1 / 33

Managing Change and Security

Managing Change and Security. HLST 2040 16-11-2012. Video on security. Please watch the two videos on security. They are available on the moodle course page. Healthcare Business Environment. Pg.304 Cost Efiiciency Communication poses barriers to achieving desired Health outcomes

suzuki
Télécharger la présentation

Managing Change and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Change and Security HLST 2040 16-11-2012

  2. Video on security • Please watch the two videos on security. • They are available on the moodle course page

  3. Healthcare Business Environment • Pg.304 • Cost Efiiciency • Communication poses barriers to achieving desired Health outcomes • Traditionally how much money does healthcare business invest in technical training? • Communication is an important part of healthcare

  4. Theories about change • In the very first lecture, we saw theories of change • Kurt Levin’s change theory was covered • Organization theory – pg. 305 • Another theory that explains why and how organizations change • It looks at them at a macro level

  5. Organizational Behavior Theory • What is the difference between Organization theory and Organizational behavior theory (OB)? • Focus on small groups and individuals – pg. 306 • OB provides deeper understanding of why, when and how the advances in IT are adopted by , or are not adopted by, an organization

  6. Realities of our Heathcare Environment • Cost is rising every year • We are spending more then 40% of our budget on healthcare across Canada • Emphasis on teamwork- FHT • Consumers and governments are looking at performance measures more keenly

  7. Performance Measures • See pg. 307 • Customer Satisfaction • Clinical Productivity and efficiency per physician • Financial cost per relative value unit of service • Employee satisfaction

  8. IT challenges • How to continually update HW and SW? System downtime? • Can they develop IT systems jointly? • What is the role of standards? • What is the role of organizations like COACH, CHI and the provincial governments? • Example is EMR adoption by GPs in Ontario • Limited IT dept. resources

  9. Dangerous choice • Neglecting the need to invest time for motivating people to use the new technology • Not just money, but other incentives • Box 14-2, right things to do • Pg. 315 – how to implement change while implementing EMR?

  10. Capability of IT systems in Healthcare • Pg. 308 • Transfer information across settings for each encounter • Standardize the way in which records are stored • Provide feedback, immediate and meaningful feedback

  11. Encouraging Change • Champion Users • Normative pressures – pg. 311 • Policies that encourage change • Who should make those policies? • Workflow changes • Formal informatics education • Avoid the cascade effect – pg.314

  12. Role of the Leader • Administrator, or manager, own behavior and IT skill level – pg. 314 • How persistent is the administrator in the face of problems?

  13. What happens when CPOE is implemented? • Pg. 313 • Acceptance of change has varied from reluctance to whole-hearted acceptance • Involve users from the start for greater success • Find Champions while rolling out • Use bench-marking?

  14. How to do conversions? • What is a conversion? • Difference between place and method • Could be a mix • Pilot • Parallel • Cold Turkey or direct

  15. Case Study • You are implementing a telemedicine project at your hospital, what are the issues?

  16. Privacy and Security

  17. Privacy and Confidentiality • Pg. 439 • Privacy refers to an individual’s desire to limit disclosure of personal information • Confidentiality deals with whether the information is released or not • Security is the measures that are taken to protect privacy and confidentiality

  18. Access • Ability to obtain data and information for specific purposes by specific users • Many measures are afoot to control access • Technical measures • Policy measures which may be non-technical • In the last few years, eHealth and mHealth have made security and access complex issues

  19. Integrity • Pg.439 • Integrity deals with completeness AND accuracy of data and information as well as protecting them from processes that would invalidate them • Accidental entry of incorrect information or data is a threat to the integrity of the patient’s record

  20. Changing Data and Information • Can be accidental like transcription errors • Can be intentional like deliberate erasure • Computer viruses and worms – pg. 440

  21. Availability • The ability of the information users to easily access data and information appropriate to their authorization level when needed • How will you implement security measures? • User roles will be explained by Sai • Archiving • Tradeoff between security and availability

  22. Transition from a Paper Record • Both good and bad • Sharing • Security • Cost • Usage popularity by providers and patients • Change management

  23. Legislative protection of Privacy • Assures that patient records will not be disclosed to third parties without patient consent. • Done both at Federal and Provincial levels • PROVINCIAL/TERRITORIAL LEGISLATION • Health-specific legislation: Manitoba, Alberta and Saskatchewan, Ontario • If there is no provincial rule then Federal laws apply

  24. Legislative protection of Privacy • FEDERAL LEGISLATION • Statistics Act • applies to collected patient-identifiable health information. • Personal Information Protection and Electronic Documents Act (PIPEDA)(2002) • applies to personal health information collected, used, or disclosed in the course of commercial activities across provincial/territorial and national boundaries. • Applies to all kind of customer information, not just healthcare • Will apply to healthcare if there is no provincial law like PHIPA

  25. Personal Health Information Protection Act 2004 • The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario’s health-specific privacy legislation. • Came into effect on Nov. 1,2004 Prof. Sai Vemulakonda

  26. What it does? • New rules allow individuals greater control over how their personal health information is collected, used or disclosed. • PHIPA provides health care professionals with a flexible framework to access and use health information as necessary in order to deliver adequate and timely health care. • Sourec: http://www.ipc.on.ca/index.asp?navid=63&fid1=28 Prof. Sai Vemulakonda

  27. Links for PHIPA • http://www.ipc.on.ca/index.asp?navid=63&fid1=28 • http://www.health.gov.on.ca/english/media/articles/archives/ar_04/103004a_ar.html Prof. Sai Vemulakonda

  28. Electronic Tools used for Security • Firewall • Authentication – UID and PW • Biometric identification pg. 447 • Locks, Physical and otherwise – pg. 446 • Disabling single sign on • Audit Trails • Fencing depth

  29. Implied Consent • PHIPA acts on the concept of implied consent • What does it mean? Prof. Sai Vemulakonda

  30. Informed Consent • It is a basic rule that in all research involving persons a prerequisite is that each person sign an Informed Consent form prior to the study done. • Various Bioethics bodies and professional associations have outlined whatis required of the research person and the participant in order to make the informed consent valid. • Release of information consent

  31. Assumed Consent • Exceptions to the basic rule where informed consent applies: • Reporting communicable diseases, imunizations, traumas • Data for administrative purposes, financial audits • data from medical charts or large databanks used for research • approved by a bioethics committee • stripped of patient identifiers

  32. Privacy vs. access of EHR • It is not possible to achieve both perfect confidentiality and perfect access. • Need-to-know assessment • for healthcare professionals • for patients • How much info should be send from one provider to another? • Access health data by insurers

  33. Summary • Change • Managing it and policies • Security, Privacy and confidentiality

More Related