Compliance of Open Source EHR Applications with HIPAA and ONC Security and Privacy Requirements

Electronic Health Records (EHRs) are digital versions of paper-based patient\u27s health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of Protected Health Identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient’s PHI data. Inefficient application design threatens the integrity of EHRs, which leads to fraud and endangering patient\u27s health. The goal of this paper is to identify HIPAA technical requirements, evaluate an open source EHR application (OpenEMR) for security vulnerabilities using an open-source scanner tool (RIPS), and map identified vulnerabilities to HIPAA technical requirements

Analysis of the Adherence of mHealth Applications to HIPAA Technical Safeguards

The proliferation of mobile health technology, or mHealth apps, has made it essential to protect individual health details. People now have easy access to digital platforms that allow them to save, share, and access their medical data and treatment information as well as easily monitor and manage health-related issues. It is crucial to make sure that protected health information (PHI) is effectively and securely transmitted, received, created, and maintained in accordance with the rules outlined by the Health Insurance Portability and Accountability Act (HIPAA), as the use of mHealth apps increases. Unfortunately, many mobile app developers, particularly those of mHealth apps, do not completely understand the HIPAA security and privacy requirements. This offers a unique opportunity for research to create an analytical framework that can help programmers maintain safe and HIPAA-compliant source code while also educating users about the security and privacy of private health information. The plan is to develop a framework which will serve as the foundation for developing an integrated development environment (IDE) plugin for mHealth app developers and a web-based interface for mHealth app consumers. This will help developers identify and address HIPAA compliance issues during the development process and provide consumers with a tool to evaluate the privacy and security of mHealth apps before downloading and using them. The goal is to encourage the development of secure and compliant mHealth apps that safeguard personal health information

Exploring Strategies for Successful Implementation of Electronic Health Records

Adoption of electronic health records (EHR) systems in nonfederal acute care hospitals has increased, with adoption rates across the United States reaching as high as 94%. Of the 330 plus acute care hospital EHR implementations in Texas, only 31% have completed attestation to Stage 2 of the meaningful use (MU) criteria. The purpose of this multiple case study was to explore strategies that hospital chief information officers (CIOs) used for the successful implementation of EHR. The target population consists of 3 hospitals CIOs from a multi-county region in North Central Texas who successfully implemented EHRs meeting Stage 2 MU criteria. The conceptual framework, for this research, was the technology acceptance model theory. The data were collected through semistructured interviews, member checking, review of the literature on the topic, and publicly available documents on the respective hospital websites. Using methodological triangulation of the data, 4 themes emerged from data analysis: EHR implementation strategies, overcoming resistance to technology acceptance, strategic alignment, and patient wellbeing. Participants identified implementation teams and informatics teams as a primary strategy for obtaining user engagement, ownership, and establishing a culture of acceptance to the technological changes. The application of the findings may contribute to social change by identifying the strategies hospital CIOs used for successful implementation of EHRs. Successful EHR implementation might provide positive social change by improving the quality of patient care, patient safety, security of personal health information, lowering health care cost, and improvements in the overall health of the general population

Arizona Health Information Exchange

abstract: Arizona strives to be the national role model for the secure, interoperable health information exchange to facilitate safe, secure, high quality and cost effective health care. The purpose of the Health Information Exchange in Arizona is to improve the quality, safety and efficiency of wellness in the Arizona population by securely connecting patients and health care providers so that relevant and understandable information is available anytime, anywhere

Securing, Standardizing, and Simplifying Electronic Health Record Audit Logs Through Permissioned Blockchain Technology

Audit logs perform critical functions in electronic health record (EHR) systems. They provide a chronological record of all operations performed in an EHR, allowing health care organizations to track EHR usage, hold system users accountable for their interactions with patient records, detect anomalous and potentially malicious behavior in the system, protect patient privacy, and develop insight into workflows and interactions among system users. However, several problems exist with the way that current state-of-the-art EHR technology handles audit data. Specifically, current systems complicate the collection and analysis of audit logs because they lack an interoperable audit log structure, spread audit log data from different EHR applications across multiple data repositories, and often fail to record all useful information about events in the EHR. Permissioned blockchain technology offers two opportunities to mitigate these issues. First, smart contracts running on the blockchain can impose an interoperable structure on audit log data, both within single health care organizations and across all organizations participating in the network. Second, the blockchain ledger constitutes a consolidated repository for all audit log data at each organization, simplifying the collection of data for analysis. AuditChain, the prototype system I present in this thesis, leverages Hyperleger Fabric\u27s permissioned blockchain technology to address these issues of audit log interoperability, content, structure, and consolidation. Specifically, AuditChain uses the blockchain ledger and smart contracts to standardize audit log content, simplify access to audit log data, and ensure that audit logs contain all necessary and useful information

Best practices to establish susccesful mobile health service in a healthcare setting

Alternative healthcare programs have been steadily flooding the health care market, with the most notable being mobile health. Mobile health, more popularly known as mHealth, is expected to generate upward of $59 billion dollars. This is astonishing, considering the mHealth market is still in its infancy as an alternative healthcare model. Still, there are over 100,000 mHealth smartphone applications and platforms on the market. The concept of offering affordable medical services that are accessible to anyone, at any time and in any place appeals to the mission and purpose of healthcare organizations. However, a large number of the studies and publications on mHealth are associated with the technologies behind mHealth and provide very little information on the practices and challenges associated with implementing mHealth, especially within a medical facility. For this reason, it was important to learn from executive health IT professionals who have successfully implemented mHealth services within the US healthcare system. Accordingly, the purpose of this study was to identify the practices used and challenges faced by CIOs in implementing mHealth technologies. The study also obtained recommendations CIOs believe are associated with successful mHealth services. This was a qualitative study that used a phenomenology lens focused on the viewpoint of CIOs and the growing phenomenon of mHealth as a part of the U.S. healthcare system. This approach allowed the research to obtain data on the lived experiences of seven CIOs through semi-structured interviews who were identified as top experts by Becker Hospital Review publications. The analysis of their experiences revealed 13 best practices for mobile health implementation. The findings in this study aimed to identify how mHealth services could expand access to medical services by outlining key considerations and resources required for successful implementation

Security Strategies of Electronic Health Record Systems

Users of electronic health record (EHR) systems lack data security mechanisms and are at risk of patient data breaches. Grounded in routine activities theory, the purpose of this qualitative case study was to explore strategies information technology security managers in the health care industry use to minimize electronic health record data breaches. The participants were nine information security managers of large, medium, and small health care organizations in the Midwest United States. Data collection included semistructured interviews and organizational documents. Through methodological triangulation, three themes emerged: (a) requirements based on government and organizational regulations, (b) implementation of best practice industry-standard security measures, and (c) emerging interoperability with a security and privacy program. A key recommendation is for information security managers to understand the motivations and triggers of positive behavior change that minimizes organizations\u27 external and internal data breaches. The implications for positive social change include the potential to enhance the security presence and reputation of the health care organizations

How Registries Can Help Performance Measurement Improve Care

Suggests ways to better utilize databases of clinical information to evaluate care processes and outcomes and improve measurements of healthcare quality and costs, comparative clinical effectiveness research, and medical product safety surveillance