Privacy and Health Information Technology

The increased use of health information technology (health IT) is a common element of nearly every health reform proposal because it has the potential to decrease costs, improve health outcomes, coordinate care, and improve public health. However, it raises concerns about security and privacy of medical information. This paper examines some of the “gaps” in privacy protections that arise out of the current federal health privacy standard, the Health Insurance Portability and Accountability (HIPAA) Privacy Rule, the main federal law which governs the use and disclosure of health information. Additionally, it puts forth a range of possible solutions, accompanied by arguments for and against each. The solutions provide some options for strengthening the current legal framework of privacy protections in order to build public trust in health IT and facilitate its use for health reform. The American Recovery and Reinvestment Act (ARRA) enacted in February 2009 includes a number of changes to HIPAA and its regulations, and those changes are clearly noted among the list of solutions (and ARRA is indicated in the Executive Summary and paper where the Act has a relevant provision)

Authorization schema for electronic health-care records: for Uganda

This thesis discusses how to design an authorization schema focused on ensuring each patient's data privacy within a hospital information system

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

Improving the Lives of Young Children: Opportunities for Care Coordination and Case Management for Children Receiving Services for Developmental Delay

Summarizes new opportunities for states to develop a coordinated system of care for children receiving early childhood intervention and services and how providers can support effective care coordination and case management policies

Security Risk Management in Healthcare: A Case Study

We investigated the effectiveness of a security risk management (SRM) program at a large healthcare institution. Using a survey, we explored how nine critical success factors (CSFs): executive management support (EMS), organizational maturity (OM), open communication (OC), risk management stakeholders (RMS), team member empowerment (TME), holistic view for an organization (HVO), security maintenance (SM), corporate security strategy (CSS), and human resource development (HRD) impacted SRM effectiveness. Implementing a mixed research method, we found that employees had a positive perception of SRM toward all CSFs but one―team member empowerment (TME). Both medical professionals and staff had a negative perception of how TME was implemented at the institution

Arizona Health Information Exchange

abstract: Arizona strives to be the national role model for the secure, interoperable health information exchange to facilitate safe, secure, high quality and cost effective health care. The purpose of the Health Information Exchange in Arizona is to improve the quality, safety and efficiency of wellness in the Arizona population by securely connecting patients and health care providers so that relevant and understandable information is available anytime, anywhere

The Design of a System for Online Psychosocial Care: Balancing Privacy and Accountability in Sensitive Online Healthcare Environments

The design of sensitive online healthcare systems must balance the requirements of privacy and accountability for the good of individuals, organizations, and society. Via a design science research approach, we build and evaluate a sophisticated software system for the online provision of psychosocial healthcare to distributed and vulnerable populations. Multidisciplinary research capabilities are embedded within the system to investigate the effectiveness of online treatment protocols. Throughout the development cycles of the system, we build an emergent design theory of scrutiny that applies a multi-layer protocol to support governance of privacy and accountability in sensitive online applications. The design goal is to balance stakeholder privacy protections with the need to provide for accountable interventions in critical and well-defined care situations. The research implications for the development and governance of online applications in numerous privacy-sensitive application areas are explore

Introduction of new medicines in Sweden

Payers and providers face challenges in enabling appropriate and sustainable access to new medicines. To help enable rational use of new medicines various policy options exist. In Sweden, horizon scanning, forecasting, value-based pricing and reimbursement, treatment recommendations, and assessment of drug utilization patterns and patient outcomes in routine clinical practice have been used to facilitate rational introduction of new medicines. Such activities, however, should be informed by research and be subject to continuous evaluation. This thesis aims to examine selected elements of the process for managed introduction of new medicines. Study I provides an evaluation of the Swedish Horizon Scanning System. Study II assesses the impact of treatment recommendations on the use of new medicines in the specialized care setting. Finally, studies III and IV explore the utility of healthcare databases in the assessment of real-world use and outcomes of two specialist medicines prioritized for managed introduction. Different types of data were used in these studies, including public assessment reports published by the European Medicines Agency, early assessment reports prepared by the Swedish Horizon Scanning System, national sales data on all inpatient and outpatient medicines, regional administrative healthcare services data, and national registers of Statistics Sweden and the National Board of Health and Welfare. The evaluation of the Swedish Horizon Scanning System demonstrates that all innovative medicines that had substantial economic impact were identified and assessed prior to their introduction. The assessment of the impact of treatment recommendations shows that both local and regional treatment recommendations were associated with changes in the use of new medicines. Both regional and national healthcare databases provide the opportunity to study the use and outcomes of new medicines in routine clinical practice. The findings indicate that healthcare decision makers can rely on the outputs of the Swedish Horizon Scanning System to keep informed of new medicines. Moreover, treatment recommendations appear to influence the uptake and utilization of new specialist medicines. Finally, even though the existing Swedish data sources provide unique research opportunities, the assessment of appropriate use and relevant outcomes of the growing number of new specialist medicines may still be impeded by a lack of fit-for-purpose data

Optimizing Electronic Medication Prior Authorization: Reducing Prescription Delays

Background: Within the United States, chronic disease in children has doubled over the last 20 years. Many diseases defined as chronic (attention deficit, epilepsy, and diabetes) require daily medication regimens for optimal management. To be covered by insurance, many of these medications require prior authorization (PA) from the patients’ pharmacy benefits policy. Delays in processing and receiving PA orders can lead to worsening disease and inadequate disease management. In 2014, a pediatric academic medical center in the Midwest found that processing medications from prescription order to PA approval took nurses an average of over 90 hours. In August 2020, the organization implemented an electronic prior authorization (ePA) system that interfaced with the organization’s electronic health record (EHR). The primary goals of this implementation were to reduce medication PA turnaround times and to increase employee engagement with the ePA system. The goals of this quality improvement (QI) project are to optimize the existing ePA system with the medication PA process to reduce average medication PA turnaround times and to increase the approval rates for medication PAs by five percent. Project Design: Three interventions support the outputs of this QI project. Increase the availability of the ePA system by changing the patient and pharmacy benefits insurance matching interface logic. Reduce the number of medications falsely requiring PA by removing them from the ePA system. Increase PA processing efficiency by improving the workflow for attaching documents required for PA approval. To accomplish and measure these interventions, data reports and surveys were developed to establish baselines and to measure ePA turnaround times, PA approval rates, and user satisfaction both pre- and post-intervention. User satisfaction was measured utilizing a secure online survey emailed to ambulatory division nurses. Results: The median medication ePA turnaround pre- and post-interventions was unchanged at 36 hours. The ePA approval percentage dropped from 55.7% in June 2021 to 46.9% in August 2021. The primary QI project outcomes of reducing turnaround time and increasing the approval rate by 5% were not met. A user involvement survey was sent to 194 nurses with a response rate of 29% pre intervention and 8% post intervention. Overall user satisfaction was measured using a net promotor score which registered scores of –70 pre- and –82 post-intervention, revealing overall dissatisfaction with the ePA system. The use of an alternative ePA system outside the organization’s EHR was discovered after the QI project data was reviewed and showed that roughly 45% of ePAs were completed using this alternative system during the QI project timeframe. Recommendations: User involvement surveys measure user engagement with electronic systems and measuring user satisfaction is beneficial to providing direction for interventions as well as predicting future utilization of healthcare informatics projects. Conclusion: Though most of the goals for this QI project outcome were not met, use of the alternative ePA system confirmed the Technology Acceptance Model that users prefer the electronic system that they perceive as being the most useful. Nurses using ePA will use the system that best addresses their own user experiences regarding content, accuracy, format, timeliness, ease of use, and overall satisfaction