MHA6120 failures in HIT implementation

MHA6120 failures in HIT implementation

Instructions/Descriptions

MHA6120 failures in HIT implementation

[Order Now]

MHA6120 WEEK 4 LECTURE 1

MHA6120 WEEK 4 LECTURE 1

HIT Project Portfolio Management

The literature is replete with reports of failures in HIT implementation in the recent past. Konkel (2018) noted that the Veterans Affairs Department wasted almost two billion dollars for upgrading to an integrated electronic health record (EHR) and improving the Veterans Health Information Systems and Technology Architecture between 2011 and 2016. Failure can be costly and may lead to organizational financial instability.

Pros and Cons of HIT Implementation

Review each tab to learn more.

• Benefits
• Reduces paperwork
• Provides accurate information to those involved in the care of patient
• Facilitates the coordination of care regardless of the location
• Provides patients with direct access to their medical records
• Improves the diagnosis and health outcomes
• Reduces errors, thus improving patient outcomes
• Improves the risk management and processes for quality improvement

References:

HealthIT.gov. (n.d.-a). Benefits of health IT. Retrieved from https://www.healthit.gov/topic/health-it-basics/benefits-health-it

HealthIT.gov. (n.d.-b). Improved diagnostics and patient outcomes. Retrieved from https://www.healthit.gov/topic/health-it-basics/improved-diagnostics-patient-outcomes

• Causes
• Cost reduction
• Improved communication in patient management
• Improved workflow
• Timeliness in diagnosis and treatment
• Patient safety
• Integration of key clinical and business processes

The common contributing causes of failures include silo project mentality where there is no effective consideration on the influence of the IT project to other preexisting and currently implemented systems that are interdependent (Glandon, Smaltz, & Slovensky, 2013).

HIT project portfolio management is a concept that introduces mechanisms to prevent costly failures from silo project mentality. It could be likened to an orchestra where a conductor hears and listens to every beat of an instrument and makes adjustments and corrections as necessary by getting every single player play his or her instrument with harmony in order to achieve the best possible music. In healthcare, as we know, there are complex clinical and business processes that are interdependent. For example, an EHR application must support clinical documentation that will identify the principal and secondary diagnoses as well as the severity of illness and intensity of services (pharmacological management, laboratory, radiology, etc.) to support appropriate and correct medical coding and case management review in evaluating utilization of services for regulatory purposes as well as financial reimbursement.

HIT Process

A professionally trained project manager will provide the best outcome in adopting the five key processes of HIT project management.

An HIT project management process by Glandon et al. (2013) includes:

Review each process to learn more.

Project Initiation

Commencing of the project after authorizing a new or upgraded project.

Project Planning

Definition of the objectives, scope, and plan of action to achieve the desired outcomes.

Project Execution

Actions to complete the work defined in the project planning process.

Project Monitoring and Controlling

Measurements designed to assess how well a project is being executed per the budget and deliverables as well as to alert project managers about the potential corrective actions that might be necessary from time to time.

Project Closing

Actions to terminate all activities associated with the project formally either by delivering a finished product or by ceasing effort on a canceled project.

Reference:

• Konkel, F. (2018, January 31).Veteran’s affairs wasted closer to $2 billion on failed IT projects. Retrieved from https://www.nextgov.com/it-modernization/2018/01/veterans-affairs-wasted-almost-2-billion-failed-it-projects/145626/

[Order Now]

Additional Materials

From your course textbook, Information Systems for Healthcare Management, review the following chapter:

• HIT Project Portfolio Management

From the Internet, review the following:

• Keshavjee, K., Manji, A., Singh, B., & Pairaudeau, N. (2009). Failure of electronic medical records in Canada: a failure of policy or a failure of technology?Retrieved from https://www.researchgate.net/publication/24311775_Failure_of_electronic_medical_records_in_Canada_a_failure_of_policy_or_a_failure_of_technology
• Konkel, F. (2018, January 31). Veteran’s affairs wasted closer to $2 billion on failed IT projects. Retrieved from https://www.nextgov.com/it-modernization/2018/01/veterans-affairs-wasted-almost-2-billion-failed-it-projects/145626/
• Noraziah, C. P., & Noorhayati, M. J. (2018, April). A prevention model for the failure of hospital information systems in Malaysian government hospitals. Retrieved from https://www.researchgate.net/publication/324692054_A_Prevention_Model_for_the_Failure_of_Hospital_Information_Systems_in_Malaysian_Government_Hospitals?enrichId=rgreq-53cce9496f7aa7742da2a84f8a6112cb-XXX&enrichSource=Y292ZXJQYWdlOzMyNDZ5MjA1NDtBUzo2MTg0NjI3NTgwNjgyMjVAMTUyNDQ2NDQyMDI0Mw%3D%3D&el=1_x_3&_esc=publicationCoverPdf

Healthcare Information System Security and Organization

The HIPAA privacy rule was required in April of 2003. Two years later, the HIPAA security rule was implemented due to the increasing HIT implementation and growth in the exchange of protected health information between covered entities as well as noncovered entities such as Health and Human Services (HHS, 2013). The purpose of the security rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (HHS, 2013).

The HIPPA security rule is divided into three categories: administrative, physical, and security technical safeguards.

Administrative Safeguard Standards according to HHS (2007a) include:

• Security management functions
• Risk analysis
• Risk management
• Sanction policy
• Information system activity review
• Assigned security responsibility
• Workforce security
• Information access management
• Security awareness and training
• Security incident reporting
• Contingency plan
• Evaluation
• Business associate contracts and other arrangements (HHS, 2007)

Physical Safeguard Standards include:

• Facility access controls: contingency operations; security plan, access control and validation, and records maintenance
• Workstation use
• Workstation security
• Device and media controls: disposal, reuse, accountability, and data backup and storage (HHS, 2007b)

Security Technical Safeguard Standards include:

• Access control
• Unique user identification
• Emergency access procedure
• Automatic log-off
• Encryption and decryption
• Audit controls
• Integrity
• Person or entity authentication
• Transmission security
• Integrity controls
• Encryption (HHS, 2007c)

In addition to the above-mentioned technical safeguards, the HIPAA security standards also include the following standards (HHS, 2007c):

• Organizational requirement
• Business associate contracts
• Other arrangements
• Requirements for group health plans
• Policies and procedures
• Documentation
• Time limits
• Availability
• Updates

The Office for Civil Rights (OCR) is responsible for enforcing HIPPA privacy and security rules as well as investigating HIPAA security violations (Wager, Lee, & Glaser, 2017). In the last twenty-four months, the OCR (2018) is investigating violations of 405 covered entities. HIPAA security rules violations include, but are not limited to:

• Hacking/IT incident
• Unauthorized access/disclosure
• Theft
• Loss of portable electronic device
• Improper disposal

Fines imposed are according to the category of violation (Wager et al., 2017). To date, the largest HIPAA security fine was levied at Advocate Healthcare for lack of appropriate safeguards, in the amount of 5.55 million dollars in August 2016 (Wager et al., 2017).

It behooves healthcare-covered entity to organize security programs that will identify potential risks and implement risk management processes that will mitigate security risks (Wager et al., 2017).

The Office of the National Coordinator for HIT (ONC, 2015) offers the following security management processes for healthcare providers:

• Lead your culture:
• Designate a security officer.
• Discuss the HIPAA security requirements with a developer/vendor.
• Consider a qualified professional to assist in security risk analysis.
• Use tools to preview risk analysis.
• Refresh your knowledge base of HIPAA security rules.
• Promote a culture of protecting patient privacy and securing patient information.
• Document your processes, findings, and actions.
• Review existing security of PHI (Perform Security Risk Analysis).
• Develop an action plan.
• Manage and mitigate risks.
• Attest for meaningful use of security related objectives.
• Monitor, audit, and update security on an ongoing basis.

Wager et al. (2017) reported that there is an increasing number of healthcare data breach being reported due to cybercrime in the last few years. In fact, 47% of the 405 cases under investigation by the OCR in June 2018 are related to hacking incidents. Organizational vigilance to new IT security threats must be addressed with or without HIPAA rules. The safety and security of clinical and business information is paramount in the provision of safe and quality care for our patients and the community we serve.

References:

• Health and Human Services. (2007a). Security standards: Administrative safeguards. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf?language=es
• Health and Human Services. (2007b). Security standards: Physical safeguards. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf?language=es
• Health and Human Services. (2007c). Security standards: Security standards: Organizational, policies and procedures and documentation requirements. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/pprequirements.pdf?language=es
• Health and Human Services. (2013). Why is the HIPAA security rule needed and what is the purpose of the security standards?Retrieved from https://www.hhs.gov/hipaa/for-professionals/faq/2000/why-is-hipaa-needed-and-what-is-the-purpose-of-security-standards/index.html
• Office for Civil Rights. (2018). Cases currently under investigations. Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
• Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
• Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: A practical approach for health care management(4th ed.). San Francisco, CA: Jossey-Bass

Additional Materials

[Order Now]

From the Internet, review the following:

• Center for Medicare and Medicaid Services. (2013). Summary of HIPAA security rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
• Health and Human Services. (2007a). Security standards: Administrative safeguards. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf?language=es
• Health and Human Services. (2007b). Security standards: Physical safeguards. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf?language=es
• Health and Human Services. (2007c). Security standards: Security standards: Organizational, policies and procedures and documentation requirements. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/pprequirements.pdf?language=es
• Health and Human Services. (2013). Why is the HIPAA security rule needed and what is the purpose of the security standards?Retrieved from https://www.hhs.gov/hipaa/for-professionals/faq/2000/why-is-hipaa-needed-and-what-is-the-purpose-of-security-standards/index.html
• Office for Civil Rights. (2018). Cases currently under investigations. Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
• Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
• Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: A practical approach for health care management(4th ed.). San Francisco, CA: Jossey-Bass

MHA6120 failures in HIT implementation

PLACE THE ORDER WITH US TODAY AND GET A PERFECT SCORE!!!