Upload
alex1234
View
215
Download
0
Embed Size (px)
Citation preview
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
1/28
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
2/28
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
3/28
1
Introduction:
e-Health and information governance
e-health
Around the world, health careproviders and public healthorganizations are makingunprecedented investments ine-health. The aim: to improve patientand public health outcomes byimproving the accessibility and qualityof health care services, while drivingdown costs.
To achieve these strategic imperatives,organizations are implementing a
range of e-health solutions, including:
Health care management systems,which use reporting, analytics andprocess optimization solutions toimprove the performance of back-office, business and clinical processes
Patient-centric e-health solutions,which empower patients to managetheir health more effectively
Telemedicine systems, which support
the remote delivery of health careservices
Electronic prescribing systems,
which enable clinicians to create andtransmit electronic prescriptions todispensing organizations
Health information systems, whichstore and provide clinicians withaccess to information related topatients health, diagnosis and careprovisions
Integrated e-health solutions
Standalone e-health systems deliver
clinical and administrative benefitsbut do not enable organizations torealize the full potential of e-health.To deliver the greatest possiblevalue in terms of cost reduction andimproved health outcomes, disparatehealth care management systems,telemedicine solutions and healthinformation platforms must be ableto securely and effectively share data.Doing so requires health networksthat connect public health agencies,provider organizations, hospitals,clinics, diagnostic laboratories, healthservice commissioners and individualclinicians.
To achieve this level of integration,
some organizations have investedheavily in integrated healthinformation solutions. Thesesolutions are becoming increasinglycommon and are known by variousmonikers: Patient Care Records (PCR),Computer-based Medical Records(CMR), Electronic Patient Records(EPR), Summary Care Records (SCR),Electronic Medical Records (EMR) orElectronic Health Records (EHR).
Accenture has identified three core
types of integrated health informationsystem:
Intra-enterprise EMR
These solutions enable clinical andadministrative systems within a publicor private health care provider toshare patient-identifiable informationin support of clinical processes. Adefining characteristic of this solutiontype is that data is not electronicallyshared outside organizational
boundaries.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
4/28
2
Inter-enterprise EMR
These solutions enable multiple healthcare enterprises to share patient-identifiable clinical and administrativeinformation in support of clinicalprocesses. Examples include HealthInformation Exchanges (HIE) andRegional Health Information Networks
(RHIN). A defining characteristic of aninter-enterprise EMR is that limiteddata is electronically shared outsideorganizational boundaries.
Full EHR
These solutions contain all relevanthealth information for an individualincluding clinical, administrative,claims, wellness, demographic andtreatment data, from diverse providers,public health organizations and
payers (where relevant). A definingcharacteristic of a full EHR is thatall data is routinely shared outsideorganizational boundariesincluding,in some cases, with organizations notparticipating in the EHR.
For the purposes of this paper, we useEHR as an umbrella term referringto all types of integrated healthinformation systems.
The benefits of EHR
As health systems around the worldgrapple with burgeoning costs,increasing demand and growingpatient expectations for high-quality,personalized care, organizationsare turning to EHR to improve thequality and accessibility of health careservices, while also reducing the cost.EHR deliver these benefits by:
Providing clinicians with electronicaccess to comprehensive medical
records that include clinical data frommultiple providers and episodes ofcare. This access enables personalizedtreatment plans, supports evidence-based clinical decision making, reducesthe risk of medical and prescriptionerrors, supports seamless care acrosscare settings and reduces the costof sharing medical records amongproviders.
Connecting health care providersthrough health networks. Suchintegration improves the accessibilityof specialist care by enablingclinical data and images to be sentelectronically to specialists anddiagnostic laboratories for assessment.This enhances care quality by
encouraging provider-to-providerconsultations to support diagnosisand clinical decision making. Healthnetworks also reduce the cost ofcare because fewer providers requirededicated diagnostic laboratories andspecialists.
Enabling decision makers andresearchers to access large amountsof patient non-identifiable clinicaldata. Information discovery or data
mining solutions and clinical andbusiness analytics platforms canuse this information to generateinsight to drive improvements inprocess efficiency, care quality andcare management. Anonymizedor pseudonymized EHR data canalso improve the efficiency andeffectiveness of clinical research(for example, if used in clinicaltrials). Moreover, EHR data can beused for epidemiological analysisand biosurveillance, thereby helping
improve the effectiveness of diseasemanagement, public health campaignsand preventative health strategies.
The case for information
governance
While the importance and benefitsof sharing health information arewidely recognized, organizations havestruggled to implement effectiveEHR solutions. Complex technical,
organizational, regulatory andcultural challenges have increasedimplementation risks and led torelatively high solution failure rates.
Ultimately, many of these challengesare related to information governance.
Information governancetheprocesses, functions, standardsand technologies that enable highquality information to be created,stored, communicated, valued andused effectively and securely insupport of an organizations strategicgoalsis the key to ensuring effective
and secure e-Health. e-Healthpractitioners must be aware ofcritical information governancechallenges when planning, designingand implementing systems. Suchawareness is crucial to maximizingthe clinical and administrativevalue of EHR and reducingimplementation and delivery risk.
By embracing the breadth ofinformation governance, e-health
practitioners can develop effectivepolicies, processes and toolsthat support the enterprise-wideadoption of common informationprinciples. This consolidatedapproach to information governanceenables health care organizationsto effectively manage, maintainand control patient information insupport of robust patient care.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
5/28
3
Interoperability
Achieving interoperability without openor common national or internationalstandards is proving to be a majorchallenge. Increasingly, organizationsare focusing on standards development,standards-driven architectures, translationor terminology services, and certificationservices to achieve partial interoperability.Full semantic interoperability remainsuncommon.
Data integrity
Maintaining the meaning, structure and
other characteristics of clinical data whenit is stored, modified, processed andcommunicated between systems is a majorchallenge, particularly in highly distributedenvironments.
Access control
Controlling access to clinical data andenabling patients and providers todetermine who can access data areimportant technical challenges. Legaland regulatory restrictions on access toclinical data mean that EHR require robustaccess control solutions and permissioningregimes.
Security
Preventing unauthorized access to clinicaldata, ensuring the availability of servicesand maintaining network integrityare particularly difficult in distributedmultisystem environments.
Data handling
Health regulators, watchdogs and self-implemented best practices requireproviders to implement stringentdata handling policies. In many cases,compliance requires organizations toinvest in mandatory data handling training,
establish enterprise-wide data risk andmonitoring functions, and develop andenforce certified data handling policies.
Data quality
Ensuring that data in an EHR is accurate,meaningful and internally consistent isextremely important. Poor quality dataaffects patient safety, limits the clinical andadministrative value of EHR and underminesprocess and care quality improvementsbased on clinical analytics. Ensuring dataquality is a major challenge in complexmultisystem environmentsparticularlywhen subsystems use noninteroperablestandards and clinical terminologies.
Consent
Developing and implementing effectiveconsent models to meet patients andclinicians expectations have proveddifficult. Patients and regulators reasonablyexpect consent models to focus onprotecting data privacy and confidentialityby restricting the use and disseminationof information. Such restrictions can limitthe clinical value of EHR; clinicians maybe unable to access medical informationrelevant to diagnosis or treatment. Findingand articulating the consent basis fordata sharing is critically important to EHRsuccess.
Compliance
Although legal and regulatory requirementsvary across countries, compliance withprivacy, confidentiality, data security, dataloss, data protection, data handling andaudit regulations remains an importantissue for all health care organizations.Organizations must manage informationrisks effectively in accordance withtheir legal and regulatory obligations.Addressing compliance requires acoordinated approach across organizations.
Enabling IT organizations to collaborateeffectively with legal departments,clinicians and administrators to design andimplement systems and processes thatensure compliance is a common issue forhealthcare organizations.
Critical Information Governance Challenges
Information governance defined
Information governance encompasses
the processes, functions, standards and
technologies that enable high quality
information to be created, stored,
communicated, valued and used effectively
and securely in support of an organizations
strategic goals.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
6/28
4
The Accenture Information Governance
Framework for Health
To address these critical
challenges, high-performance health care
organizations are developing
information governance
functions as part of their
overall IT governance
framework.
The key to successful information
governance is building aneffective information governancearchitecturea layer of processes,functions, policies and solutionsthat ensure the effective and securecreation, storage, communication,valuation and use of information.Effective information governancearchitectures integrate disparateinformation, security, accesscontrol and content managementarchitectures and include legal,clinical, administrative and IT workstreams.
The Accenture Information GovernanceFramework for Health providesa holistic model of informationgovernancehelping practitionersassess and overcome key challenges bydesigning more effective informationgovernance architectures. Developedby Accenture professionals anddrawing on what we have learnedthrough e-health implementations
around the world, the frameworkdisaggregates information governanceinto five highly interrelated disciplines:
Data privacy
Data confidentiality
Data security
Data quality
Data integrity
Each discipline has multiple solutioncomponentsthat is, the mostimportant processes, functions andtechnologies within an information
governance architecture that enableorganizations to overcome the criticalchallenges they face.
Using the Accenture InformationGovernance Framework we areworking with organizations to developspecific tools tailored to their needs.These toolkits consist of directcontrols, risk assessment frameworksand other components to makeinformation governance a tangible partof their organization. These toolkits
enable organizations to focus onproviding patient care while enablingcompliance with patient, regulatoryand legislative requirements.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
7/28
5
Information GovernanceDisciplines
Information Governance SolutionComponents
Data PrivacyPatient consent models and mechanisms
Patient-provider relationship-based access controls
Patient access controls
Effective data security and data handling policies
Data Confidentiality Role-based access control models
Patient and provider record sealing
Identification and authentication
Anonymization and pseudonymization
Data Security Message integrity and communications security
Event audit and alerting
IT security audit
Network integrity
Data Quality Error correction
Data validation
System and interface certification
Standards driven architecture
Data Integrity Code integrity
System hardening
Interoperability governance
Standards-driven architecture and standards management
Figure 1: Information Governance
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
8/28
6
Data privacyFor regulators, watchdogs, legislativebodies, patients, patient advocatesand the public, data privacythat is,ensuring patients medical data can beaccessed only with their consentisthe most important issue associatedwith e-health and EHR. Failure toconvince these stakeholders thatdata in e-health systems is privateincreases implementation, complianceand reputational risk. To ensuredata privacy, effective informationgovernance architectures must includefour components:
Patient consent models and
mechanisms
High-level frameworks that outline
how and in what circumstancesorganizations will seek patientconsent for their medical data to bestored, disseminated, accessed andused. Patient consent mechanismsare authorization or permissioningregimes that are part of EHR accesscontrol models. These mechanismsallow patients to specify which partsof their medical records they do notwish particular user groups to have fullaccess to.
Patient-provider relationship-based
access controls
Solutions that restrict access to aspecified patients medical data basedon an existing relationship betweenthe patient and the clinician or careprovider requesting access to thatpatients data.
Patient access controls
Solutions that provide patientswith secure access to their medical
data. Access control solutions havethree key elements: registration,authentication and authorization.
Effective data security and data
handling policies
Policies that minimize informationsecurity risk and prevent unauthorizedaccess to information by placingpatient interest at the center ofinformation governance policy andby encouraging desirable behaviorsamong users.
Data confidentialityEnsuring the confidentiality of datain e-health systems by preventingunauthorized access to and improperuse of information is an importantpart of information governance.The goal: to minimize informationsecurity risks (such as data loss andunauthorized or inappropriate use anddissemination of information), therebyreducing compliance and reputationalrisks and protecting data privacy.Ensuring that data in e-health systemsis confidential requires a range ofsecurity solutions that monitor, restrictand prevent unauthorized accessto information. Moreover, solutionsshould be able to obscure patientsidentity when data from their medical
record is used for purposes other thandelivery of care. To help ensure dataconfidentiality, effective informationgovernance architectures must includefour components:
Role-based access control models
Access levels, permissioning andauthorization regimes, and accesscontrols that are based on complexreal-world job functions (roles) andpatient-provider relationships.
Patient and provider record sealing
Solutions that enable patients andproviders to restrict or prevent accessto information compartments inmedical records.
Identification and authentication
These solutions enable the robustauthentication of health careprofessionals to health care systems,as well as the linking of real-worldidentity to system identity, to ensure
that only authorized users can accesspatient data.
Anonymization and pseudonymization
Solutions that obscure patients'identities by modifying patient-identifiable clinical data whilemaintaining data quality. Thus, thedata can be used for secondarypurposes without compromisingconfidentiality.
Data securityData privacy, confidentiality, qualityand integrity depend on the abilityof e-health systems to maintain datasecurity. Moreover, the security ofclinical data is a major compliancechallenge for organizations aslegislative and regulatory bodiescontinue to develop increasinglystringent guidelines and certificationprocesses. Ensuring the security ofdata in e-health systems requireshealth care enterprises to developsecurity architectures that proactivelymanage security risks, effectivelyidentify and prioritize threats, andrapidly address vulnerabilities. Tohelp ensure data security, effectiveinformation governance architectures
must have four components:
Message integrity and
communications security
Solutions that maintain the integrityof data transferred between systemsin messages and prevent unauthorizedaccess to and/or modification ofmessages.
Event audit and alerting
Functionality that enables systemsto monitor, log and report security-
relevant events.
IT security audit
Manual and automatic processes thattest and evaluate the effectivenessof solutions information securitymeasures.
Network integrity
Solutions that enable networks tomaintain expected functionality,performance and service availability
despite unexpected events, such assecurity threats and spikes in demand.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
9/28
7
Data qualityHigh-quality data is meaningful,accurate and internally consistent;it can be used for its intendedpurpose. Poor-quality clinical datain e-health systems affects patientsafety, quality of care and useradoption. It also increases complianceand implementation risks. However,ensuring data quality is a majorchallengeparticularly in complex,multisystem environments in whichsubsystems do not share commontechnical, data, communicationor terminology standards. The keyto ensuring data quality in theseenvironments is to develop solutionswith intelligent data handlingfunctionality and to implement
standardized interfaces and datamodels that enable subsystems toshare information more effectively.With that in mind, effectiveinformation governance architecturesmust include four components:
Error correction
Manual and automatic processesthat detect and correct errors ininformation efficiently and effectively.
Data validation
Validation rules that verify that dataconforms to a set of specificationsregarding format, quality, integrity,accuracy and structure.
System and interface certification
Roles, processes and solutions thatverify that systems and interfacesconform to specifications defined byregulators and Standards DevelopmentOrganizations (SDOs).
Standards-driven architectureSystem architectures that leverageopen standards for the recording andcoding of data, thereby promotinga high level of data quality throughsimilar data processing across multiplecomponent systems.
Data integrityData integrity refers to the validity,accuracy and reliability of data after ithas been stored, transferred, retrievedor processed. Failure to ensure theintegrity of clinical data has an adverseaffect on data quality, system flexibilityand performance. To maintain dataintegrity, the infrastructure underlyinge-health systems must maintain dataquality and characteristics (format,meaning, rules, relationships andlatency, for example) during suchoperations as storage, retrieval,communication and transfer. Dataintegrity can be affected by a rangeof factors. Among them: unauthorizedmodification of data, poor-qualitysource code and noninteroperable
subsystems. To address these issues,effective information governancearchitectures must include fourcomponents:
Code integrity
Processes that test source code toeliminate bugs that may result in dataloss or data corruption during datastorage or transfer.
System hardening
Periodic or ongoing processes that
reduce security risks by evaluating theeffectiveness of security architectures,identifying security risks andundertaking security improvements.
Interoperability governance
A function that works acrossorganizational and information silosto develop and enforce commonstandards, protocols and processesto enable syntactic, semantic and/orprocess interoperability.
Standards-driven architecture and
standards management
A standards-driven systemarchitecture conforms to open orcommon messaging, infrastructure,communication, application, dataand clinical terminology standards.Standards management includes theroles, processes and solutions thatdevelop, manage and enforce commontechnical, communication, messagingand data standards that enable
subsystems to share information moreeffectively.
We describe the Accenture
Information Governance
Framework for Health in
more detail in separate
paperseach discussing
one of the disciplines
and associated solutioncomponents and outlining a
number of e-health planning
and implementation
recommendations for health
care organizations.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
10/28
8
Developing Effective Information
Governance: Next StepsWhether a health care
organization is considering,implementing or operating
advanced e-health solutions,
designing and implementing
a successful information
governance architecture can
be a daunting task.
Information governance challengesaffect every part of the health careenterprise and developing effective
solutions requires collaborationacross organizational silos, functionsand information systems. Based onAccenture research and experiencefrom e-health implementationsaround the world, we believe thereare four initial steps toward effectiveinformation governance:
Conduct a comprehensive
risk assessment and gap
analysis of current information
governance provisionsMost healthcare organizations havea range of existing informationgovernance provisions acrossinformation and organizational silos.This potentially fragmented anddisjointed approach to informationgovernance can make it difficultfor organizations to develop a clearunderstanding of how effective andefficient their information governanceprovisions are and the information risks
they face. Health care organizationsshould conduct a comprehensiverisk assessment and gap analysis toenable a single enterprise-wide view ofinformation governance performanceand information risks. Using astructured approach to informationgovernance, such as the AccentureInformation Governance Framework forHealth, organizations should create aconsolidated inventory of informationgovernance provisions, build a model to
assess their performance and developstrategies to address weaknessesand improve information governanceperformance.
Identify, analyze, evaluate
and prioritize informationgovernance challenges
For a health care organization,the second step toward improvedinformation governance is developingdetailed insight into the informationgovernance challenges it faces. Thisrequires a comprehensive programinvolving IT, legal, clinical andadministrative functions to:
Identify a broad range of current
and future compliance, security,data quality and system integrationchallenges.
Analyze these challenges to developa detailed understanding of their rootcauses.
Evaluate the impact thesechallenges are having or are likely tohave on quality of care, efficiency,costs, strategic priorities, theworkforce, and administrative and
clinical processes.
Prioritize the challenges based ontheir likely impact and the ability ofthe organization to address them.
Design solutions and develop
strategies to address these
challenges
Once a health care organizationhas a detailed understanding of theinformation governance challenges
it faces, it should develop high-level strategies and design solutionsto address these challenges. Anorganization should conceive ofthese solutions and strategiesas components of an integratedinformation governance architecture.The ultimate goal: creating anefficient, effective and sustainableinformation governance function aspart of a comprehensive IT governanceframework. In most cases, informationgovernance challenges cut acrossinformation and organizational silos.Thus, solution design and strategydevelopment must be collaborativeprocesses that involve IT, legal,clinical, administrative and strategic
functionspossibly from different
organizations.
Develop a detailed
implementation plan
Developing the right implementationplan up front is the key to minimizingimplementation risk, ensuring long-term stakeholder engagement,reducing the cost of implementationand developing effective informationgovernance. In clinical environments,solution implementation can be
challenging, especially if programsdisrupt processes integral to thedelivery of care or impose new ways ofworking on clinicians. Implementationplans should include:
A high level of detail aroundtargets, benchmarks, critical successfactors, timetables, release schedules,reporting, coordinating activity andimplementation management roles forspecific programs and work streams.
A long-term clinical changemanagement plan that includescommunications strategies andprograms that support clinicaltransformation, process re-engineering,user acceptance and training to supportspecific work streams.
A comprehensive systemsintegration plan; from a technicalperspective, it should define howinformation governance solutionswill be integrated into organizations
systems architectures, how solutionswill be procured efficiently and howintegration programs will be managed.
Realize the benefits of
effective information
governance
A consolidated enterprise-wideinformation governance architecturewill improve data quality and datasecurity. This will enable health careorganizations to address patientsconcerns over data privacy, ensurecompliance with regulatory andlegislative requirements, maximize theclinical and administrative benefits ofEHR and increase physician adoption.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
11/28
Appendix:11
Appendix
Data privacy
Data confidentiality
Data security
Data quality
Data integrity
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
12/28
Appendix:2
Data privacy
OverviewRegulators, watchdogs, legislative
bodies, patients, patient advocatesand the public expect patient-identifiable data in e-healthsystems to remain private. Inpractice, data privacy requiresorganizations to ensure thatpatient-identifiable data isdisseminated and used inaccordance with patients wishesand that access is based onpatient consent. To help protectdata privacy, organizations mustimplement policies and processesthat enable patients to authorizeand restrict access to identifiabledata in e-health systems.
Data privacy requires sophisticated,consent-based access controlmodels and permissioning regimes.
These solutions should enablepatients to define fine-grainedaccess controls based on flexibleaccess levels that can be grantedto a range of user groups. Thisenables patients to determinewho is able to access whatdata in their medical records.
To help ensure the privacyof data in e-health systems,effective information governance
architectures must include fourcomponents:
Patient consent models andmechanisms
Patient-provider relationship-based access controls
Patient access controls
Effective data security and datahandling policies
Patient consent models and
mechanismsDue to the sensitive nature of clinicaldata and the prevalence of stringentdata privacy guidelines, patient consentshould be the prime access control ine-health systems. Electronic patient-identifiable data should be created,accessed and used only with patientconsent. However, developing effectiveconsent models that meet patient,clinician and public expectations hasproved to be a major challenge.
In broad terms, there are two types ofconsent models:
Opt-in modelsin which patient dissentis assumed and patients must proactivelyconsent for their medical data to be storedelectronically, accessed or used. In somecases patient consent will be assumeduntil withdrawn while in others it will betime limited or renewed at each clinicalencounter or episode of care.
Opt-out modelsin which patientconsent is assumed and patients mustproactively dissent for their medical data
not to be stored electronically, accessedor used. Patients are usually informed howtheir data will be used and are invitedto opt out if they do not wish for theirmedical data to be used in such a way.
Organizations should be aware of the
trade-offs involved in choosing oneconsent model over another. Opt-in modelsusually give patients more control over theuse of their medical data. Consequently,opt-in models tend to strengthendata privacy and reduce opposition toEHR from patients, regulators and thepublic. However, opt-out models oftenincrease the number of patients whosemedical data is stored electronically.Opt-out models may also reduce patient-mandated restrictions on the use ofdata in support of clinical processesintegral to care delivery and screening
and surveillance programs, as well asepidemiological and clinical research. Asa result, opt-out models may maximizethe clinical benefits of e-health.
In practice, many health care organizationsadopt a hybrid approach in which anopt-out model is adopted for certainfunctions, such as creating electronicmedical data, and an opt-in model isadopted for others, such as sharing andusing medical data. While hybrid modelsmay enable health care organizations tocapture some of the benefits and avoid
some of the pitfalls of using either modelexclusively, they can also be extremelycomplicated. This complexity can lead toscalability problems, high implementationrisk stemming from project management
and system complexity, increased
cost, and confusion among clinicians,administrators, patients and the public.
Patients may wish to restrict access toparts of their medical record to limitthe dissemination of very sensitiveinformation or if they are concerned thattheir medical data may be compromised.As a result, patient consent mechanismsshould be part of EHR access controlmodels. Patient consent mechanisms areauthorization or permissioning regimesthat allow patients to specify parts oftheir medical record that they do not
want particular user groups to have fullaccess to. Patients should be able todefine multiple access levels to particularcompartments of information that can beapplied to a range of user groups. Figure1 illustrates some example access levels,information compartments and usergroups that may be part of fine-grainedpatient consent mechanisms within aconsent-based access control model.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
13/28
Appendix:3
Figure 1: Possible elements of a patient consent mechanism
Access levels/permissions Information compartments User groups
Information is not visible to usergroup
Information is visible to, but cannotbe accessed by, user group
Information can be accessed by usergroup but only with patient consent
When information is accessed by usergroup, an alert is generated
Information can be accessed byuser group, but authorization istime limited and must be renewedperiodically
Any freeform data in a medicalrecord
Data related to a particular medicalspecialty (such as psychiatry,oncology or neurology)
Demographic data
Data associated with a specificepisode of care
Information on chronic conditionsand underlying health problems
Prognostic information
Pharmaceutical and non-pharmaceutical treatmentinformation
Individual clinicians
Clinical workgroups or departments
Provider administrators
Public health organizations
Researchers
Central management functions
Patient proxies
Patient-provider relationship-
based access controlsTo protect patient privacy, access topatient-identifiable clinical information ine-health systems should be based on anexisting relationship between the patientand the clinician or provider requestingaccess. Clinicians or providers not involvedin the delivery of care services to thepatient should be unable to access thepatients clinical information withoutexplicit consent. Moreover, cliniciansand providers should only have access toinformation necessary for them to fulfill
their clinical responsibilities. For example,a psychiatrist may not require access toinformation on a patients surgical history;likewise, a pharmacist may not requireaccess to a patients critical care record.
Protecting patient privacy requires accesscontrol models and solutions that restrictaccess to information and functionalitybased on real-world patient-providerrelationships. These relationships areoften very complex and, as a result,e-health systems require fine-grainedpermissioning and authorization regimes.
These permissioning and authorizationregimes should be part of sophisticated,role-based access control models thatrestrict access to clinical informationbased on real-world job functionsand patient-provider relationships.
Patient access controls
Solutions that provide patients withsecure access to their medical data arebecoming an increasingly importantpart of e-health systems. Effectivepatient access controls are particularlyimportant for Internet-based patientportals. Allowing patients to access theirmedical records improves the accuracy andcompleteness of information in EHR whileempowering patients to manage theirhealth more effectively and contributeto clinical decision-making processes .
Access control solutions have three keyelements: registration, authentication andauthorization:
Registration enables patients to createand manage user accounts that areassociated with access rights. By linkinguser accounts through a single sign-onsystem, patients can access medicalinformation in disparate systems withoutcreating multiple user accounts.
Authentication verifies patients identity
and confirms that user accounts arelegitimate. Authentication factors includeusername and password, digital certificate,security token and biometric identifiers,such as thumbprints. Two-factorauthentication, which requires patients toprove their identities using two differentfactors, is used to reduce security anddata privacy risks.
Authorization grants user accountsaccess rights and allows or rejects accessrequests based on these access rights. Inmost cases, these rights enable patients to
access all their medical information held ina system, excluding information sealed byclinicians or administrators.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
14/28
Appendix:4
Effective data security and
data handling policies
Organizations data collection, datahandling, data security and datasharing policies should minimizeinformation security risks and preventunauthorized use of information
by encouraging desirable behaviorsamong clinicians and administrators.Desirable behaviors include:
Collecting, storing and sharingdata securely using appropriatesecurity technologies, such asencrypted storage devices andsecure communication channels.
Minimizing the risk of data loss ormisuse by maintaining the ef fectiveness ofaccess controlsfor example, not sharingpasswords and ensuring that passwordsmeet certain criteria. Proactivelyidentifying and minimizing securityand confidentiality risksfor example,printing information only when absolutelynecessary, disposing of hard copiessecurely, anonymizing or pseudonymizingdata where possible and removingsoftware that may compromise security,such as peer-to-peer programs.
Reporting security breaches andunauthorized or improper use ofinformation.
Restricting physical access to hardware
including laptops, desktops, mobile devicesand cell phonesthat store or enable usersto access sensitive data.
Educating other users to raise awarenessof data security and data confidentialityrisks and encouraging them to adoptbehaviors that minimize these risks.
RecommendationsImplementing effective data privacysolutions has proved to be a majorchallenge for health care organizationsaround the world. Designing solutionsthat meet the expectations of regulators,clinicians, administrators, managers,patients, the public, politicians andother stakeholders is the most commonchallenge. However, organizations tendto concentrate on the technical andclinical aspects of data privacy whileneglecting the strategic, organizationaland cultural dimensions. From Accenturesresearch and experience from e-healthimplementations around the world, webelieve that to address these issues,health care organizations implementing
an e-health systems should:
Consult clinicians, patients
and the public whendesigning consent models
Designing consent models should bea transparent, collaborative processinvolving a broad range of stakeholders.By adopting a collaborative approach,organizations design more effectiveconsent models that are fit for purpose.Further, by engaging stakeholders earlyin the process, organizations reduceresistance from patients, cliniciansand regulators. This reduces the riskof subsequentand expensivesystem
changes to access controls and dataprivacy solutions.
Communicate the purpose
of data privacy measures to
clinicians and patients
Organizations should develop ef fectivecommunication strategies to ensure thatclinicians and patients understand whyand how data privacy will be maintained.
Communication strategies shoulddemonstrate organizations commitmentto data privacy and the effectiveness ofdata privacy solutions while convincingclinicians and other stakeholders that dataprivacy controls will not reduce the clinicalvalue of e-health.
Educate patients so they
understand data privacy controls
For consent-based access controls to beeffective, patients must be able to makeinformed judgments regarding data use.
At a minimum, patients should understandhow their medical data will be used, howwidely it will be disseminated and whatthe benefits and potential drawbacksare. Patients should also understandthe processes through which they canrestrict and authorize access to data.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
15/28
Appendix:5
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
16/28
Appendix:6
Data confidentiality
OverviewPreventing unauthorized access to
and use of information in e-healthsystems is a major challenge forhealth care organizations. Ensuringthe confidentiality and securityof electronic medical data isbecoming increasingly difficult asmobile networks, Internet-basedpatient and provider portals, health2.0 technologies and health databanks become more common.Moreover, as EHR become morewidespread, health care regulatorsand watchdogs are focusingunprecedented attention on dataconfidentiality.
Maintaining the confidentiality ofdata in e-health systems requiresa range of solutions that prevent
the unauthorized collection,storage, use and dissemination ofinformation. Data confidentialitysolutions are designed to preventunauthorized access to informationby enforcing access restrictionsand permissions defined by patientsthrough consent-based accesscontrol models.
To ensure the confidentiality ofinformation in e-health systems,effective information governance
architectures must include fourcomponents:
Role-based access control models
Patient and provider recordsealing
Identification and authentication
Anonymization andpseudonymization
Role-based access control
modelsTo ensure that users have access to theinformation and functionality they requirewithout compromising data confidentiality,access control models should reflectcomplex, real-world job functions andpatient-provider relationships. To thatend, access control models should enablepatients to restrict or authorize accessby granting permissions to user groupsbased on their actual job function orrole. In most cases, role-based accesscontrol models must be quite detailed
so that very specific permissions can begranted to individuals or small workgroupsbased on their roles. Permissions not onlydefine what information a user can seeand access, but they also determine howthis information can be used and whatfunctionality the user can access .
The figure below demonstrates asimplified role-based access control modelbased on a range of patient-providerrelationships and roles. Each user grouprequires a set of permissions enablingthem to access relevant information and
functionality directly related to theirrole and relationship with the patient.For example, clinicians delivering acute-care services require access to high-levelclinical information that may directly
affect treatment plans and clinical
decision making. On the other hand,clinicians involved in specialist carerequire access to more detailed clinicalinformation related to their area ofspecialty across a number of care episodes.
Patient and provider record
sealingTo ensure that patient consent is theprime access control in e-health systems,patients must be able to seal parts oftheir medical record so clinicians andadministrators outside a particular
workgroup cannot access them. The sealedinformation compartments may or may notbe visible to users outside the authorizedworkgroup. This enables patients tocontrol access to sensitive informationin their medical recordthereby helpingto reduce privacy concerns and patientopposition to EHR. However, patientrecord sealing can have a detrimentalimpact on the clinical value of e-healthand may even affect patient safety.
To maintain data confidentiality incertain circumstances, clinicians and
administrators may have to restrictor prevent access to informationcompartments in patients medical records.Such action is usually necessary whena medical record contains informationrelated to a third party that
cannot be disseminated. Systems and
users must be able to identify records thatcontain confidential information abouta third party and restrict access to thisinformation. The ability to seal recordsshould be granted only to a limited numberof users. Further, guidelines should makeclear under what circumstances recordsshould be sealed.
Identification and
authenticationAlso critical to data confidentiality:effective provider access controls that
enable clinicians and administratorsto securely access information ine-health systems and that monitor andprevent unauthorized access and use ofinformation. e-Health systems shouldhave effective access control solutionsthat enable the robust authenticationof health care professionals to healthcare systems, and the linking of real-world identity to system identity. Suchcontrols help ensure that only authorizedusers can access patient data. Thesesolutions should support fine-grainedrole-based access control models and
must also meet stringent regulatoryrequirements regarding data management,data protection and information audit.Compliance requires systems to monitorand log access request, logins andactivity so audit trails can be generated.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
17/28
Appendix:7
Healthcare
Professional
Permissions:Users can access, modify and useinformation on current medications, pastmedications and abuse/response history,as well as pharmaceutical records
Clinical workgroup:
Pharmacy
Permissions:Users can only accessadministrative datarelevant to appointmentbooking and outpatientmanagement
Administrative
workgroup:
Primary careclinic
Permissions:Users can access, modifyand use information onpast psychiatricconditions, session notes,hospitalizations andpsychiatric treatments
Clinical
workgroup:
Psychiatriccare
Permissions:Users can access, modifyand use information onpatients critical history,major surgeries, chronicand/or current conditionsand abnormalities
Clinical
workgroup:
Emergencycare
Permissions:Users can grantpermissions to other usergroups and access entiremedical record exceptcompartments sealed byphysicians
Individual:
Patient proxy
Permissions:Users can only accessadministrative datarelated to a singlehospital admission
Administrative
workgroup:
Hospitalinpatientmanagement
Permissions:Users can access patientsentire medical record,modify data anddisseminate information toother health careproviders.
Individual:
Generalpractitioner
Figure 1: A simplified role-based access control model
Access control solutions have three key
elements: registration, authentication andauthorization:
Registration creates user accountsfor clinicians and administrators. Theseaccounts are linked to access rights.Registration can be a complex processin multisystem and multienterprisearchitectures with role-based accesscontrol models. Users may require morethan one user account to access differentsystems. Whats more, each user accountmay have different access rights andpermissions depending on the type of
information and system involved. Linkinguser accounts through a single-sign-onsystem can improve usability; users mustlog in only once to access a number ofdifferent systems. However, a single-sign-on capability alone does not addressthe underlying technical complexity ofregistration in multisystem environments.
Authentication verifies the identity
of clinicians and administrators andconfirms that user accounts are legitimate.Most health care organizations mustmeet stringent regulatory requirementsregarding authentication. Complianceusually requires systems to employmultifactor authentication in which usersprove their identities using at least twoauthentication factors, such as password,personal identification number (PIN),biometric identifier, security token, smartcard and ID card. Mobile and telemedicinee-health solutions require very strongauthentication to ensure the security of
information communicated across wirelessnetworks and the Internet.
Authorization grants access r ightsto user accounts. It also restricts orauthorizes access to systems based onthese access rights. In a fine-grained role-based access control model, access rightsare granted to user groups defined bytheir real-world job-functions or patientrelationships. To ensure system flexibility,authorization solutions should enableadministrators to efficiently add andremove users permissions and modify or
create new access levels.
Anonymization and
PseudonymizationWhen medical data is used for secondarypurposes other than delivery of healthcare services, patients identity must beobscured to maintain data confidentiality.The seven principal levels of dataobscuration (see Figure 2) range fromclear, patient-identifiable data toanonymized data. The required level isusually determined by regulators basedon local data privacy guidelines and isinfluenced by a range of factors, includingdata use and scope of dissemination.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
18/28
Appendix:8
RecommendationsThere are a range of technical challengesassociated with implementing effectivedata confidentiality solutions acrosscomplex architectures in distributedenvironments. However, vendors, systemsintegrators and health care organizationsare developing effective solutions toaddress these issues. Increasingly, themost important challenges organizationsface when implementing dataconfidentiality solutions are related toorganizational and process issues. FromAccentures research and experience frome-health implementations around theworld, we believe health care organizationsimplementing e-health systems should:
Implement processes that
enable IT, legal, clinical and
administrative functions to work
together effectively in developing
data handling policies and role-
based access control models
Effective data handling policies and
access controls should conform and beadapted to meet regulatory and local legalrequirements and reduce informationsecurity risks while minimizing disruptionto clinical and administrative processes. Ifdata handling policies and access controlshave a significant impact on clinicaland administrative processes, users areunlikely to adopt desirable behaviors,care quality may suffer and processes arelikely to become less efficient. To avoidthese problems, organizations shouldenable stakeholders from across theorganization to collaborate in designing
access controls. If IT and legal teamsdesign and implement access controlsin an organizational vacuum, thosecontrols are likely to be less effectiveand cost more than those developedthrough a collaborative approach.
Develop processes and solutions
to manage and report data
breaches effectively
The financial, organizational, reputationaland regulatory consequences of dataloss and misuseincluding litigation,fines imposed by regulators, a collapsein patient confidence, and data
corruptioncan be very serious for healthcare organizations. To minimize theimpact of data confidentiality failures,organizations should implement effectiveprocesses to manage and report databreaches. In many countries, regulatorsspecify reporting requirements. However,organizations should go beyond simplyreporting data breaches; they shouldalso develop an integrated mechanismto proactively manage such breaches.These solutions detect and analyzebreaches as quickly as possible to mitigatetheir impact on patient confidentialitywhile identifying vulnerabilities thatcan be addressed immediately.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
19/28
Figure 2: Seven levels of data obscuration
Levels of data obscuration Possible purposes/uses within health care systems
Level 1Patient identifiable data, also known as clear data.
Clinical processes involved in the delivery of healthcare services
Surveillance and screening
Caseload management
Level 2Codification of informationextracts codified oraggregate information from patient-identifiable data.
Provider-level clinical governance processes,including clinical audit and clinician performancemanagement
Distributing activity or patient-based funding
Claims processing
Level 3Two-way linkable pseudonymizationreplacesunique identifiers, such as patient name or identifier,
with a pseudonym, usually a code or number,from which a patients identity cannot be inferred.Two-way pseudonymization allows an authorisedhealthcare professional to translate pseudonymsto patient identifiers. Linking pseudonymsenables the whole-patient view to be maintainedwithin the pseudonymized information.
Enterprise and clinical performance management
Clinical audit
Administrative patient management processes
Clinical process optimization
Level 4Two-way pseudonymizationsimilar to two way linkablepseudonymization but does not enable the whole-
patient view to be maintained within the pseudonymizedinformation.
Level 5One-way linkable pseudonymizationone-waypseudonymization is irreversible because pseudonymsare generated in such a way that patients cannot bereidentified from them. Linking pseudonyms enablesthe whole-patient view to be maintained within thepseudonymized information.
Service delivery planning, evaluation andoptimization
Reporting and analytics
Epidemiological research
Clinical research
Compliance with freedom of information andother transparency and accountability legislation
Level 6
One-way pseudonymizationsimilar to one-waylinkable pseudonymization but does not enable thewhole-patient view to be maintained within thepseudonymizsed information.
Level 7Anonymizationremoves all unique identifiers and patientidentifiable information from data. Anonymization is notreversible and anonymized data cannot be linked to otherdata.
Appendix:9
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
20/28
Appendix:10
Message integrity and
communications securityMaintaining the validity of datatransferred between systems in messagesis critical to ensuring data integrity.Effective communications securitysolutions prevent message corruption,reduce the risk of data loss and helporganizations meet data securityrequirements by ensuring message securityand integrity. These solutions prevent anddetect unauthorized access to messages;encrypt and authenticate messages; andenable automatic message validation.
Event audit and alertingTo ensure compliance with stringent auditrequirements and maintain data qualityand integrity by preventing unauthorizedaccess, an EHR should monitor, logand report security relevant events.Such events include access requests,database queries, logins, configurationchanges, file and network access, firewallreporting, attempted violation of accesscontrol rules, and the modification andcommunication of restricted information.
When security-relevant events occur, the
system should automatically generatealerts. As part of ongoing vulnerabilitymanagement and compliance programs,IT organizations should develop effectivesecurity alert management processesto ensure that legal, clinical andadministrative functions are aware ofpotential risks. Increasing awareness ofsecurity risks across the organization helpsto increase system security by drivingchanges in users behavior and datahandling processes and policies.
IT security auditHealth care organizations should conductperiodic IT security audits to ensurethat data is properly protected fromunauthorized access, that all relevantsecurity threats and vulnerabilities havebeen identified, and that data handlingprocesses are correctly configured tominimize security risks . IT security auditsmay be conducted by a third party andtypically include a number of components.Among them: compliance verification,security standards certification, securityassessments, penetration testing and
user awareness testing. In some cases,regulators also require organizations toinclude a number of certified assessmentsin their IT security audits.
Network integrity
Data security can be affected bynetwork integrity and resiliencethat is,a networks ability to deliver expectedfunctionality, performance and serviceavailability during unexpected events.Networks should be resilient enough tocontinue operating as designed regardlessof security threats, spikes in demand orother incidents. This level of networkresilience ensures the availability ofprocesses and services that maintaindata security across the network. Further,high network resilience reduces therisk of data corruption and data lossas a result of service unavailability andinterruption during data transmission;helping to maintain data quality andintegrity. Network integrity solutionsshould promote network resilience byautomatically detecting and addressingsecurity threats and unwanted networktraffic; preserving network bandwidthby managing and prioritizing legitimatetraffic; and generating reports onnetwork performance to help networkadministrators and decision makersmanage networks more effectively.
OverviewData security has a significant
impact on data privacy,confidentiality, quality andintegrity. Compliance withstringent data privacy andconfidentiality guidelines ispossible only if organizationscan prevent unauthorized accessto and dissemination of data ine-health systems. The qualityand integrity of information ine-health systems depends on theirability to prevent unauthorizeddata modification, as well asdata corruption. If information ine-health systems is poor qualityor lacks integrity, it diminishesthe clinical and administrativevalue of the solution. In thosecircumstances, paper-based records
and processes cannot be replaced;clinical process improvementsdriven by clinical analytics and
reporting cannot be achieved;and care quality gains based onthe implementation of decisionsupport tools cannot be realized.
Ensuring data security requireshealth care enterprises to developsecurity architectures thatproactively manage security risks,effectively identify and prioritizethreats and rapidly addressvulnerabilities. To help ensure the
privacy, confidentiality, quality andintegrity of information by enablingsecure data collection, datasharing and data management,effective information governancearchitectures must include fourcomponents:
Message integrity andcommunications security
Event audit and alerting IT security audit
Network integrity
Data security
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
21/28
Device
eg. PC, Tablet,Smart Phone
Device
eg. PC, Tablet,Smart PhoneUser User
Data Created Data Transmitted Data Consumed
Network
Patient information
accessed by healthcare
professional
Ensure that communication
messages are securely
created, and can not be
changed or compromised
Application events
which process patient
information have robust
audit points
Resilient and protected
network infrastructure
Network agnostic technologies
considered for the protection of
data in transit
Communications processing
points keep a log of inbound
and outbound communications
Application events which process
patient information have robust
audit points
Holistic approach to regular IT
Security Audit based uponagreed and accepted standards
Message integrity and
communications security
Event Audit and Alerting
IT Security audit
Network integrity
Patient information
created by healthcare
professional
Appendix:11
Figure 1: Four Components of data security
RecommendationsA health care enterprises securityarchitecture plays a vital role inmaintaining data privacy, confidentiality,quality and integrity by identifying andaddressing security risks and vulnerabilitiesefficiently and ef fectively. However, datasecurity is not just a technical issue;users behavior, organizations corporatestrategy and changing market conditionsare often major factors in creating orexacerbating information security risks .From Accentures research and experiencefrom e-health implementations around
the world, we believe that organizationsshould as a minimum take the followingactions to help ensure data security:
Launch a proactive and
comprehensive data security
assessmentTo ensure that data in e-healthsystems is secure, organizations musthave an accurate and comprehensiveunderstanding of current and potentialsecurity risks and vulnerabilities. A datasecurity assessment should deliver adetailed inventory of all data assetsand should document current datamanagement practices, regulatory
requirements and key vulnerabilities,
along with the probability and possibleimpact of threats. The aim of a datasecurity assessment is to developa risk-based view of data assets, astrategic awareness of vulnerabilitiesand threats, a clear understanding ofthe severity of impacts and a foundationfor investment in data security.
Ensure adequate audit
capabilitiesTo reduce compliance and reputationalrisk, an EHR should automatically
monitor and record all permissionchanges, data errors, access requests,data transfers, alterations to medicalrecords and data breaches. With thismonitoring and recording, organizationscan efficiently and effectively developdetailed audit trails should the needarise. Failure to implement adequateautomated capabilities increases the costof complying with auditing requirementsin certification criteria. Inadequateauditing can also significantly impair anorganizations ability to maintain dataquality and integrity as access controls
and security measures are less effective.
Develop a comprehensive
change program to drive usercompliance with data handling
and IT security policies
To minimize security risks, all users mustfollow data security and data handlingpolicies. However, driving changes inclinicians behavior and making trainingstick can be major challenges. Clinicalchange management can be difficult.Compounding the challenge:Normalchange management strategieseventhose based on best practices for
organizations outside health careareoften ineffective. To address theseissues, health care organizations shoulddevelop long-term change programsthat target changes in organizationalculture and user attitudes toward securityand confidentiality. It is important fororganizations to engage senior cliniciansearly on to act as change championsencouraging the clinical workforce tofollow data security policies.
For more information on Accenture'sdata security solutions see
www.accenture.com/security
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
22/28
Appendix:12
OverviewHigh-quality data is meaningful,accurate, internally consistent
and can be used for its intendedpurpose. Failure to maintain thequality of data in e-health systemscan:
Reduce patient safety if, forexample, treatment plans arebased on erroneous test results orprescription data is inaccurate
Affect quality of care if clinicalsystems that support evidence-
based medicine and enablephysicians to develop morepersonalized treatment plans,such as Clinical Decision SupportSystems (CDSS) and ComputerPhysician Order Entry systems(CPOE), are less effective
Reduce user adoptionrates because clinicians andadministrators continue to usepaper-based records to avoid errorsresulting from poor data quality
Adversely affect the performanceand effectiveness of informationdiscovery, clinical and performanceanalytics, business intelligence,reporting and audit platforms
Ensuring data quality is a majorchallengeespecially in distributedenvironments in which subsystems
do not use common technical,data, communication, messaging orterminology standards. To overcomethis challenge, organizationscan implement solutions withintelligent data handling anddata management functionalitythat identify data errors and
poor quality data. Organizationscan also improve data qualityby enabling subsystems to shareinformation more effectivelythrough standardized dataarchitectures and interfaces. Tohelp ensure high-quality datain e-health systems informationgovernance architectures mustinclude four components:
Error correction
Data validation
System and interface
certification
Standards-driven architecture
Data quality
Error correction
Errors within an EHR occur for a varietyof reasons, including data-entry errors byusers, use of poor translation lexicons andineffective data migration. An EHR shouldhave effective processes for detectingand correcting errors. Such processes helpminimize the impact of errors on clinicaland operational risk, patient safety andcare quality. Stringent data quality regimesthat minimize user-generated errors at thepoint of entry and robust data migrationtesting procedures can reduce theprobability of errors occurringenablingorganizations to focus resources on
correcting errors.
Systems may be able to detect someerrors automatically through sophisticateddata validation rules, error checking andevent and exception handling routines;however, in many cases, critical errorsare related to the accuracy of data andare difficult to detect automatically.When automatic error detection fails,users must attempt to detect errorsmanually. CDSS and CPOE systemsmay help clinicians to identify errorsby highlighting logical inconsistencies
in medical data and generatingalerts to highlight possible errors.
To ensure that errors can be correctedefficiently, organizations should have
standardized correction policies andprocesses. These processes should enableusers to manage system alerts eff icientlyand to report and correct errors as quicklyas possible. They should also log all errorsand ensure that all alterations to patientsmedical data are recorded. Further, thesechanges should be either visible or flaggedso other users are aware data has beenchanged to correct an error. For auditpurposes, when alterations are madeto medical information, systems shouldrecord the identity of users who makechanges, as well as the time, date andreason for those alterations.
Data validation
Solutions should validate clinicaland administrative data in an EHR toensure it is meaningful, complete andsecure. Whether entered by users orcommunicated from other systems,information in an EHR should conform toa set of specifications or validation rules.
Validation rules should ensure data isformatted and structured correctly anduses a compatible language, ontologyand terminology. They should also checkthat the characteristics of datameaning,rules, relationships, latencyare intact.Clinical applications should also have
some capacity to validate the accuracy ofinformation through manual and electronicprocesses that reconcile data and highlightlogical inconsistencies in information.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
23/28
Appendix:13
System and interface
certificationAs countries around the world movetoward regional and national EHR,regulators are becoming more prescriptiveregarding the adoption of open standards,system capability and flexibility, clinicalapplication functionality and data
quality. Moreover, under pressure fromregulators, organizations are increasinglyusing standards developed by health carestandards development organizations(SDOs)such as HL7 and openEHRtoenable interoperability, minimize costs andreduce implementation risks. To ensurecompliance with SDO specifications andregulatory requirements, organizationsshould develop strong system certificationand interface certification programs.Based on regulatory requirements andSDO specifications, these certif icationprograms design and execute tests toverify compliance and identify requiredsystem changes.
System certification programs mayverify the compliance of a range ofhardware and software components,standards, processes and policies toevaluate system characteristics, suchas security, performance, availability,data management, functionality andinteroperability. Interface certificationprograms use detailed specifications,usually based on SDO specifications,to verify the compliance of interfacesbetween systems and applications. Theseprograms verify that interfaces conformto a series of interoperability and datamanagement standards that enablethem to transfer information effectivelybetween systems.
Standards-driven architectureData quality in e-health systems isaffected by the ability of subsystems toshare information effectively. To achievesemantic and/or syntactic interoperability,e-Health systems require a system
architecture that leverages open standardsfor the recording and coding of data.Standardized data architectures promotea high level of data quality by enforcingcommon data processing, formattingand storage across multiple componentsystems. These standards enable thosesystems to share information effectivelywithout undermining data quality
RecommendationsData quality can be affected by a rangeof factors, including data entry standardsand practices and information security.However, in most cases, the mostimportant factor affecting EHR dataquality is the ability of subsystems to sharemeaningful and accurate information.Connecting islands of health data withinand across enterprises has proved to bea major challenge. Despite efforts bygovernments and SDOs around the world,universal standards for full and ubiquitoussemantic interoperability remain distant.Even so, organizations can realizesome of the benefits of sharing high-quality data ef ficiently and effectivelywithout universal EHR standards orsignificant expenditure on a unifiede-health architecture. From Accenturesresearch and experience from e-health
implementations around the world, webelieve that health care organizationsimplementing e-health systems should:
Consider a service-oriented
architecture as a means of
achieving interoperability in the
short term
Achieving interoperability by enforcingcommon standards and implementingcomplex interfaces can be prohibitivelydisruptive and expensive in the shortterm. A more efficient approach:
gradually implementing open standardsover time as legacy systems are retiredor integrated, infrastructure is updatedand new applications are developed.However, to meet the short-term needfor interoperability, organizationsshould consider replatforming towarda service-oriented architecture (SOA).This shift involves implementing an SOAand moving existing applications frommultiple, noninteroperable platforms toan integrated SOAwithout significantlychanging applications programminglanguage or functional environment. In the
long term, full semantic interoperabilitywill be achieved by implementing commonEHR standards. In the short term, a level ofinteroperability can be achieved throughan SOA.
Adopt open or common standards
and terminologies wherever
possible
Designing, selecting and implementingEHR standards and clinical terminologiesare complex processes. Even openstandards and terminologies often mustbe customized to reflect organizational,
technical and clinical idiosyncrasiesand so are subject to a number oforganization-specific interpretations. Asa result, adopting open standards cannotguarantee interoperability. However, it islikely that governments around the worldwill continue to push for greater e-healthintegration to achieve national EHR andwill exert pressure on organizationsto adopt open and interoperable EHRstandards. Therefore, to reduce futurecosts of EHR integration, organizationsshould immediately begin implementingand pressuring vendors to developsystems based on any available opennational or international standards.
Involve clinicians in designing
and configuring clinical
applications
Applications data validation and error-detection rules should reflect real-worldlogic in terms of understanding ofrelationships between concepts such astreatments and diagnoses; identifyingillogical and inaccurate information using
fine-grained parameters; and detectingincomplete data or information thatlacks meaning through rules based onclinical and business logic. To achieve thislevel of intelligent data handling, clinicalsubject matter experts must be involvedin the design and configuration of clinicalapplications. Even off-the shelf productsshould be carefully configured to reflectlocal clinical practices and processes.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
24/28
Appendix:14
Data integrity
OverviewData integrity refers to the validity,
accuracy and reliability of datawhile it is being stored, transferred,retrieved or processed. Data withintegrity retains its meaning andclinical or administrative value afterit has been communicated or used.Failure to ensure the integrity ofdata in e-health systems adverselyaffects data quality and systemflexibility and performance. That,in turn, has a negative impact onpatient safety, quality of care,compliance risk and user adoption.
To maintain data integrity, theinfrastructure underlying e-healthsystems should prevent data
corruption and data loss. It shouldalso maintain the quality andcharacteristics of dataformat,meaning, rules, relationships andlatencyduring operations such asstorage, retrieval, communicationand transfer. Data integritycan be affected by a range offactors, including unauthorizedmodification of data, poor-qualitysource code and noninteroperable
subsystems. To address theseissues, effective informationgovernance architectures mustinclude four components:
Code integrity
System hardening
Interoperability governance
Standards-driven architectureand standards management
Code integrity
In many cases, data corruption and dataloss during storage and use are the resultof bugs in source code. Maintaining dataintegrity requires high-quality source codeverified through extensive static codeanalysis. Code with high levels of integrityhas fewer functional defects and securityvulnerabilities that may affect dataintegrity. Ensuring code integrity duringthe development and unit testing stagesreduces costs associated with fixing bugsdiscovered later in the implementationlifecycle.
System hardeningEnsuring the security of infrastructureunderlying e-health systems isimportant in maintaining the integrityof networks, messages and data. Systemhardening is a periodic or ongoingprocess of reducing security risks byevaluating the effectiveness of securityarchitectures, identifying security risksand undertaking security improvementsincluding removing vulnerable andunnecessary services and applicationsand updating security configurations
and access controls. System hardeningis particularly important if systemsare currently configured to maximizeease of use rather than security.
Interoperability governance
Enabling subsystems that use differentstandards and clinical terminologiesto share clinical data effectivelyand maintain data quality is a majorchallenge. Compounding the challengeare organizational and process issuesassociated with clinical data sharing. Inmany cases, providers and physiciansuse different processes and formatsfor recording and storing clinical data.Interoperability governance is a functionthat works across organizational andinformation silos to develop and enforcecommon standards, protocols andprocesses to enable syntactic, semantic orprocess interoperability (see Figure 1).
Developing effective interfaces andenforcing common standards andcommunication protocols throughstandards management processes mayenable organizations to achieve a levelof syntactic interoperability. Syntacticinteroperability enables subsystems tocommunicate data, but it does not enablereceiving systems to interpret, processor use it. Syntactic interoperability limitsthe benefits of data sharing; manual dataentry and modification is required, dataquality cannot be ensured, analytics andreporting platforms are less effective,and performance improvements resultingfrom process automation and optimizationcannot be realized.
To ensure data quality and maximize the
clinical and administrative value of EHR,systems require semantic interoperabilityin which subsystems can automaticallyinterpret, process and use data receivedfrom other systems. In many cases, a levelof semantic interoperability is achievedwithin enterprises by implementing anoff-the-shelf EHR that is part of aunified e-health architecture that includesa suite of clinical applications and medicaldevices. However, achieving semanticinteroperability across enterprises is moredifficultmostly because there are noopen national or international standards
for clinical data.
Current efforts to achieve semanticinteroperability across health careorganizations involve developing:
Common reference models forrepresenting clinical data that specifyat a high level how information shouldbe recorded, organized and managed ina medical record, such as the openEHRReference Model and HL7 ClinicalDocument Architecture
Standardized clinical data structuredefinitions that specify restrictions, rulesand requirements for data used for specificclinical and administrative purposes suchas openEHR Archetypes and HL7 Templates
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
25/28
Process Interoperability
Data created, used or modified
in clinical and administrative processes
can be used effectively by other processes
Semantic Interoperability
Subsystems can automatically interpret,
process and use data received from other systems
Syntactic Interoperability
Subsystems can communicate and exchange data but cannot
automatically interpret, process or use information received from other systems
Figure 1: Levels of interopability
Appendix:15
Common ontologiesthat is, models
that describe a health-related domain anddefine the attributes of and relationshipsbetween concepts in that domain
Standardized coding systems for clinicalconcepts, classifications and clinicalterminologies such as SNOMED-CT andLOINC
To maximize the benefits of syntacticand semantic interoperability, clinicians,administrators and researchers must usecombined data effectively to improve carequality, identify and realize efficiencies,and improve patient and public healthoutcomes. This approach requires a levelof process interoperability that enablesdiscrete clinical and administrativeprocesses to effectively leverage dataproduced, used or modified by otherprocesses. For example, clinical termsshould be used consistently acrossorganizations to represent exactly thesame diagnosis or treatment. Clinical andadministrative processes do not have tobe standardized, but users must adopt thesame data entry and data managementstandards across enterprises.
Standards-driven architecture
and standards managementThe most effective way for organizationsto achieve interoperabilitywithin andamong enterprisesis to develop a systemarchitecture that conforms to open orcommon messaging, infrastructure,communication, application, data andclinical terminology standards. Whilethere are a range of solutions that enableinteroperability in nonstandardizedarchitecturesfor example, vocabularyservers and terminology servicesthat enable systems using different
terminologies to share informationthe most effective means of achievinginteroperability is to develop standards-driven architectures.
Within an enterprise, a standards-drivenarchitecture enables organizations toachieve a level of semantic interoperabilitymore eff iciently. Standards also increasesystem flexibility as applications,devices and hardware and softwarecomponents can be integrated intosystem architectures more eff iciently andeffectively. Standards-driven architecturesalso address some of the criticalchallenges associated with implementinginter-enterprise EHR. Achievinginteroperability across enterprises that
have system architectures based on
common or open standards, even if thosestandards vary, is easier than integratingcomplex, nonstandardized architectureswith a number of noninteroperableinterfaces.
Developing and enforcing commontechnical, communication, messagingand data standards is an important steptoward a standards driven architecture. Astandards management lifecycle shouldbe developed to ensure standards areused and maintained correctly acrossthe organization. This requires standardsmanagement processes that monitorand enforce changes and updates tostandards, retire standards and ensurethat new hardware and softwarecomponents are standards compliant.Standards management within enterpriseswith strong IT governance processes isfar easier than across enterprises withdiscrete IT governance strategies. A criticalchallenge for organizations implementinginter-enterprise EHR is to coordinateand standardize each enterprisesstandards management strategy. Simplydeveloping standards will not necessarily
enable greater interoperability if thosestandards are not used or maintaineduniformly across subsystems.
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
26/28
Appendix:16
RecommendationsMaintaining and improving the integrityof data in e-health systems withoutadversely affecting system flexibility,reliability and performance are complexchallenges. However, given the potentialimpact of low data integrity on carequality, compliance and efficiency, theseare challenges organizations should striveto meet. There are a number of strategies,solutions and standards organizationscan use as part of a comprehensivedata management strategy to improvedata integrity. From Accenturesresearch and experience with e-healthimplementations around the world, werecommend the following actions:
Implement effective data
integrity checkpoints and edit
checks
To maintain data integrity and quality,organizations should develop a libraryof standard data elements and use dataintegrity checkpoints and edit checks toensure data conforms to data standards.Data integrity checkpoints verify thatdatas characteristics meet data integrityspecifications after it has been created,stored, processed or used. Edit checksenforce data rules and standards and arean important part of data cleansing. Theydetect and correct, delete or highlighterrors, inconsistencies and missing data.
Target process interoperability
through comprehensive clinical
transformation and process
optimization strategies
Organizations often fail to maximizethe clinical and administrative value ofsyntactic or semantic interoperabilitybecause clinical and administrativeprocesses and workflows arenoninteroperable. In other words, datacreated, used or modified by discreteprocesses cannot be used effectivelyby other processes. Achieving processinteroperability requires clinicians andadministrators to use applications in thesame way for the same purpose, to referto concepts using the same terms, to useterms consistently and to adopt commondata entry practices and rules regardingcontent, format and frequency of updates.Process interoperability also involves
process reengineering to create eff icienttouch points and synergies betweenprocesses that enable meaningful,accurate and up-to-date informationto flow between processes . To achieveprocess interoperability, organizationsshould develop clinical transformation andprocess optimization strategies, supportedby adequate clinical change managementprograms, to maximize user adoption,encourage desirable user behavior andreengineer clinical processes .
Aim to achieve a level of
interoperability that will
deliver tangible clinical and
administrative benefits by
developing specific use cases
Too often, health care organizationsinvest in interoperability without a set
of specific use cases that demonstratehow interoperability will add value byimproving clinical decision making, carequality and process efficiency.Withoutspecific use cases , organizations oftentarget an inadequate or unnecessarylevel of interoperability that either limitsthe clinical and administrative value ofinteroperability or needlessly increases thecost of achieving it. In many cases, themost eff icient solution is for organizationsto target different levels of interoperabilityacross systems, clinical departments andfunctions depending on specific use cases.
This approach enables organizations toconcentrate resources on achieving highlevels of interoperability in areas where itwill deliver the most significant clinical oradministrative benefits .
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
27/28
Appendix:17
8/6/2019 Accenture HealthPS Information Governance the Foundation for Effective E-Health
28/28
Copyright 2010 AccentureAll rights reserved.
Accenture, its logo, andHigh Performance Deliveredare trademarks of Accenture.
The views and opinions in this articleshould not be viewed as professional
advice with respect to your business.
About Accenture
Accenture is a global managementconsulting, technology services andoutsourcing company, with more than190,000 people serving clients in morethan 120 countries. Combining unparalleledexperience, comprehensive capabilitiesacross all industries and business functions,and extensive research on the worldsmost successful companies, Accenturecollaborates with clients to help thembecome high-performance businesses andgovernments. The company generated netrevenues of US$21.58 billion for the fiscalyear ended Aug. 31, 2009. Its home page iswww.accenture.com.
About the Accenture
Institute for Health &Public Service ValueThe Accenture Institute for Health & PublicService Value is dedicated to promotinghigh performance in the health care sectorand in public service delivery, policy-making and governance. Through researchand development initiatives, the Instituteaims to help health care and publicservice organizations deliver better social,economic and health outcomes for thepeople they serve. Its home page iswww.accenture.com/
healthpublicservicevalue.
Contacts
Global LeadMark KnickrehmHealth Industry [email protected]
+1 310-426-5202
North AmericaMarylou BaileyHealth Industry [email protected]
+1 727-897-4124
Europe, Africa and Latin AmericaJavier MurHealth Industry Lead
[email protected]+34 93-227-1058
Asia-PacificBill HigbieHealth Industry [email protected]+61 3-98388188
Project TeamAndrew TruscottAccenture Health PracticeAsia-Pacific
Giles RandleResearcher, Institute for Health andPublic Service Value
Julie McQueenDirector of Research, Institute for Healthand Public Service Value
Greg ParstonDirector, Institute for Health and PublicService Value