Health Information Technology

Total Flash Cards » 89
Text Size: S | M | L
à Systems software * A series of programs that carry out basic computing functions − Manage user interface, files, and memory − − Allows development of applications without having to include basic computer instructions
The most important component of systems software is the operating system
operating system − responsible for managing all other programs that are subsequently used by the computer (Windows, Mac OS, Unix, and Linux)
− Can be proprietary or open source » Proprietary are purchased and the actual source code is not made available to purchasers. The most popular operating systems are proprietary (Windows, Mac OD) » Open source became viable when a Finnish grad student developed a variant of the Unix system that he called Linux. It is widely available on the internet
Interface engine is “a software program designed to simplify the creation and management of interfaces between application systems”
how? − Interfaces between applications became increasingly important as health care systems moved from best of breed to more integrated architectures » Users wanted their various applications to be able to talk to one another » They wanted to eliminate the need for entering patient demographic info multiple times into separate systems − They are actually a form of middleware (a class of software that works between, or in the middle, or applications and operating systems)
a. Data Management · Data must be stored and maintained so that they can be retrieved and used within the applications
Two older types of databases · are hierarchical and network and still may be used in some health care organizations as component of larger legacy systems
Relational Databases · is the type of database that is most commonly used today
Relational Databases à 1st developed in the 1970s à Implemented through a relational database management system (RDBMS) (Microsoft Access is an example of a RDBMS for desktop computing, Oracle, Sybase, and Microsoft SQL are examples of more robust RDBMS that are used to develop larger applications)
à 3 distinct components or layers * The interface is developed using software such as Visual Basic or Java (computer languages) * The data manipulation level has functions that are performed by a data manipulation language (DML). The DML is the software that allows the user to retrieve, query, update, and edit the data in the underlying tables * The table layer is created with a special type of software, a data definition language (DDL). The DDL creates the database table and the relationships among various tables. Each table can be thought of as a file with each row in a table being a record and each column being a field or piece of data
· Object Oriented Databases (OODB) à A newer database structure in which the basic component is an object rather than a table * An object includes both data and the relationships among data in a single conceptual structure
An Object Oriented Database Management System (OODBMS) uses classes and subclasses that inherit characteristics from one another in a hierarchical manner
Object Relational Database Management System (ORDBMS) à is a product that has relational database capabilities plus the ability to add and use objects * Advantage is that many of the newer health care applications use video and graphical data, which an ORDBMS can handle better than a RDBMS * Also has the capability of incorporating hypermedia (allows data to be connected in web formations, with hyperlinks) and spatial data technology (allows data to be stored and accessed according to locations)
· Data Dictionaries à Givers both users and developers a clear understanding of the data elements contained in the database à Confusion about data definitions can lead to poor quality data and even to poor decisions based on data misconceptions
à Typical data dictionary allows for the documentation of * Table names * All attribute and field names * A description or definition of each data element * The data type of the field (text, number, date, etc) * The format of each data element (DD-MM-YYYY, etc) * The size of each field (11 characters for SS# including dashes) * An appropriate range of values (integers 0000000 – 9999999 for medical record #) * Whether or not the field is required (primary key or linking key?) * Relationships among fields
· Clinical Data Repositories à Large database that gets data from various data stores within application systems across the organization à There is generally a process by which data are cleaned before they are moved from the source to the repository à Once the clean data is in the repository it can be used to produce reports that integrate data from two or more data stores
· Data Warehouses and Data Marts à Data warehouse is a type of large database that is designed to support decision making in an organization
· Data Mining à Refers to the sophisticated analysis tool that automatically discovers patterns among data in a data source à Advanced form of decision support à Does not require the user to pose individual specific questions to the database, it is used to extract patterns, trends, and rules
a. Networks and Data Communications · The term data communications refers to the transmission of electronic data within or among computers and other related devices · Devices that make up computer networks must be compatible, they must be able to communicate with one another
· Network Communication Protocols à Needed for communication among networked computers or devices
There are protocols and standards à there is a protocol for appliance plugs, but there is not a standard, UK and US differences)
need for standard network protocols has been evident since the first computer networks were built. Therefore the International Organization for Standardization developed the Open Standards Interconnection (OSI)
Open Standards Interconnection (OSI) * It is a model or scheme for describing network protocols that have been or will be developed and adopted by the industry * 7 layers (Application, Presentation, Session, Transport, Network, Data Link, Physical)
The most common network model adopted for creating software for network communications à has been the Internet model which employs Transmission Control Protocol/Internet Protocol (TCP/IP) * A layered model as well, but has fewer layers (Application, Transport, Network, Interface) * Represents an actual protocol specifications at each layer as opposed to being a model
à Other common network protocols * Ethernet - LANS * Asynchronous Transfer Mode (ATM) – fast transmission speeds * Bluetooth – wireless devices * IEEE 802.11 – popular for wireless computers
· Network Types and Configurations à A network is a collection of devices (sometimes called nodes) that are connected to one another for the purpose of transmitting data à A network operating system (NOS) is a special type of system software that controls the devices on a network and allows the devices to communicate with one another (Windows NT is an example)
* Local Area Network (LAN) − Confined to a specific geographic area and hardware and software are controlled by a single organization
* Wide Area Network (WAN) − A network that extends beyond that of a LAN
à Topology (layout) * Physical – how the wires are physically connected − Bus − Ring − Star » Wiring comes together in another device, hub * Logical – the way the data flows from node to node in the network − Bus » Ethernet employs this so it is the most common found in healthcare organizations » Consists of computers and devices operating along a single line » Allows each device on the network to communicate with any other device on the network without having to pass through interim devices or nodes » Called bus because like a commuter bus the data signals travel up and down a single line − Ring » IBM Token Ring is an example in which a token, special bit pattern, travels around in a circular fashion » To send a message a computer catches the token, attaches a message to it, and then lets it continue to travel around the network
Network Media * Media refers to the physical wires or other transmission devices used on the network − Data may be transmitted on a network through several types of media − Several common types of conducted media for LANs include twisted pair wire, coaxial cable, and fiber optic cable » Twisted Pair – comes in categories from 1 (slowest, telephone lines) to 7 (where 6 and 7 are still being developed, fastest, and 5 is typical LAN) » Coaxial Cable – cable used to transmit cable television signals » Fiber Optic Cable – thin glass fibers only a litter bigger than a human hair that are encased in insulation and plastic. Has the ability to transmit data over longer distances than the traditional twisted pair. More expensive to use − Common wireless media include terrestrial and satellite microwave transmissions as well as spread spectrum radio transmissions » Microwaves ¨ Type of radio wave with very short wave lengths ¨ Terrestrial transmission occurs between two microwave antennae and the antennae must be in sight of one another ¨ Satellite transmission sends microwave signals from an antenna on the ground to an orbiting satellite then back to another antenna on the ground » Spread Spectrum - Employs a long deliberately varied signal, resulting in greater bandwidth − Service Carriers » Communications across WANs require these » Telecommunications carriers provide telephone lines, satellites, modems, and other services that allow data to be transmitted across distances » Can be common carriers – long distance phone companies ¨ Can provide either a traditional switched line (plain old telephone service (POTS)) or a dedicated or leased line which offers a permanent connection between two locations ¨ Can also offer integrated services digital network (ISDN) which uses existing phone lines to transmit not only voice but also video and image data in digital form ¨ Purchased T1 line is another option for transmitting integrated voice, data, and images for large health care organizations » Or special purpose carriers
Bandwidth * Bandwidth is a measure of media capacity − The greater the capacity, or bandwidth, of the medium the greater the speed of transmission − Low bandwidth can impede transmission rates across the network − Transmission rates are expressed as bits per second (bps) − With some media a signal that must travel a long distance may have to be enhanced along the way in order to maintain the speed of transmission, devices that accomplish this are called repeaters
à Network Communication Devices * Hub—device in which data from the network comes together * Bridge—connects networks at the data link layer; networks with the same protocols * Router—operates at the network layer; help determine the destination of data, more sophisticated than bridges * Gateway—connects networks with different protocols; operates at or above the transport level * Switch—may be a gateway or a router; all switches route data to their destinations
a. Information Processing Distribution Schemes · Terminal to Host—dumb terminal interacts with host computer where the application and database reside on the host computer and the user interacts with the dumb terminal, which is a workstation with no processing power à Thin client is a variation of the terminal to host · File Server—application and database are on one computer; user’s computer gets data files from file server · Client/server—multiple servers with specialized functions; client runs application & server has data
Internet à The WWW is the means by which the vast majority of users interact with the internet, but the WWW and the internet are not the same à Began in 1969 as a government project to improve defense communications and it was called the Advanced Research Projects Agency Network (ARPANET) * The civilian branch of this became known as the internet and the government allowed businesses to have access to it in 1991 but many businesses were not interested until the WWW was created a few years later à The WWW is what brought multimedia and ease of use to the internet and its applications à Backbone of the internet today is owned and maintained by multiple organizations in many countries * Backbone is made up of many high speed networks linked together * These networks use multiple types of communication media, such as optical fiber, satellite, and microwave transmission (these components are the major highways of the internet) à Has no single point of control à Every computer or device that operates within the internet has a unique identifier known as an internet protocol (IP) number of address à Use of the internet changed dramatically when a British scientist invented the software protocol Hypertext Transfer Protocol (HTTP) which allowed full color graphics, tables, forms, video, and animation to be shared over the internet à The code used for displaying files on the WWW is called a markup language * Most common is HTML (hypertext markup language) which defines how pages look by using tags * New markup language is the extensible markup language (XML) which defines what data enclosed in the tags are à Uniform Resource Locator (URL) is used to get to a desired page using a web browser (Internet Explorer, Netscape, Mozilla) * There are plug ins that allow functions such as video watching and listening to audio à Other Internet Applications * Email * File Transfer * Internet Telephoning
· Intranets and Extranets à An intranet is a computer network that is internal to an organization and that uses internet technologies * Generally a secure network that is protected from outside users à An extranet is similar to an intranet except that the network of users includes business partners of the health care organizations, such as suppliers, customers, or other health care providers b. Clinical and Managerial Decision Support · Decision making is a three step process à Intelligence – collecting facts, beliefs, and ideas à Design – designing the methods with which to consider the data collected during intelligence. Methods may be models, formulas, algorithms, or other analytical tools. Methods are selected that will reduce the number of viable alternatives à Choice – making the most promising choice from the limited set of alternatives · Problems can be à structured * programmable, called this because a computer program can be written with relative ease to solve this kind of problem * transaction based systems can be used to solve à unstructured, or semi-structured * provide more of a challenge
· Decision Support Systems (DDS) à Computer systems designed to tackle the unstructured or semi-structured problems à An application that is designed for the purpose of supporting decisions à Three distinct components * Data management module which is the existing or built in transactional database or data warehouse, could also be a clinical data repository * Model management module which allows the user to select a model to be applied to the problem at handDialog module which is the user interface which allows the user to pose the problem to the system by selecting the data and the decision model to use on the data
Artificial Intelligence systems · including expert systems, natural language processing, fuzzy logic, and neural networks à A branch of computer science that is devoted to emulating the human mind * Example – Google (suggests alternative words when a word is misspelled) à Broad field with many different types of technologies * Expert Systems – use heuristics, or rules of thumb, that are collected from experts in the particular field for which the system was built * Natural Language Processing programs take human language (typed as text or input as voice) and translate it into standard computer instructions * Neural Networks may be used by sophisticated expert systems. They are software programs that mimic the way the human brain operates. Involve a very sophisticated level of programming * Fuzzy logic is based on rules that may have overlapping boundaries, and this logic is designed to help the expert system deal with ambiguity and uncertainty
a. Input Devices · Touch screens · Trackballs and track pads · Bar-coding · Document imaging · Speech recognition and voice recognition
a. Output Devices · Monitors – flat screen · Printers – non impact · Speech output
a. External Storage Devices · DVDs · Flash drives
a. Mobile personal computing devices · PDAs · Smart phones · Laptops · Tablet PCs
a. Challenges associating with adopting new technologies · Privacy and security · Cost · Constantly changing technology · User acceptance
a. Formal Organizations responsible for formal standards development · International Organization for Standardization (ISO) à Members are national standards bodies from many countries around the world à ANSI is the US national body member à Oversees the flow of documentation and international approval of standards developed by its member bodies · American National Standards Institute (ANSI) à US member of ISO à Accredits SDOs from a wide range of industries (including health care) à Oversees work of SDOs, technical committees, subcommittees, and working groups à Does NOT develop standards itself but accredits the organizations that develop standards à Publishes the 10,000+ standards developed by SDOs · Standards Development Organizations (SDOs) à Must be accredited by ANSI à Develops standards in accordance with ANSI criteria à Can use the label “Approved American National Standard” à 270+ ANSI-accredited SDOs representing many industries, including health care * ASTM International * Health Level 7 * ANSI Accredited Standards Committee (ASC) X12
a. Classification, Vocabulary, and Terminology Standards · To date there is no single vocabulary system that has emerged à Common coding and classification systems (ICD-9-CM, CPT) are used to classify diagnoses and procedures and are the basis for information retrieval in health care information systems · The National Committee on Vital and Health Statistics (NCVHS) has the responsibility under a HIPAA mandate to recommend uniform data standards for patient medical record information (PMRI) · Although no single vocabulary has been recognized by the NCVHS as the standard, there is a core set of PMRI terminology standards
à Systemized Nomenclature of Medicine – Clinical Terms (SNOMED CT) * A comprehensive clinical terminology developed specifically to facilitate the electronic storage and retrieval of detailed clinical information * The core terminology provides a common language that enables a consistent way of capturing, sharing, and aggregating health data across specialties and sites or care
à Logical Observation Identifiers Names and Codes (LOINC) * Was developed to facilitate the electronic transmission of laboratory results to hospitals, physicians, third party payers, and other users of laboratory data
à Unified Medical Language System (UMLS) * The National Library of Medicine (NLM) began the UMLS project in 1986 and it is ongoing today * The purpose of the project is to aid in the development of systems that help health professionals and researches retrieve and integrate electronic biomedical information from a variety of sources and make it easy for users to link disparate information systems
à RXNorm * An ongoing project of the UMLS * Purpose is to define a nonproprietary drug vocabulary that represents drugs at the level of granularity needed to support clinical practice
a. Data Interchange Standards · The ability to exchange and integrate data among health care applications is critical to the success of any overall health information system
· Health Level Seven Standards (HL7) à Is an ANSI accredited standards organization that was founded as an ad hoc group in 1987 à Was founded with a purpose of developing messaging standards to support the exchange, management, and integration of data that support clinical patient care à Grown from a small group of 14 people to a large organization with nearly 2000 health care provider, vendor, and consultant members à The name HL7 refers to the highest level in the OSI network reference model and the HL7 set of messaging protocols are designed to deal with the network problems that occur at this level * The data to be exchanged * The timing of the exchange * The communication of errors between applications à HL7 is also involved in other standards but the messaging standard is referred to as the HL7 * Clinical Context Management (CCM) specifications * Arden Syntax for Medical Logic Systems * Electronic Health Record functional model (discussed later)
· Digital Imaging and Communication in Medicine (DICOM) à American College of Radiology and the National Electrical Manufacturers Association published the first standard in 1985 à Promotes communication of digital image information regardless of device manufacturer à Works with picture archiving and communications systems (PACS) à Allows for the creation of diagnostic information data bases that can be interrogated by a wide variety of devices distributed geographically
· National Council on Prescription Drug Programs (NCPDP) à The mission is to create and promote data interchange standards for the pharmacy services sector of the health care industry and to provide information and resources that educate the industry and support the diverse needs of its members
· ANSI Accredited Standards Committee (ASC) X12N Standards à Develops standards in both X12 and XML formats, for the electronic exchange of business information à The X 12 N subcommittee has been specifically designed to deal with electronic data interchange (EDI) standards in the insurance industry
a. Health Record Content Standards · HL7 HER Functional Model à Second draft was adopted in 2004 à Is an application neutral model that focuses on defining the contents of an EHR à The model is divided into three components, direct care (case management, clinical decision support, operations management and communication), supportive (clinical support, measurement, analysis, research, reporting, and administrative and financial), and information infrastructure (EHR security, EHR information and records management, unique identity, registry, and directory services, support for health informatics and terminology standards, interoperability, manage business rules, workflow)
· Continuity of Care Record Standard (CCR) à Is being developed under the auspices of the ASTM Healthcare Informatics subcommittee with participation from HIMSS, etc à Intended to provide the core data set of the most relevant and timely facts about a patient’s health care à Will be prepared by the provider at the end of a health care encounter in order to provide a summary of the patient’s health status that can be used by any other providers that the patient subsequently sees
1. Distinguish between the four major methods by which standards are developed and give an example of each—ad hoc, de facto, government mandate, and consensus. a. Ad Hoc · Standards are established by the ad hoc method when a group of interested people or organization agrees on a certain specification without any formal adoption process. · The Digital Imaging and Communications in Medicine (DICOM) standard for health care imaging came about this way.
a. De Facto · A de facto standard arises when a vendor or other commercial enterprise controls such a large segment of the market that its product becomes the recognizable norm. · SQL and Windows operating systems are examples of the de facto standards.
a. Government Mandate · Standards are also established when the government mandates that the health care industry adopt them. · Examples are the transaction and code sets mandated by the Health Insurance Portability and Accountability Act (HIPAA) regulations.
a. Consensus · Consensus based standards come about when volunteers from various interested groups come together to reach a formal agreement of specifications. The process is generally open and involves considering comment and feedback from the industry · This method is employed by the American National Standards Institute (ANSI) accredited standards development organizations (SDOs) · Most health care information standards are developed by this method, including Health Level 7(HL7) standards and Accredited Standards Committee (ASC) X12N standards
1. Discuss the importance of a system security plan a. Information is an asset b. Critical to daily operations of the organization c. Loss of data has the potential to negatively impact operations, efficiency, and patient care d. It is important to protect confidential information e. You want to have continuous secure access · Want to define system availability · Identify mission critical applications/systems · Evaluate IS architecture à Data center environment à Server/host computers à Storage and backup à Interfaces à System access à Desktop management à Applications · Identify weaknesses or areas of greatest risk · Identify and implement solutions to address them
a. HIPAA Security Standards · Became law in 2003 · Closely related to HIPAA privacy regulations · Security regulations cover only electronic protected health information (ePHI) · Covered entities (CE) include— à Health plans à Health care clearinghouse à Health care providers who transmit protected health information in electronic form. Includes every type of health care organization imaginable.
à Administrative safeguards * Security management functions: Requires the CE to prevent, detect, and correct security violations. − Risk Analysis Assessment. − Risk Management, reduce vulnerabilities. − Sanction Policy, sanctions against workforce members who don’t comply to policies. − Info System Activity review, a system to regularly review records for activity * Assign Security Responsibility: Ensures that an individual is responsible for security policies. * Work Force Security: Ensures that all work force employees have appropriate access to ePHI − Authorization and Supervision, a system ensuring all access is appropriate. − Workforce clearance procedure, a process to determine what access in appropriate. − Termination Procedure. Stopping access when a person no longer is authorized. * Info Access Management: The procedures and access points authorizing the correct people to the needed ePHI. * Security awareness and training: requires awareness and training programs for all members of its workforce. Security reminders, address protection, log-in monitoring etc. * Security incident reporting: requires policies for reporting incidents. * Contingency plan: − Data Back-up − Disaster recovery − Emergency mode operation plan − Testing and revision procedures − Applications and data criticality analysis * Evaluation: required to perform evaluations on technical and nontechnical operations * Business associate contracts and other arrangements: a standard that outlines how and what ePHI is exchanged between associates.
à Physical safeguards * Facility access controls: Have procedures to limit access to electronic info systems and the facility in which they are housed. − Contingency operations: have a process for allowing facility access to support the restoration of lost data in a disaster. − Facility security plan process to safeguard the facility from tampering and theft. − Access control and validation access based on user’s role and functions − Maintenance records process to document repairs etc. * Workstation use: have a classification of work stations that have a predetermined amount of ePHI access available to them. * Workstation Security: have physical safeguards for all workstations that have access to ePHI. * Device and Media controls: procedures for the movement of hardware containing ePHI. − disposal − re-use − accountability − data back up
à Technical safeguards * Access control, having electronic systems that only allows access to ePHI to persons with privileges. − Unique use identification, assign a name or number for a person’s identity. − Emergency access procedure: procedure to allow access in and emergency − Automatic logoff, a system that logs off after a period of time. − Encryption and decryption a way to code and decode ePHI if needed. * Audit controls: a way to monitor activity in systems with ePHI * Integrity: protect ePHI from improper alteration or destruction * Person or entity authentication, a procedure to verify if a person has access to ePHI * Transmission security, a procedure to protect form improper transmission of data − Integrity controls make sure transfused date is not improperly modified − Encryption ePHI should be encrypted whenever appropriate.
· HIPAA Security Rule has two types of regulations à Required OR * Specification must be implemented by Covered Entity to be in compliance with standards à Addressable * May implement the specification as stated OR * Implement an alternative security measure or show that standard is not reasonable and appropriate—and the standard can still be met
a. Examples of breaches in information security · Hacker, theft—someone intentionally breaking into system · Lost/missing computer, PDA—recent incidents with VA data · Acquiring computer virus that spreads or infects · Sharing passwords or failing to change them routinely · System downtime—corrupt file or faulty equipment · Power outages
a. Major Threats to IT Security · Human threats—can result from intentional and unintentional tampering · Natural and environmental threats · Technology malfunctions
1. Describe the roles, responsibilities and major functions of the IS organization/department. a. The IT department is becoming increasingly important b. The IT department has several responsibilities · Ensuring that an IT plan and strategy have been developed for the organization and that the plan and strategy are kept current as the organization evolves · Working with the organization to acquire or develop and implement needed new applications · Providing day to day support of users: for example, fixing broken personal computers, responding to questions about application use, training new users, and applying vendor-supplied upgrades to existing applications · Managing the IT infrastructure: for example, performing backups of databases, installing network connections for new organizational locations, printing weekly paychecks and securing the infrastructure from virus attacks · Examining the role and relevance of emerging information technology
a. To fulfill their responsibilities all IT departments have 4 core functions · Operations and Technical Support à Manages the IT infrastructure (the servers, networks, operating systems, database management systems, and workstations) à Installs new technology, applies upgrades, troubleshoots and repairs the infrastructure, performs “housekeeping” tasks such as backups and responds to user problems à Several subgroups * Data Center Management – manages the equipment in the organization’s computer room * Network Engineers – manage the organizations network technologies * Server engineers – oversee the installation of new servers and perform such tasks as managing server space utilization * Database managers – add new databases, support database query tools, and respond to database problems such as file corruptions * Security – ensure that virus protection software is current, physical access to the computer room is constrained, disaster recovery plans are current, and processes are in place to manage application and system passwords * Help desk – provide support to users who call in with problems such as broken office equipment, trouble with operating an application, a forgotten password, or uncertainty about how to perform a specific task on the computer * Deployments – install new work stations and printers, move workstations when groups move to new buildings * Training – train organizational staff on new applications and office software · Applications Management à Manages the process of acquiring new application systems, developing new application systems, implementing these systems, providing ongoing enhancement of applications, troubleshooting application problems, and working with application suppliers to resolve these problems à Several subgroups * Groups may be established that focus on major classes of applications * Large organizations may have groups dedicated to specific * Organizations that perform a significant amount of internal development may have an applications development group * May have groups that focus on specific types of internal development · Specialized Groups à HC organizations may develop groups that have a very specialized functions, depending on the type of organization or the organizations approach to IT * Academic medical centers may have a group that supports the needs of the research community * Organizations that engage in a specific degree of process reengineering during application implementation may have a process redesign group * Decision support groups are sometimes created to help users and management perform analyses and create reports from corporate databases à In addition the CIO is often responsible for managing the organizations telecommunications function. Depending on the structure and skill and interests of the CIO one usually finds the following functions reporting to the CIO * Health information management or medical records department * The function that handles the organizations overall strategic plan development * The marketing department · IT Administration à Depending on the size of the IT department one may find groups that focus on supporting IT administrative activities and these groups may perform tasks such as * Overseeing the development of the IT strategic plan * Developing and monitoring the IT budget * Providing human resource support for the IT staff * Providing support for the management of IT projects * Managing the space occupied by an IT department or group
1. Discuss the role and responsibilities of the chief information officer (CIO) and chief medical informatics officer (CMIO). a. CIO · Not only manages the IT department but is also seen as the executive who can successfully lead the organization in its efforts to apply IT to advance its strategies · The CIO can à Be a major contributor to the organizations strategy development, and apply business thinking and strategy formation skills that extend beyond his or her IT responsibilities à Help the organization understand the potential of IT to make real and significant contributions to the organizations plans, activities, and operations à Be a leader, motivator, recruiter, and retainer of superior IT talent à Ensure that the IT infrastructure is robust, effective, efficient, and sustained à Ensure that the IT organization runs effectively and efficiently · The value added CIO has integrity, is goal directed, is experienced in IT and is a good consultant and communicator · Those organizations that have a good CIO tend to describe IT as critical to the organization, find that IT thinking is embedded in business thinking, note that IT initiatives are well focused, and speak highly of IT performance b. CMIO · Relatively new position · Emerged as a result of the growing interest in adopting clinical information systems and the need for physician leadership in this area · Usually a physician, and this role can be filled through a part time commitment by a member of the organizations medical staff · Responsibilities might include à Leading the implementation of an EMR system for a HC organization à Engaging physicians and other HC professionals in the development and use of the EMR system à Leading the clinical informatics steering committee or other designated group that serves as the central governance forum for establishing the organizations clinical IT priorities à Keeping a pulse on national efforts to develop HER systems, and assuming a leadership role in areas where the national effort and the organizations agenda are synergistic à Being highly responsive to user needs, such as training, to ensure widespread use and acceptance or clinical systems
  1. Discuss the major issues facing CIOs today.
    1. Ensure information systems acquired and implemented are aligned with strategic goals of health care organization goals of health care organization
i. Well accepted and widely used ii. Adequately maintained and secured pg. 285
    1. Involved in organizing IT staff and resources
i. Organized by function and geography ii. Organized by function and process
    1. Involved in developing organizations strategic plan
i. Know how and where IT functions can improve and create new approaches to strategic plans ii. Summarize and critique IT agenda
  1. Discuss the importance of strategic information systems planning.
  • The development of the application agenda
    • Constitutes an inventory of desired applications or major improvements to existing applications
    • Application – the systems that users interact with
    • Focuses on sourcing, application uniformity, and application acquisition
  • Initiatives designed to improve the IT asset
    • IT asset – composed of those IT resources that the organization has or can obtain and that are applied to further the goals, plans, and initiatives of the organization
    • IT assets include application, infrastructure, data, staff and department, and governance
    • Initiatives can be designed to add major capabilities to the asset such as the ability to access the organization’s applications around the globe
  • Concepts that govern the approach to a class of initiatives and applications.
    • Governing concepts – define how an organization “thinks about” or “views” many different things.
    • Ex – Does the organization want to be on the cutting edge of IT, or would It prefer to be more conservative, and why?
  1. Describe the importance of strategic alignment between an IT plan and the organization’s overall strategy plan.
· if you define the IT agenda incorrectly or even partially correctly, you run the risk that significant organizational resources will be misdirected; the resources will not be put to furthering strategically important areas. The risk has nothing to do with how well you execute the IT direction you choose. · Being on time, on budget, and on specification is of little value to the organization if it is doing the wrong thing. (pg 314) · With this alignment the leadership will be able to see IT investments needed to advance each of the organization’s strategies
  1. Describe the role of the CIO and senior leadership in strategic information systems planning, IT budgeting, and IT governance.
The role of the CIO in strategic information systems planning: · develops an assessment of the IT effects of the different strategic options · Identifies areas where IT can enable new approaches to strategy o Other members of the leadership team will perform this role. For example, the CFO will frequently identify IT problems and help implement plans to improve a process · summarizes and critique the IT agenda that should be put in place to carry out the various aspects of the strategy · discusses new technologies and their possible contributions to the goals and plans of the organization. For example, the CIO could suggest the formation of a task force to closely examine a prospective piece of technology. · Synthesizes, or summarizes, the conclusions of these discussions. This is important for developing the annual budget and for documenting the progress of the strategic plan. The role of the CIO in IT budgeting · Budget for major IT services at organization · Make call on affordability of new systems The role of the CIO in IT governance · holds the fundamental accountability for the performance of the organization · receives a periodic update from the CIO about the status of the IT agenda and other issues regarding IT · appoints a committee of board members who are IT professionals · composed of the processes, reporting relationships, roles, and committees that an organization develops to make decisions about IT resources and activities and to manage the execution of those decisions.
  1. Define IT governance and explain its importance.
    1. IT governance is composed of the processes, reporting relationships, roles, and committees that an organization develops to make decisions about IT resources and activities and to manage the execution of those decisions. These decisions involve such issues as setting priorities, determining budgets, defining project management approaches, and problems.
    2. A well-developed IT governance has several characteristics. They are perceived as objective and fair, they are efficient and timely, they make authority clear, and they can change as the organization, it’s environment and its understanding of technology changes.
    3. IT governance is important to determine priorities and responsibilities, defining IT roles, and defining policies and procedures.
  1. Evaluate different IT governance structures.
  1. Budget/Funding
    1. Design and Implement IT Investment Program
    2. Reengineer IT Budget and Funding Process
    3. Design/Implement Automated Integrated Budgeting System
  2. Procurement
    1. Develop Comprehensive Electronic Commerce System
    2. Design/Pilot Innovative Procurement Methods
    3. Reengineer IT Purchasing and Contracting Processes
    4. Automate Purchasing and Contracting Processes
  3. Personnel
    1. Conduct Training Needs Analysis
    2. Create and Implement a Training Organization
    3. Develop Training Curriculum
    4. Implement Training Tracking System
    5. Assess Needs for New IT Classification System
    6. Conduct and Monitor IT Classification Pilot
  4. Policy
    1. Assess and Align Current IT Policies
  5. Standards
    1. Identify/Implement Needed Telecom Network Upgrades
    2. Inventory and Develop Technical Standards
    3. Develop Other Enterprise-wide Standards
  6. Planning
    1. Establish Strategic Partnerships
    2. Develop Strategic Planning Methodology
    3. Organize Affinity and Advisory Groups
    4. Develop and Implement Communications Plan
    5. Develop Business Planning Guidelines
  7. Performance Achievement
    1. Define Baseline Measures and Enterprise Level
    2. Design/Implement Performance Achievement System
    3. Develop/Implement Standardized Project Management System
    4. Assess Ongoing Effectiveness of IS Departments
    5. Develop/Implement Management Leadership Program
CIO Assure policy and standards direction aligns with IT Strategic Intents · Develop and communicate a standard project management system, including cost/benefit analysis and performance achievement criteria · Advise OB - Budget on agency IT budget requests · Promulgate and/or develop policies and standards and monitor results · Develop and administer IT Investment Program · Assume lead role in pilot initiatives for IT classification and technical training · Develop and implement enterprise-wide performance achievement process.
Leadership Group (Comprised of agency or external members appointed by the CIO) · Identify, communicate and assist in the implementation of key changes and initiatives - as defined by Deputy Secretary, Office for Information Technology, to the entire IT organization · Identify opportunities for Affinity Group initiatives · Advise on IT through the Deputy Secretary, Office for Information Technology· Help to establish policy and standards direction for IT and remove barriers for Affinity Groups and agencies.
Advisory Groups (Comprised of internal or external customers, intermediate stakeholders and technical members appointed by the CIO at all levels: agency, affinity and enterprise-wide) Provide input on the development of agency business and IT plans · Provide input on an as-needed basis to ensure the performance achievement process reflects customer service orientation · Assist in identifying and developing policies and standards · Provide business and IT planning guidance.
Affinity Groups (Comprised of agency members organized in concert with the CIO) Facilitate integration of agency IT plans to maximize cross-agency IT opportunities and IT investments · Communicate innovative technology solutions to Leadership Group and CIO for possible enterprise-wide opportunities · Provide suggestions for improvements to planning and performance achievement processes.
OB-Budget Approve agency IT budget plans under normal budget cycle · Seek consultation from CIO or Affinity Group on agency IT plans · Assist in reengineering budget/funding process, and designing/implementing automated integrated budgeting system.
OB-Comptroller Provide support in designing and implementing performance achievement system; developing EC system and reengineering IT purchasing and contracting system.
OA-Personnel · Provide support to CIO in conducting training needs analysis; developing training curriculum; designing and implementing training organization; implementing training tracking system; and conducting and monitoring IT classification pilot.
DGS (Procurement) Provide support for developing comprehensive EC system; reengineering and automating IT purchasing and contracting system.
Strategic Partners · Assist in redesigning IT budget and procurement processes · Assist by providing services through new funding or procurement approaches (e.g., value-added proposition and common purpose procurement systems).
Other Key elements of a good IT Governance Structure: A. Strong Vendor Management B. Allocation of Resources C. Continuous Feedback D. Ongoing project adjustment
A. Collaboration with other organizations · Board Responsibility for IT o Board deals with IT issues thru meeting updates on issues or by creating an IT committee of the Board. · Senior Leadership forum o Guides the development of the IT agenda, finalizes IT budget, develops major IT centric policies, and addresses and IT issues. o Includes subcommittees designated by the forum, that have specific roles and responsibilities · Initiative-and Project Specific Committees and roles o Managing according to specific project o May include developing specific committees as needed · IT Liaison Relationship o All major functions of an org should have an IT liaison o Responsible for § Developing effective working relationships with leadership of each function § Ensuring IT issues and needs are understood and communicated to IT department and exec committee § Working with function leadership to ensure IT representation on task forces and committees § Ensuring orgs IT strats, plans, policy, proc. Are discussed w/ function leadership o Provides effective communication between functions and IT
· CIO and other IT staff o Executive that manages IT Dept. and initiatives (CIO) o Chief Technology officer, Chief Security Officer, and Chief Medical Informatics Officer are other senior leaders that work under CIO. o Other IT staff are: § System Analyst § Programmer § Database Admin. § Network Admin. § Telecommunications Specialist