d ependable s ystem f or q uality c are dixie b. baker
TRANSCRIPT
DEPENDABLE SYSTEM FOR
QUALITY CARE
Dixie B. Baker
OBJECTIVES To explain the relationship between
dependability and health care quality and
safety.
To identify and explain five guidelines for
dependability systems.
To present an informal assessment of the
healthcare industry with respect to those
guidelines.
INTRODUCTION The healthcare industry is undergoing a
dramatic transformation from today’s inefficient, costly, manually intensive, crisis-driven model of care delivery to a more efficient, consumer-centric, science-based model that proactively focuses on health management.
This transformation is driven by several factors:
The skyrocketing cost of healthcare delivery The exposure of patient-safety problems And an aging ‘’baby boom’’ population that
recognizes the potential for information technology (IT) to dramatically reduce the cost and improve the quality of care.
The Electronic Health Record (EHR) will form the foundation for pervasive, personalized, and scientific-based care.
Other key application are: Clinical information system (CIS) with
integrated Outcomes-based decision support Clinical knowledge bases Computerized physical order entry (CPOE) Electronic prescribing Consumer knowledge bases and decision
support And supply chain automation
The technologies that enable the transformation are largely state of the art and include enterprise application integration (EAI);
Wireless communication hand-held and tablet computers Continues speech recognition Integration Interpretation Electronic sensor technology Radio frequency identification (RFID) tagging And robotics The functional capabilities of these
application and technologies can provide are indeed impressive and can vastly improve quality of healthcare delivery
The International Council of Nurses (ICN) Code of Ethics for Nurses affirms that the nurse “holds in confidence personal information” and “insures that use of technology is compatible with the safety, dignity, and rights of people” (ICN, 2000)
As IT assumes a greater role in healthcare decision-making and in the provision of care, the nurse increasingly must rely on IT to help protect the patients personal information and safety.
Thus, ethical obligations drive requirements for: System reliability Availability Confidentiality Data integrity Responsiveness Safety attributes collectively referred to as
dependability
DEPENDABILITY Is a measure of the extent to which a system
can justifiability be relied on the deliver the services expected from it.
Dependability comprises six attributes:
1. System reliability: the system consistently behaves in the same way.2. Service availability: required services are present and usable when they are needed.3. Confidentiality: sensitive information is disclosed only to those authorized to see it.
4. Data integrity: data are not corrupted or
destroyed.
5. Responsiveness: the system responds to
users improve within an expected and
acceptable time period.
6. Safety: the system does not cause harm.
GUIDELINES FOR DEPENDABILITY SYSTEM All computer system are vulnerable to both human-
created threat, such as malicious code attack, and
software bugs, and natural threats, such as
hardware aging and earthquakes.
Removing all system vulnerable is not practical
particularly given complex, heterogeneous
environments where software and hardware
changes are a part of routine operations
A more practical approach to attaining
dependability is to build tolerant system.
TOLERANT SYSTEM Is a system that anticipate problems; that
detect faults, software glitches and
intrusions; and that take action so that
services can continue and data are protected
from corruption, destruction, and authorized
disclosure.
FIVE FUNDAMENTALS
THAT CAN HELP INCREASE
THE DEPENDABILITY OF
HEALTHCARE SYSTEM
GUIDELINE 1: ARCHITECT FOR DEPENDABILITY
Physical and logical networks that support the
enterprise and provide the “pipes” that carry data
from system to system.
One or more computers are connected to this
network, and the software foundation of each
computer is an operating system that is responsible
for managing all of the resources in the computer
system.
Distributed architecture can tolerate failures more
easily than large, centralized system.
GUIDELINE 2: ANTICIPATE FAILURES As computers are getting faster systems are
getting more and more complex, and design flaws are becoming an increasingly catastrophic problem.
The infrastructure level features that transparent to software application should be implemented to detect faults, to fail over to redundant components when faults are detected, and recover from failures before they become catastrophic.
Security features to detect, disable, and recover from malicious attacks, while preserving system stability and security, should be implemented.
GUIDELINE 3: ANTICIPATE SUCCESS
The system planning process should anticipate
business-success and the consequential need for
larger networks, more systems, new applications,
and additional integration.
Modeling of use-case scenarios that anticipate
hospital and clinic mergers, acquisitions, and a
growing patient/consumers base will enable the
system designer to visualize the data flows,
system loading, and network impact resulting
from business growth and success.
GUIDELINE 4: HIRE METICULOUS MANAGERS
Good system administrators meticulous
monitor and manage system network
performance, using out of band tools that do
not themselves affect performance.
They take emergency and disaster planning
very seriously; develop, maintain; and
judiciously exercise plans and procedures for
managing emergencies and recovering from
disasters.
GUIDELINE 5: DON’T BE ADVENTUROUS
Cute Chutes a small start-up company has
announced the availability of a new
parachute unit that promises to revolutionize
the sport of sky diving.
for dependability, one should use only
proven methods, tools, technologies, and
products that have been production, under
conditions, and at a scale similar to the
intended environment.
ASSESSING THE HEALTHCARE INDUSTRY
Healthcare clearly has a need for dependable
system both now and after transformation, as
the industry becomes increasingly dependent
on IT in the delivery of patient care
HEALTHCARE ARCHITECTURES The Health Insurance Portability and
Accountability Act (HIPAA) security
regulation prescribes administrative, physical,
and technical safeguards for protecting the
confidentiality and integrity o health
information and the availability to critical
system services.
HPAA requirement for emergency access that
is the ability to override security in an
emergency situation is unique to healthcare
HPAA security requirement for “information
system activity review” is an important
safeguard to counterbalance the necessity of
authorizing many people access to patient’s
records.
HPAA security standard is a tremendous
contribution toward achieving dependable
system in healthcare ,the current standards
lacks fundamental system assurance
requirements that are so important to system
dependability.
Eight required administrative safeguards
represent important operational practices
that clearly will contribute system
dependability:
1.Security management, including security
analysis and risk management.
2.Assigned security responsibility.
3.Information access management, including
the isolation of clearinghouse functions from
other clinical functions.
4.Security awareness and training
5.) Security incident procedures, including
response and reporting.
6.) Contingency planning, including data
backup planning, disaster recovery planning,
and planning for emergency mode
operations.
7.) Evaluation.
8.) Business associate contracts that looks in
the obligations of business partners in
protecting health information to which they
may have access.
Five specified physical safeguards also contribute to system dependability to requiring that facilities, work stations, devices, and media be protected.
1. Access control, including unique user identification and an emergency access procedure
2. Audit controls3. Data integrity protection4. Person or entity authentication5. Transmission security
ANTICIPATING FAILURES Medical applications that hosted on PC’s and
personal data assistants (PDAs) have a higher
likelihood of failure than application hosted on server
machines that are physically protected, managed by
trained system administrators, and continuously
monitored.
Computers are increasingly being used in safety
critical clinical applications, and without careful and
appropriate attention to software safety, we can
reasonably expect that failures will contribute to the
loss of human life.
ANTICIPATING SUCCESS Healthcare organizations definitely expect their
software applications, computer systems, and networks to work.
Providers assume their systems will work as well as any other medical equipment despite the fact that many of the software applications they use are running on the same kind of PC’s that have failed them at home.
Healthcare organizations do not foresee tat their business success may increase their need for processing power and network capability.
IT MANAGEMENT Organizations have hired IT managers who
appreciate the important role of IT in a healthcare environment and who recognize the need for dependable systems that can anticipate and recover from failures.
IT managers who recognize the strong relationship between system dependability and the quality and safety of patient care implement fault-tolerant systems with strong security protection, middleware to manage workload, and tools to continuously monitor the health and performance of their applications, system and network.
ADVENTUROUS TECHNOLOGIES IN HEALTHCARE
The fifth and final guideline “don’t be adventurous” is the most difficult to assess for healthcare.
On the one hand, healthcare givers typically are not early adopters, but on the other hand, they seem to catch their collective fancy.
Healthcare clinicians, including nurses, historically and typically are very resistant to change, largely because they are taught to be circumspect in considering new approaches, treatment protocols, and drug regimens.
Before adopting new idea, they investigate it,
they talk about it among their colleagues,
they watch someone else to try it, and then
perhaps, they may try it themselves.
Wireless networking and handheld computers
can serve as a good example for
technologies that are not yet nature enough
for safety-critical applications.
yet, wireless information system are one of
the most frequently used technologies in
healthcare