Running head: Advanced Information Management and the Application of Technology 1

Implementing a Health Information System (HIS) That Meet Current HITECH and

HIPAA Security and Privacy Regulatory Requirements

Amber Sulin

Western Governors University

Health and personal information are a significant part of each person’s life. This

information is significant for ongoing well-being and vital for an individual to protect their

personal information. The HIS encompasses all aspects of an individual’s health and

personal information, thereby requiring the HIS to safeguard the protected health and

personal information of all individuals in its system. Implementing a Health Information

System (HIS) requires meeting current HITECH and HIPAA security and privacy

regulatory requirements in order to protect individual personal and health information.

A1. Advantages and Disadvantages of the Selected System

Health management information systems or HMIS is a technology resource leveraged by

healthcare providers and administrators to support strategic initiatives and organizational

decisions. Five interconnected fields make up the HMIS including, data, hardware, process,

integration and administration (Payton, 2017). Evaluation of a HMIS is completed by assessment

of the following categories: usability, interoperability, scalability and compatibility. A systems

usability is defined by its effectiveness, efficiency and user satisfaction in completing a desired

task. An advantage to HMIS usability is the opportunity for users to perform task swiftly and

with little input. However, the fixed data fields can become difficult to navigate for users with

limited HMIS experience. “Interoperabilty is concerned primarily with the challenge of linking

software and systems being developed and implemented with diverse platforms and languages

when required information has to be shared conveniently and securely among multiple providers

and users” (Payton, 2017). Interoperability on a large-scale allows the HMIS to utilize different

systems and technology applications in one intercommunicating platform. Difficulty arises when

there is a breakdown in the system communication due to program coding. For a HMIS to have
Advanced Information Management and the Application of Technology 3

scalability, it must be capable of parallel growth with the organization. Scalability allows for

future facilities to implement the same Electronic Health Record or EHR. Disadvantage to

scalability is the cost factor of implementing a system in a facility that does not require such a

largescale platform. When a HMIS has compatibility, it is capable of running all systems on one

infrastructure independently. A system high level of compatibility prevents loss of data. When a

system has a low level of compatibility, varied software operates on different platforms.

A2. Patient Care and Documentation

With the development of HIS, nurses are better equipped to provide patient-centered care.

The biggest problem nurses face with HIS is the usability and interface difficulties. It is

theorized, the usability and interface difficulties are a result of the HIS being developed by non-

medically trained professionals. When faced with barriers to use, nurses will utilize

workarounds, creating points for potential error. Ideally, HIS should assist the nurse by

optimizing workflow and increasing usability.

Patient care is impacted by the use of HIS through the loss of individual and meaningful

patient interaction. This occurs when the nurse enters data into the system at the bedside. Their

focus is diverted from the patient to the HIS, creating a barrier to patient-centered care. The

burden is on the nurse to recognize this missed opportunity and focus on providing

compassionate and meaningful care.

Integrating clinic information systems or CIS into the EHRs, provides a comprehensive

system for nurses and benefits documentation through “easy access [to] patient data at the point

of care; structured and legible information that can be searched easily and lends itself to data

mining and analysis; and improved patient safety, especially the prevention of adverse drug
Advanced Information Management and the Application of Technology 4

reactions and the identification of health risk factors, such as falls” (McGonigle, 2017). Having

the EHR as a safety check, assist the nurse in preventing medication errors, missed procedures

and communication with the care team. Additionally, documented care, supply use and

medication administration assist in streamlining billing, ultimately preventing the patient

additional cost of hospitalization.

A3. Quality and Delivery of Nursing Care and Patient Outcomes

A review of the nurse’s perspective of HIS reports, accessing information via a HIS

results in improved care outcomes and less anxieties with care coordination and patient safety

(McGonigle, 2017). Nurses also reported improved staff communication and less medication

errors. A nurse’s ability to readily access all the patient’s health data at the bedside allows for

continued care through review of care notes and lab data. For example, if a patient is on a fluid

restriction, the nurse can easily access the patient’s intake for the last 24 hours or even further.

She can then form her plan of care based off that data. Additionally, any care provider can access

the patient’s PHI from any location in the hospital. If for instance, the patient is in radiology and

experiences a seizure event. The staff in radiology can access the patient’s MAR, review ordered

recue medications and safely administer without the need to track down the patient’s nurse or

doctor.

B1. Ways QI Data Can Lead to Measurable Improvement

QI data collection for a pediatric physician transfer center addressing transfers from

outlying facilities to a pediatric hospital is critical in identifying, analyzing and drafting strategic
Advanced Information Management and the Application of Technology 5

initiatives for measurable service improvement. One such data point is the length of time for

provider connection, meaning the amount of time it takes for a referring provider to be connected

with a pediatric specialist. For at risk pediatric patients such as neonatal transfers, status

epilepticus transfers, etc., every minute of delayed care compounds to poor patient outcomes.

Utilizing multiple data fields, the nurse informaticist can identify barriers to provider connection,

analyze the effect on patient outcomes and draft a proposal or workflow adjustment to reduce

provider connection time.

Organizations utilizing a system with intercommunicating applications for various

department, allows for interdepartmental quality improvement initiatives. One such initiative is

the proposal for full time pediatric transport units dedicated to inbound pediatric transfer from

outlying facilities. Through data collection from the pediatric physician transfer center, the nurse

informaticist can collect data points on patient outcomes related to delays in transport, poor care

outcomes related to adult care transport units with limited pediatric capabilities and limited

communication with pediatric specialist during transport. After analyzing the data, the team is

able to draft a proposal for full time pediatric transport units and their direct correlation to

improved patient outcomes.

B2. HITECH and HIPAA Security Standards and Regulations

All members of the healthcare team within an organization are tasked with protecting the

privacy, confidentiality and security of protected health information or PHI (Payton, 2017). A

federal law set into place for the healthcare organizations that implement information

technologies is the HITECH act. It requires organizations to establish policy for the utilization

and application of information technology. After the implementation of the HITECH act,
Advanced Information Management and the Application of Technology 6

healthcare saw a wide adoption of the Electronic Health Record or EHR. The U.S. Department of

Health and Human Services, under the Health Insurance Portability and Accountability Act

(HIPAA) law, established guidelines, standards and consequences for healthcare organizations to

utilize and implement healthcare information exchanges. All healthcare entities are governed by

HIPAA law, including providers, facilities, organizations, insurance companies, HMOs and

government programs like Medicaid and Medicare (Kruse, 2016). HIPAA federally mandates

“protection of any information in an individual’s personal records, including diagnosis and

treatment reports, progress notes, recommendations, and even conversations with personal

caregivers. It also safeguards the information that is processed into computer systems used by

care providers for billing, medication, clinical evaluation reports, radiological images and

reports, laboratory test results, and any information collected by individuals or organizations that

has a health semantic” (Payton, 2017).

The accuracy and consistency of data that is stored, processed and retrieved is maintained

throughout the process of design, implementation and utilization. This maintenance of data

throughout its lifecycle is referred to as data integrity. HMIS design, implementation and

evaluation hinges on data security. Without protection, the integrity of data may be compromised

and open the healthcare organization to federal investigation under HIPPA. The protection of

data comes with a hefty price tag for individual organizations, but it is crucial to prevent attacks

on HMIS. Safeguarding access to the HMIS can be assigned to a separate group for the

development of standard procedures, workflow processes and system uniformity.

For an organization to have success in data protection and maintaining data integrity,

procedures must be in place for potential disaster recovery. This is achieved through the process

of data backup. Data backup is an ongoing process of duplicating programs, files and databases
Advanced Information Management and the Application of Technology 7

for storage in a separate location. The data is continually monitored for transactions, lost data,

incomplete fields and system failures. Every organization should have a plan for system

downtime to maintain functionality and operation. System permanency and dependability can be

achieved through error detection and recovery.

As a result of the HIPPA law, federal government can provide assurance to healthcare

consumers that their PHI is safe and accessible. All healthcare organizations and entities are held

accountable for the integrity and protection of patient data through implementation of dedicated

HIPAA and HMIS staff, guidelines, procedures, technology security and safekeeping.

Organizations not in compliance with HITECH and HIPPA standards are investigated and

penalized by the federal government.

B3. Protection of Patient Privacy

As with any information technology system and HIS, the infrastructure can be built to

include safety and security measures. Preventing security incidents is a top priority for health

care organizations and providers. Providers are obligated and under federal law required to

protect PHI from security attacks by unauthorized persons, contamination of data, deletion of

data and interference with HIS operations. The health organization facilitates the providers

obligation to protect PHI by following annual guidance to secure health information as set forth

by the HITCH Act (McGonigle, 2017). HIS safeguard access to PHI through “encryption,

shredding and other forms of complete destruction, or electronic media sanitation” (McGonigle,

2017). If a provider does not follow the policies for information technology implementation, the

PHI becomes unsecure and available to unauthorized persons.

B4. Organizational Efficiency and Productivity

Adopting a HIS will optimize operational efficiency through standardizing

documentation, reducing waste, increasing productivity and human and capital resource savings.

HIS provides a shared platform for management of patient care across various providers, thus

permitting a shared understanding of patient health status through standardized documentation.

Standardization creates an opportunity to link various EHR systems, thereby creating increased

labor cost for interoperability. Benefits of waste reduction include reducing medical errors by

removing paper charting; delays in test and treatments due to expediting order entry and

exchange among providers; and duplication related to multiple test orders for existing results.

Cost reduction occurs through fewer material waste by reduced duplications, paper consumption

limitation and shortened length of stay due to increase efficiency. Increasing provider

productivity is a pillar of organizational efficiency. With HIS, patient data can be accessed

instantly from a computer preventing wasted provider time searching for paper charts or data

from another facility. However, HIS places a requirement on providers to enter orders and notes

electronically, thereby creating anxiety, wasted time finding embedded functions and uncertainty

on provider protection. Reduction in human capital occurs through increased care efficiency,

limiting time spent on charting and retrieving data, and eliminating duplication through shared

data. Resources shifted from direct patient care to information technology personnel increase

human and capital resource cost for development, implementation and maintenance of the HIS

(Payton, 2017).

C. Interdisciplinary Team Identification

Team Member “roles” (job duties), “expertise” (what qualifies the individual?) and why they

are important to the success of the project.

Clinical “Direct users of the system” and partners in the responsibility for HIS success.

Provider Providers are direct participants in the design process of the HIS due to their

expertise in the field. Provider health intelligence is merged into the HIS

(Payton, 2016).

Application “Takes a completely supportive role in the e-health system because it has a

Vendors direct benefit from developing an e-health platform” (Payton, 2016). Vendors

create customization based on the need of independent systems. A single vendor

market can standardize EHR.

Hospitals Primary investment entity and provider of facilities and physical infrastructure.

Hospitals have wide-ranging knowledge of HIS. “If the hospitals and providers

have access to the same types and amounts of information and are not

concerned too much about using unrevealed information to create competitive

advantages, they may turn their attention, time, and effort to focus on improving

quality of care and saving lives” (Payton, 2016).

Third-party Indirectly perform as a source of funding for programs like HIS through patient

Payors reimbursement of payment for services. Payors provide a source of countless

health information data collected from patients.

D. Plan for Evaluating the Success of Implementing a System

As the largest philanthropic organization in the US, The Robert Wood Johnson Foundation

RWJF works to advance the health and care for Americans. In an effort to improve healthcare,

RWJF offers grants and funds research. An ongoing project funded by RWJF is the Quality and

Safety for Education for Nurses (QSEN) project. QSEN focuses on advancing nursing education

and promoting core competencies for educators. Two such competencies for nursing informatics

include:

 “Use information and technology to communicate, manage knowledge, mitigate error,

and support decision-making” (Cronenwett, 2007).

 “Use data to monitor the outcomes and processes and use improvement methods to

design and test changes to continuously improve the quality and safety of healthcare

systems” (Cronenwett, 2007).

HIS possess multiple systems tailored to address both QSEN nursing informatics

competencies. Communication is clear and expeditious as a result of the HIS universal

availability to all healthcare providers in the system. Error is reduced by the safety checks

and embedded alerts triggered in the HIS. Decision making is supported by the data

analytics provided by the HIS. Quality improvement projects and strategic initiatives are

supported by the data collected, distributed and analyzed from the HIS.

Evaluating the success of the implementation of a system by incorporating two

professional organization standards will be based on an established plan. The plan will

extract data from the HIS to analyze healthcare quality and safety improvement. This can be

done by evaluating the trend of a few metrics upon which data is comparable across multiple

patient and provider entries. Example of such metrics include reduction of hospital acquired

pressure ulcers, reduction of medication administration errors, or reduction in length of stay.

After the data metrics are mined from the HIS, comparisons can be made against the same

metrics prior to HIS implementation. In order for the metrics to be comparable, data must

exist for each metric prior to implementation. If the data post implementation displays a

trend in the positive direction for each metric, then it is fair to claim the HIS implementation

was a success against the QSEN core competencies for nursing informatics.

References
Advanced Information Management and the Application of Technology 12

Cronenwett, L., Sherwood, G., Barnsteiner, J., Disch, J., Johnson, J., Mitchell, P., Sullivan, D.

T., & Warren, J. (2007). Quality and Safety Education for Nurses. Nursing outlook, 55(3),

122–131. https://doi.org/10.1016/j.outlook.2007.02.006

Home. (2020, July 15). Retrieved July 26, 2020, from https://www.rwjf.org/

Kruse, C. S., Kothman, K., Anerobi, K., & Abanaka, L. (2016). Adoption Factors of the

Electronic Health Record: A Systematic Review. JMIR medical informatics, 4(2), e19.

https://doi.org/10.2196/medinform.5525

McGonigle, K.G.M. D. (2017). Informatics for Health Professionals, Custom WGU Edition.

[Western Governors University]. Retrieved

from https://wgu.vitalsource.com/#/books/9781284155402/

Payton, J.T.F. C. (2017). Adaptive Health Management Information Systems: Concepts, Cases,

& Practical Applications, Custom WGU Edition. [Western Governors University].

Retrieved from https://wgu.vitalsource.com/#/books/9781284155396/

Payton, K.M.D.M.J.T.F. C. (2016). Advanced Information Management and the Application of

Technology. [Western Governors University]. Retrieved

from https://wgu.vitalsource.com/#/books/9781284138696/