when their data is being used or accessed by third parties, making it more secure. Generally, transitioning to electronic health records from paperwork is a great step towards quality healthcare which is further improved by enabling data sharing and protection. Giving patients the right to access information also ensures that they are centrally involved in health management. Importantly, incentives under the HITECH Act encourage EHRs’ use, a significant step towards healthcare evolution.
The HITECH Act: Challenges
Despite its role in enhancing security, the HITECH Act is associated with several challenges at implementation and user levels. One of the leading challenges is the cumbersome transition from paper to electronic files associated with HIPAA and HITECH compliance (Onyejekwe et al., 2019). Electronic health records also require frequent and costly updates. Other cost implications at the organizational level include IT training of healthcare professionals to ensure that they have appropriate skills and knowledge to handle EHRs and remain compliant. As healthcare continues being more data-reliant, the threat of data breaches increases proportionately. Such problems are further associated with professionals’ concerns over liability since healthcare professionals are responsible for misconduct related to data use and safety.
Promoting Interoperability
For electronic health records to be used in full potential, they must be designed in a way that enables information exchange conveniently, accurately, and securely. According to Shull (2019), EHR’s interoperability represents the architecture, features, or standards that facilitate convenient information exchange between providers (Li et al., 2021). Interoperable EHR systems are defined by features that enable more output and convenience in use such as better workflows and reduced ambiguity. Such functions imply that different users can connect and share data without many hindrances. Overall, the quality of care improves since the right data is available when needed for use by different healthcare professionals.
Security Measures
Various security measures can be used to ensure that EHRs and associated systems function appropriately and do not risk patient data. One of the effective security measures under the key HIPAA recommendations is creating access controls. Main tools include passwords and PIN numbers, limiting access to a patient’s electronic protected health information (ePHI). The other appropriate measure is ePHI’s encryption to make it unreadable and difficult to understand unless accessed by the authorized person with a decryption key. An electronic audit trail function also effectively secures EHRs. The trail determines who accessed ePHI without proper authorization. Records accessed and changes made are also trailed.
Proactive interventions are also recommended to secure EHRs. A suitable measure under this category is conducting a security risk analysis. In information systems, a security risk analysis denotes the systematic examination the processes and architecture to identify potential security weaknesses and flaws (Wanyonyi et al., 2017). Other reliable measures include firewall and data backup. A firewall monitors incoming and outgoing network traffic as the gate between the EHR and the internet. Securing EHRs through a firewall implies that only trusted internal networks are allowed entry. Data backup is among the straightforward and universally applied security measure. It allows data retrieval in case of data loss since the data is copied and archived.
References
- Joos, I., Wolf, D., & Nelson, R. (2019). Introduction to computers for healthcare professionals. Jones & Bartlett Learning.
- Li, E., Clarke, J., Neves, A. L., Ashrafian, H., & Darzi, A. (2021). Electronic health records, interoperability and patient safety in health systems of high-income countries: A Systematic Review Protocol. BMJ open, 11(7), e044941. http://dx.doi.org/10.1136/bmjopen-2020-044941
- Onyejekwe, E. R., Rokne, J., & Hall, C. L. (2019). Portable health records in a mobile society. Springer.
- Shull, J. G. (2019). Digital health and the state of interoperable electronic health records. JMIR Medical Informatics, 7(4), e12712. https://doi.org/10.2196/12712
- Wanyonyi, E., Rodrigues, A., Abeka, S. O., & Ogara, S. (2017). Effectiveness of security controls on electronic health records. International Journal of Scientific & Technology Research, 6(12). https://www.ijstr.org/final-print/dec2017/Effectiveness-Of-Security-Controls-On-Electronic-Health-Records-.pdf
- Zerwekh, J., & Garneau, A. Z. (2020). Nursing today-e-book: Transition and trends. Elsevier Health Sciences.