Wk 5 - Medical Datax
Download
Report
Transcript Wk 5 - Medical Datax
MEDICAL DATA, PROCESSING,
E-PRESCRIBING AND PACS
Week 4 – Part 1
FIRST, AN ANNOUNCEMENT
Remainder of week 5 assigned as a reading week!
Use this time wisely!!
Assignment 2A.
ALL classes will run in week 6 etc.
OVERVIEW
What is medical data?
How is data processed?
What are Picture Archiving and Communication Systems
What is ePrescribing?
What about security?
MEDICAL DATA (1)
Gathering medical data (or simply data) and
interpreting their meaning is central to providing
healthcare to patients.
Medical data are crucial to information
processing and decision making.
Computers are used for information processing in
three ways:
1.
2.
3.
Observation (measuring and data entry)
Diagnosis
(data processing / analysis)
Therapy
(output generation)
MEDICAL DATA (2)
Data provides the basis for categorising the
symptoms that a patient presents or for
identifying subgroups within a population of
patients.
It also helps clinicians to decide what additional
information is needed / what tests need to be
performed to gain better understanding of the
patient’s problem or to treat most effectively the
problem that has been diagnosed.
MEDICAL DATA ()
Data is anything which can be observed from a
patient or generated based on previously
collected or derived data.
Temperature, ECG, red blood cell count, age, gender,
past history of disease, family history etc.
Medical data typical includes:
Details of the patient in question
The parameter being observed
The value(s) of the parameter
The time of the observation (if appropriate)
TYPES OF MEDICAL DATA (1)
Narrative data:
Discrete Numerical Values
Many data in medicine take on these values.
Temperature, pulse rate, lab test results.
Analog data
Description of symptoms, family history etc.
Typically gathered from focused questions asked by the practitioner.
Some data is in the form of continuous signals.
Perhaps the best known example is the ECG.
Typically graphical tracing is included with written interpretation of
its meaning.
Visual data (images)
Either acquired by machine or sketched by clinicians.
Radiological images is an obvious example.
DATA RECORDING TECHNIQUES
It should be clear from these examples that the idea
of data is inextricably bound to the idea of data
recording.
Data recording techniques range from:
Hand-written text
Commonly recognised shorthand
Hand drawn sketches
Machine generated tracings of analog signals
Photographic images.
This range of data-recording conventions presents
significant challenges to the person implementing
computer-based medical-record systems.
WHO COLLECTS MEDICAL DATA?
Clinician staff – doctors and nurses
Office / Admin Staff
Lab personnel
Radiologists
Pharmacists
ICT devices – ICU monitors.
MEDICAL DATA USES
Build up an historical record
Identify future health risks
Identify deviations from expected trends
Provide a legal record
Support training and development
INFORMATION PROCESSING
We can only talk about information processing if
a human is involved.
Computers cannot process information.
Computer can only process DATA.
Only a human being is able to interpret the data so
that they become information.
As we previously discussed, computers in
medicine exist to serve and complement human
beings (clinicians) but not replace them.
ONLINE MEDICAL DATA
Source: http://www.scientificamerican.com/article.cfm?id=future-of-medical-data
PICTURE ARCHIVING AND
COMMUNICATION SYSTEMS (PACS)
PACS are computers, commonly servers, dedicated to
the storage, retrieval, distribution and presentation of
images.
Two main uses
Hard copy replacement:
PACS enables images such as x-rays and scans to be stored
electronically and viewed on screens, creating a near
filmless process and improved diagnosis methods.
Remote access:
Doctors and other health professionals can access and
compare images at the touch of a button.
PACS (2)
PACS allow image:
viewing at diagnostic, reporting, consultation,
and remote computer workstations,
archiving of picture, typically to a central server
(image repository).
communication using local / wide-area
networks, public communication services, and
gateways to healthcare facility and departmental
information systems.
PACS (3)
Images are stored in an independent format.
DICOM (Digital Imaging and Communications in
Medicine) standard.
PACS can handle images from:
Ultrasound
Magnetic Resonance Imaging
Computed Tomography
Digital X-ray
PACS COMPONENTS
Image sources
Suitable Network
Powerful and robust central
computer to process
information
Client viewers available in at
the office, home, or patient
bedside
PACS ADVANTAGES
Replaces standard film – space saver!
Allow remote viewing and reporting – teleradiology
Digital images have a zoom feature
Computer Aided Detection (CAD)
Automatic classification
Able to ‘draw’ over scans
PACS 3D RECONSTRUCTION / SIMULATION
CONTENT BASED IMAGE RETRIEVAL SYSTEMS
PACS DRAWBACKS
Cost of initial setup – server purchase, digital
radiology equipment.
Bandwidth limits
Some clinicians complain that images can take 1520mins to load!
Black and white computer monitors not as bright
as traditional x-ray view boxes.
Potential loss of detail.
PACS SUMMARY
PACS systems are regarded as one of the more
well received technologies.
There appears to be less concern about
implementation and training.
Organisations worry about the initial setup fees.
Nevertheless, PACS are expected to become
widespread, similar to WiFi, in the coming years.
PACS IN NORTHERN IRELAND
Source:
http://www.prohealthservicezone.com/Customisation/News/Diagnostics_Equipment_Monitoring_and_Test/Radiology_I
INTRODUCTION TO ELECTRONIC PRESCRIBING
ePrescribing is defined as:
the use of electronic systems to facilitate and enhance
the communication of a prescription or medicine
order,
aiding the choice, administration and supply of a
medicine through knowledge and decision support
and providing a robust audit trail for the entire
medicines use process. (NHS Connecting for Health,
2007)
http://www.connectingforhealth.nhs.uk/systemsandservices/eprescribing/baselinefunctspec.pdf
EPRESCRIBING
Aims to replace paper-based prescriptions scripts
to facilitate the development and delivery of
systems to improve patient safety by reducing
prescribing and administration errors.
It will allow medications and other prescribed
therapies to be managed electronically at every
stage, from prescribing to supply and
administration.
THE NEED FOR ELECTRONIC PRESCRIBING
•
•
The medications we use have increased in number and complexity.
This demands more knowledge and understanding from clinical staff
This also leads to greater concern over the risk of errors and the harm
they cause
Medication errors are indeed identified as a major preventable source
of harm in healthcare.
Errors do occur, UK studies show that:
o Prescribing errors occur in 1.5-9.2% of medication orders written
for hospital inpatients
o Dispensing errors are identified in 0.02% of dispensed items
o Medication administration errors occur in 3.0-8.0% of nonintravenous doses and about 50% of all intravenous doses
The use of ePrescribing can help reduce such errors
THE PAPER BASED SYSTEM
It’s estimated that approximately 7,000 US citizens die each year due
to medication prescription errors!
1 in 20 hospital admissions within the UK are thought to be
medications error related.
PROBLEMS WITH THE PRESENT SYSTEM (1)
Fraud
Data integrity
Estimated that prescription fraud costs the NHS of the order of £70 –
100 million / year.
Approx. 40% of all US / UK prescriptions require clarification with 5%
requiring a phone call to the doctor.
Administrative Workload
In 2001, the UK Prescription Processing Agency (PPA) handled 578
million prescriptions.
Each script has to be processed before payment can be dispensed to the
pharmacy.
Patient Exemptions and Identification
At present within the NHS system, emphasis for checking for identity
and exemptions rests with the Pharmacist.
Helps those seeking fraudulent benefits.
Source: http://kar.kent.ac.uk/13770/1/SystemMundy.pdf
PROBLEMS WITH THE PRESENT SYSTEM (2)
Efficiency
Script processing system is reasonably efficient between the
prescriber (e.g. GP) and the dispenser (pharmacy).
It is waiting for payment through the PPA that takes time.
In order to be accepted by all stakeholders, one of the main
objectives must be to ensure a lack of degradation of the
efficiency of present working practices.
60% of Pharmacists believe e-prescribing would lead to timesavings
within the dispensation process.
55% believe will lead to shorter waiting times for prescriptions.
Such high expectations place additional demands on the
implementation of EPP (Electronic Prescription Processing).
One area where benefits may accrue from e-precribing could be
improvements in the handling of repeat prescriptions.
Source: http://kar.kent.ac.uk/13770/1/SystemMundy.pdf
WHAT WILL E-PRESCRIBING PROVIDE?
Computerised entry and management of prescriptions.
Knowledge support, with immediate access to medicines information.
Decision support, aiding the choice of medicines and other therapies,
with alerts for drug interactions.
Computerised links between hospital wards / departments and
pharmacies.
Ultimately, links to other elements of patients' individual care
records.
NPfIT (Week 6)
Improvements in existing work processes.
A robust audit trail for the entire medicines use process.
SIMPLISTIC SYSTEM OVERVIEW
REALISTIC SYSTEM OVERVIEW
o Doctor =
Computerised
Physcian Order
Entry (CPOE)
o PAS = Patient
administration
system
o EMR =
Electronic
medical records
BENEFITS OF E-PRESCRIBING
A reduction in the risk of medication errors as a
result of several factors, including:
More legible prescriptions.
Reduced ‘paper’ work
Alerts for contra-indications (risks involved with using a
particular drug), allergic reactions and drug interactions.
Guidance for inexperienced prescribers.
Process improvements as a result of:
Improved communication between different departments
and care settings.
Reduction in paperwork-related problems, e.g. fewer lost or
illegible prescriptions.
Clearer, and more complete, audit trails of medication
administration.
Improved guidance and management and appropriate
reminders within care pathways.
POTENTIAL RISKS OF E-PRESCRIBING
Changing from paper to a computer based system is hard
Most people struggle at first, and tasks take longer
Some people are fearful that their computer skills are not
sufficient
Systematic errors may be programmed in, e.g. terminating
a course of antibiotics without warning
Assumption that ‘the computer must be right’, e.g.
unthinking use of default doses
Errors using drug selection drop-down lists
Reduction in face-to-face communications within the care
team
EXAMPLE OF ADMINISTRATION SCREEN
o Legible
o Two day context
o Clear record of
activity
o Able to review
allergies
E-PRESCRIBING SUMMARY
Implementing ePrescribing is a challenge, a
major project and a substantial change in the
way care is delivered
But it is achievable, and others have achieved it
and gained many benefits
Once it is in use most health care professionals
would not want to go back to paper
36
SECURITY AND
CONFIDENTIALITY
Week 4 – Part 2
INTRODUCTION
Many of the topics discussed thus far have
highlighted the benefits of:
databases for storing vast arrays of medical data and
computer networks for sharing this information
between medical staff and different institutions.
Associated with these obvious benefits are a
number of potential ‘risks’ in relation to the
security of medical data.
37
DEFINITION OF SECURE
Free from fear, care, danger, doubt, etc.
Not worried, troubled
Firm, stable
Safe; in safekeeping
Reliable, dependable
(Source: Collins Concise English Dictionary)
38
DEFINITION OF CONFIDENTIAL
Told in confidence (the belief that another will
keep a secret)
Entrusted with private or secret matters
Derived:
Latin con (with) fides (trust)
39
WHY ARE THEY IMPORTANT?
Not all information is public
The best secret is one you tell to no one
Desirable qualities of information:
confidentiality
available to those who are authorised to use it
unavailable to those who are not
integrity
safe against unauthorised modification
40
WHY IS MEDICAL INFORMATION SENSITIVE?
Personal
Can highlight a weakness or lack of
One of a number of types of information deemed
"sensitive personal data" by the Data Protection
Act…
41
SENSITIVE PERSONAL DATA (DPA 1998)
the racial or ethnic origin of the data subject
political opinions
religious beliefs or other beliefs of a similar nature
whether they are a member of a trade union (within the
meaning of the Trade Union and Labour Relations
(Consolidation) Act 1992)
physical or mental health or condition
sexual orientation
the commission or alleged commission by them of any
offence, or
any proceedings for any offence committed or alleged to
have been committed by them, the disposal of such
proceedings or the sentence of any court in such
proceedings
42
SENSITIVE MEDICAL CONDITIONS
AIDS/HIV
Can Impact on…
personal relationships
job
ability to get obtain
insurance
Other STDs
Abortion
Fertility/embryology
Mental health
problems
43
HORROR STORIES
Person
told results of tests by their neighbour
Inappropriate
committees
calls to family practitioner
Hospital
Episode Statistics contain date of
birth and postcode
NHS
Tracing Service
first database to contain up-to-date information on
the whereabouts of every man, woman and child in
england.
44
KEY QUESTIONS
Are these…
ethical?
legal?
Have patients given their consent?
45
CALDICOTT REPORT (1)
Report on the review of
patient-identifiable
information:
Review commissioned by Chief
Medical Officer of England
Chaired by Dame Fiona
Caldicott
Reported December 1997
Continually amended.
46
CALDICOTT REPORT (2)
Looked at all patient-identifiable information
transferred between NHS and non-NHS bodies
86 flows of patient-identifiable information were
mapped relating to planning, operation and
monitoring purposes
6 principles which should be applied to
information flow were made
Read the article of webCT.
Caldicott Principles.
Principle 1 – Justify the purpose(s) for using
confidential information
Principle 2 – Only use it when absolutely necessary
Principle 3 – Use the minimum that is required
Principle 4 – Access should be on a strict need-toknow basis
Principle 5 – Everyone must understand his or her
responsibilities
Principle 6 – Understand and comply with the law
48
CALDICOTT RECOMMENDATIONS
Reinforce awareness of confidentiality issues
Appoint "Caldicott guardians"
NHS number (ID) should replace other identifiers
Establish protocols for authorising access
Design systems that avoid patient-identifiable
data being transmitted
49
PATIENT IDENTIFIABLE INFORMATION
patient’s name, address, full post code, date of
birth;
pictures, photographs, videos, audio-tapes or other
images of patients;
NHS number and local patient identifiable codes;
anything else that may be used to identify a patient
directly or indirectly.
E.g. Rare diseases, drug treatments or statistical
analyses which have very small numbers within a small
population may allow individuals to be identified.
50
PSEUDONYMISATION
Use a patient number which only the responsible
organisation can link to the patient's name
However, many people are still identifiable from
their condition (or combination of conditions), or
other factors
The NHS number is in very widespread use
51
ANONYMISATION
Restrict:
age data to year of birth
address to postcode sector
This is enough to identify age cohorts and
deprivation index, but not enough to identify
individuals
52
CONSENT
Explicit or Express Consent
This means articulated (spoken) patient agreement.
The terms are interchangeable and relate to a
clear and voluntary indication of preference or choice,
usually given orally or in writing
and freely given in circumstances where the available
options and the consequences have been made clear.
53
EXCEPTIONS THAT ALLOW DISCLOSURE
Public interest
prevention or detection of serious crime
prevent abuse or serious harm to others
"notifiable diseases"
Legally required to disclose
court orders and inquiries
54
BASICS OF SECURITY SYSTEMS
What you know
What you hold
Password-controlled systems
Key-based systems
Who you are
Biometric systems
55
PROBLEMS OF SECURITY SYSTEMS
Endemic problems:
high turnover of staff
temporary (agency) staff
mobile staff
logging in/out is inconvenient
Results in:
sharing passwords
leaving systems logged in
56
BREACHES: CAUSES AND EFFECTS
57
CRYPTOGRAPHIC SERVICES
Principle security services for electronic
transactions:
Confidentiality – to keep information private
Integrity – to prove that information has not been
manipulated
Authentication – to prove the identity of an individual
or application
Non-repudiation – to ensure that information cannot be
disowned
58
TYPES OF CRYPTOGRAPHY
Symmetric
Asymmetric
Key pairs - different
keys for encryption
and decryption
Relatively slow
One key can be public
if the other is kept
private
Can provide digital
signatures
59
Same key encrypts
and decrypts
Relatively fast
PUBLIC KEY INFRASTRUCTURE (PKI)
As well as keys, need:
products to generate, store and manage keys
certification of keys (how do you know a public key
belongs to the person you think it does?)
certification authority(ies)
60
PKI OVERVIEW
Certificate Signing
Request
Certificate Authority
Certificate Authorities
Private Key
Digital Certificate
Developer’s Identity
Information
Developer’s Public Key
Information
Message Digest Value
Generate
Digital
Signature
Name of Certificate
Authority
Certificate Authorities
Digital Signature
Digital Certificate
Certificate Authorities
Public Key
Developer’s Identity
Information
Developer’s Public Key
Information
Name of Certificate
Authority
Certificate Authorities
Digital Signature
Message Digest Value
Validate by comparison of
MD Values
Certificate Authorities
Digital Signature
Trusted
Certificate List
TYPES OF INFORMATION
Digital Patient health records
Digital administrative information
Digital X-rays, photographs, slides and imaging
reports
Digital media – tapes, CD-roms, DVDs, USB
memory sticks.
Email, sms and other message types.
62
SECURITY INCIDENTS
Risk to the integrity of computer systems or data
Risk to availability of computer systems
Adverse impact, such as:
Legal obligation of penalty
Financial loss
Disruption of activities
Examples of possible breaches will include:
Virus infections
Spyware / malware
Hacking
Copying of unauthorised or unlicensed software
Inappropriate use of the internet or email.
63
SECURITY WITHIN THE NHS (1)
Strict and robust safeguards have been put in place to
protect the security and confidentiality of every patient's
health care record.
The use of 'smart cards' with a Personal Identification
Number (PIN).
Only authorised users will receive these, for example, a
consultant will see more detail than a receptionist who
will only see the information needed to process an
appointment, not the full clinical record (role-based
access).
NHS Care Records will only be accessible in an
identifiable form to authorised health care professionals
who have a justifiable clinical or legal reason to see the
information.
anonymised format for research allowed.
64
SECURITY WITHIN THE NHS (2)
There will be a log kept of those who use the NHS
Care Records Service to access a care record, showing
who they are and what they added or changed.
The patient can ask to see this information
Systems will not hold any clinical information or
sensitive data items such as ethnicity or religion.
Patients cannot routinely request that their data is
not stored on the Personal Demographic Service
(PDS) as it is necessary for some information to be
held about everyone who is a patient of the NHS.
65
SECURITY WITHIN THE NHS (3)
In particular, contact details must be held to:
satisfy
legal requirements for registers of which patients are
under the care of each GP Practice.
ensure
that each individual presenting for care is ordinarily
resident in this country and therefore eligible for free care.
ensure
that information about one patient does not become
confused with that of another patient.
contact
patients when they need to attend check-ups etc.
There
are cases where access to a patient's demographics
record must be limited, for example for an adoption.
66
SUMMARY
As IT infrastructure continues to be embedded
within healthcare security will continue to be at
the forefront of system design and management.
The best policy for managing security is to ensure
that strict guidelines are issued and adhered to
by clinical staff.
This, however, will require a large change in the
current workflow of clinicians and clinical
support staff.
67