This paper justifies and explains current efforts in the Military Health System (MHS) to enhance information assurance in light of the sociological debate between “Normal Accident” (NAT) and “High Reliability” (HRT) theorists. NAT argues that complex systems such as enterprise health information systems display multiple, interdependent interactions among diverse parts that potentially manifest unfamiliar, unplanned, or unexpected sequences that operators may not perceive or immediately understand, especially during emergencies. If the system functions rapidly with few breaks in time, space or process development, the effects of single failures ramify before operators understand or gain control of the incident thus producing catastrophic accidents. HRT counters that organizations with strong leadership support, continuous training, redundant safety features and “cultures of high reliability” contain the effects of component failures even in complex, tightly coupled systems. Building highly integrated, enterprise-wide computerized health information management systems risks creating the conditions for catastrophic breaches of data security as argued by NAT. The data security regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) implicitly depend on the premises of High Reliability Theorists. Limitations in HRT thus have implications for both safe program design and compliance efforts. MHS and other health care organizations should consider both NAT and HRT when designing and deploying enterprise-wide computerized health information systems.
This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project’s core. This contrasts with typical approaches that perceive “security” as a secondary attribute to be “added” after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system’s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.
This case study details the experience of system engineers of the Imaging Science and Information Systems Center, Georgetown University Medical Center (ISIS) and radiologists from the department of Radiology in the implementation of a new Teleradiology system. The Teleradiology system enables radiologists to view medical images from remote sites under those circumstances where a resident radiologist needs assistance in evaluating the images after hours and during weekends; it also enables clinicians access to patients’ medical images from different workstations within the hospital.
The Implementation of the Teleradiology project was preceded by an evaluation phase to perform testing, gather users feedback using a web site and collect information that helped eliminate system bugs, complete recommendations regarding minimum hardware configuration and bandwidth and enhance system’s functions, this phase included a survey-based system assessment of computer configurations, Internet connections, problem identification, and recommendations for improvement, and a testing period with 2 radiologists and ISIS engineers; The second phase was designed to launch the system and make it available to all attending radiologists in the department.
To accomplish the first phase of the project a web site was designed and ASP pages were created to enable users to securely logon and enter feedback and recommendations into an SQL database.
This efficient, accurate data flow alleviated networking, software and hardware problems. Corrective recommendations were immediately forwarded to the software vendor. The vendor responded with software updates that better met the needs of the radiologists. The ISIS Center completed recommendations for minimum hardware and bandwidth requirements. This experience illustrates that the approach used in collecting the data and facilitating the teamwork between the system engineers and radiologists was instrumental in the project’s success. Major problems with the Teleradiology system were discovered and remedied early by linking the actual practice experience of the physicians to the system improvements.
Proc. SPIE. 5033, Medical Imaging 2003: PACS and Integrated Medical Information Systems: Design and Evaluation
KEYWORDS: Defense and security, Medicine, Medical research, Computing systems, Telemedicine, Information technology, Information security, Computer security, Standards development, Information assurance
Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center (TATRC), TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG) examined military policies and regulations relating to computer-based information systems and medical records management. Using an interdisciplinary and interservice QA approach they compared existing military policies with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to identify gaps and discrepancies. The final report, including a plain English explanation of the individual standards and relevance to the Department of Defense (DoD), a comparative analysis and recommendations, will feed in to the security management process and HIPAA implementation efforts at multiple levels within the DoD. In light of High Reliability Theory, this process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains, building consensus on key policy reforms among military stakeholders across different disciplines, levels of command hierarchy and services.
Proc. SPIE. 4323, Medical Imaging 2001: PACS and Integrated Medical Information Systems: Design and Evaluation
KEYWORDS: Defense and security, Medicine, Surgery, Telecommunications, Information technology, Modulation transfer functions, Defense technologies, Information security, Computer security, Information assurance
The global scale, multiple units, diverse operating scenarios and complex authority structure of the Department of Defense Military Health System (MHS) create social boundaries that tend to reduce communication and collaboration about data security. Under auspices of the Defense Health Information Assurance Program (DHIAP), the Telemedicine and Advanced Technology Research Center (TATRC) is contributing to the MHS's efforts to prepare for and comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 through organizational and technological innovations that bridge such boundaries. Building interdisciplinary (clinical, administrative and information technology) medical information security readiness teams (MISRT) at each military treatment facility (MTF) constitutes the heart of this process. DHIAP is equipping and training MISRTs to use new tools including 'OCTAVE', a self-directed risk assessment instrument and 'RIMR', a web-enabled Risk Information Management Resource. DHIAP sponsors an interdisciplinary, triservice workgroup for review and revision of relevant DoD and service policies and participates in formal DoD health information assurance activities. These activities help promote a community of proponents across the MHS supportive of improved health information assurance. The MHS HIPAA-compliance effort teaches important general lessons about organizational reform in large civilian or military enterprises.
Proc. SPIE. 4323, Medical Imaging 2001: PACS and Integrated Medical Information Systems: Design and Evaluation
KEYWORDS: Defense and security, Medicine, Matrices, Computing systems, Information technology, Modulation transfer functions, Information security, Computer security, Process modeling, Information assurance
Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.
This paper investigates the design and implementation of a multimedia telemedicine application being undertaken by the Imaging Science and Information Systems Center of the Department of Radiology and the Division of Nephrology of the Department of Medicine at the Georgetown University Medical Center (GUMC). The Renal Dialysis Patient Monitoring network links GUMC, a remote outpatient dialysis clinic, and a nephrologist's home. The primary functions of the network are to provide telemedicine services to renal dialysis patients, to create, manage, transfer and use electronic health data, and to provide decision support and information services for physicians, nurses and health care workers. The technical parameters for designing and implementing such a network are discussed.
Proc. SPIE. 3035, Medical Imaging 1997: PACS Design and Evaluation: Engineering and Clinical Issues
KEYWORDS: Internet, Biometrics, Medical research, Computing systems, Control systems, Telemedicine, Information security, Computer security, Network security, Picture Archiving and Communication System
As clinical data is more widely stored in electronic patient record management systems and transmitted over the Internet and telephone lines, it becomes more accessible and therefore more useful, but also more vulnerable. Computer systems such as PACS, telemedicine applications, and medical research networks must protect against accidental or deliberate modification, disclosure, and violation of patient confidentiality in order to be viable. Conventional wisdom in the medical field and among lawmakers legislating the use of electronic medical records suggests that, although it may improve access to information, an electronic medical record cannot be as secure as a traditional paper record. This is not the case. Information security is a well-developed field in the computer and communications industry. If medical information systems, such as PACS, telemedicine applications, and research networks, properly apply information security techniques, they can ensure the accuracy and confidentiality of their patient information and even improve the security of their data over a traditional paper record. This paper will elaborate on some of these techniques and discuss how they can be applied to medical information systems. The following systems will be used as examples for the analysis: a research laboratory at Georgetown University Medical Center, the Deployable Radiology system installed to support the US Army's peace- keeping operation in Bosnia, a kidney dialysis telemedicine system in Washington, D.C., and various experiences with implementing and integrating PACS.
How should hospital administrators compare the security risks of paper-based and computerized patient record systems. There is a general tendency to assume that because computer networks potentially provide broad access to hospital archives, computerized patient records are less secure than paper records and increase the risk of breaches of patient confidentiality. This assumption is ill-founded on two grounds. Reasons exist to say that the computerized patient record provides better access to patient information while enhancing overall information system security. A range of options with different trade-offs between access and security exist in both paper-based and computerized records management systems. The relative accessibility and security of any particular patient record management system depends, therefore, on administrative choice, not simply on the intrinsic features of paper or computerized information management systems.
A design-based approach to ethical analysis examines how computer scientists, physicians and patients make and justify choices in designing, using and reacting to computer-aided diagnosis (CADx) systems. The basic hypothesis of this research is that values are embedded in CADx systems during all phases of their development, not just retrospectively imposed on them. This paper concentrates on the work of computer scientists and physicians as they attempt to resolve central technical questions in designing clinically functional CADx systems for lung cancer and breast cancer diagnosis. The work of Lo, Chan, Freedman, Lin, Wu and their colleagues provides the initial data on which this study is based. As these researchers seek to increase the rate of true positive classifications of detected abnormalities in chest radiographs and mammograms, they explore dimensions of the fundamental ethical principal of beneficence. The training of CADx systems demonstrates the key ethical dilemmas inherent in their current design.
Project RavenCare is a testbed for assessing the utility of teleradiology, telemedicine and electronic patient records systems for delivering health care to Native Alaskans in remote villages. It is being established as a joint project between the department of radiology at Georgetown University Medical Center and the Southeast Alaska Regional Health Corporation (SEARHC) in Sitka, Alaska. This initiative will establish a sustained routine clinical multimedia telemedicine support for a village clinic in Hoonah, Alaska and a regional hospital in Sitka. It will link the village clinic in Hoonah to Mt. Edgecumbe Hospital in Sitka. This regional hospital will in turn be linked to Georgetown University Hospital through the T1- VSAT (very small aperture terminal) of the NASA-ACTS (Advanced Communication Technology Satellite). Regional physicians in Hoonah lack support in providing relatively routine care in areas such as radiology and pathology. This project is an initial step in a general plan to upgrade telecommunications in the health care system of the Southeast Alaska region and will address aspects of two problems; limited communication between the village health clinics and the hospital and lack of subspecialty support for hospital-based physicians in Sitka.
This presentation examines the ethical issues raised by computerized image management and communication systems (IMAC), the ethical principals that should guide development of policies, procedures and practices for IMACS systems, and who should be involved in developing a hospital's approach to these issues. The ready access of computerized records creates special hazards of which hospitals must beware. Hospitals must maintain confidentiality of patient's records while making records available to authorized users as efficiently as possible. The general conditions of contemporary health care undermine protecting the confidentiality of patient record. Patients may not provide health care institutions with information about themselves under conditions of informed consent. The field of information science must design sophisticated systems of computer security that stratify access, create audit trails on data changes and system use, safeguard patient data from corruption, and protect the databases from outside invasion. Radiology professionals must both work with information science experts in their own hospitals to create institutional safeguards and include the adequacy of security measures as a criterion for evaluating PACS systems. New policies and procedures on maintaining computerized patient records must be developed that obligate all members of the health care staff, not just care givers. Patients must be informed about the existence of computerized medical records, the rules and practices that govern their dissemination and given the opportunity to give or withhold consent for their use. Departmental and hospital policies on confidentiality should be reviewed to determine if revisions are necessary to manage computer-based records. Well developed discussions of the ethical principles and administrative policies on confidentiality and informed consent and of the risks posed by computer-based patient records systems should be included in initial and continuing staff system training. Administration should develop ways to monitor staff compliance with confidentiality policies and should assess diligence in maintaining patient record confidentiality as part of staff annual performance evaluations. Ethical management of IMAC systems is the business of all members of the health care team. Computerized patient records management (including IMAC) should be scrutinized as any other clinical medial ethical issue. If hospitals include these processes in their planning for RIS, IMACS, and HIS systems, they should have time to develop institutional expertise on these questions before and as systems are installed rather than only as ethical dilemmas develop during their use.
Distributing a radiographic image with the verbal report would help to avoid misunderstanding and would aid the referring physician in understanding better the severity of the disease described. With magnetic resonance imaging it is customary in our practice to distribute a copy of the examination to the referring physician. Distributing a film copy of the image is expensive. Based on our initial experience with the Scitex paper printer, we believe that this system provides a paper image of sufficient quality that it would be acceptable as a referrer's copy. Paper copies are cheaper to produce and can be more easily filed with the remainder of the patient's paper based medical record. This presentation discusses the printing method employed by the Scitex printer, demonstrates comparisons between Scitex and laser print images, and discusses the current problems of interfacing the printer to image acquisition devices. As we develop our image management and communication system (IMAC), we anticipate that a need for hard copy images will remain. We discuss the role that we believe this paper printer serves in an IMAC film independent system.