Security

Privacy and security of health information is a global concern. However, this chapter will focus on approaches to security in the United States. In particular, the federal regulation of security in the form of the Security Rule will be studied. The HIPAA Security Rule details the system and administrative requirements that a covered entity must meet in order to assure that health information is safe from people without authorization for its access. By contrast, the Privacy Rule describes the requirements that govern the circumstances under which protected health information must be used or disclosed with and without patient involvement and when a patient may have access to his or her protected health information. The implementation of reasonable and appropriate security measures supports compliance with the Privacy Rule.

Privacy

The contemporary concerns for privacy are not that an official will physically enter and search someone’s house or that the newspaper will take photographs of private events. Rather the concern is for the use of records, particularly in computers.

Providers

The official definition of a healthcare provider is broad. It encompasses institutional providers such as hospitals, nursing facilities, home health agencies, outpatient facilities, clinical laboratories, various licensed healthcare practitioners, and durable medical equipment suppliers. Any individual or organization that is paid to provide healthcare services is a healthcare provider.

Information Networks

The connection of components of the healthcare system is a major step in improvement of the healthcare system. Through networking, different entities can better coordinate their efforts. This chapter on information networks examines some of the human, organizational aspects of networking and begins with e-commerce networks, goes to supply chain management, and then goes to community and consumer networks. Consumerism is often touted as a way that patients can improve the efficacy of the healthcare system by becoming proactive. Some national governments are trying to improve healthcare by creating national information networks.

Provider-Payer Transactions

The key financial transactions in U.S. healthcare occur when the provider sends a claim to the payer and the payer adjudicates the claim. This chapter first explains the history of electronic data interchange (EDI) and then shows the powerful, costsaving impact that it can have on healthcare. One bottleneck to EDI in healthcare has been the lack of standardization. This problem was addressed with a law passed in 1996, with which the healthcare industry was still grappling a decade later. The standardization of these transactions will be explored in detail in this chapter. After that, a different aspect of provider-payer transactions is examined, namely, the temptation to cheat and the role of software in combating fraud.

Data and Knowledge

In the 1960s and early 1970s, the emphasis in hospital information systems was on operational control—active monitoring of routine task performance, with emphasis on doing highly structured tasks better, faster, and cheaper. This operational control has been extensively achieved with systems such as patient accounting and medical records. The next era of application, which followed in the late 1970s and early 1980s, shifted attention toward functional effectiveness in the form of management control (Tan, 2001). In practice, this is often accomplished by data aggregation, analysis, interpretation, and presentation (Bali, 2005). Since the 1980s, a major trend has been the development of knowledge-based systems to support clinical care.

Vendors

A vendor is any person or company that sells goods or services to someone else in the economic production chain. Parts manufacturers are vendors of parts to other manufacturers that assemble the parts into something sold to wholesalers or retailers. Retailers are vendors of products to consumers. In information technology, the term is applied to suppliers of goods and services to other companies. This chapter reviews attributes of IT vendors in healthcare. IT consultants who provide services to the healthcare industry are described and then the vendors of software and services.

Software Life Cycle

The traditional software life cycle defined in ISO 12207 (Rada & Moore, 1997) begins with requirements capture and ends with retirement. The system development life cycle remains largely unchanged over the years, though it calls increasingly for end-user involvement. The system development life cycle is basically the same in healthcare as in numerous other industries. However, what to expect in implementing the life cycle in a health environment is different from what to expect in other environments. The assessment of healthcare information systems requires subjective or qualitative methods as well as objective or quantitative methods (Heathfield et al., 1997):

Introduction

Healthcare is one of the greatest single cost items for citizens in many developed countries. Information is fundamental to healthcare. Yet information systems to support health are underdeveloped.

Diffusion

To diffuse is to spread widely. Anthropologically, diffusion occurs when practices or innovations spread within a community or from one community to another. Diffusing a healthcare information system requires overcoming many barriers. Under what conditions is a healthinformation system successfully adopted by its intended target audience? In this chapter the theoretical issues for diffusion are presented. Then a detailed case of preparing to implement one large system shows some preparation needed to diffuse a system.