Project

MED INF 403 DL Winter 2008 Group 3

Group Members

Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins

Overview

The Problem:

– Much time is wasted-valuable time for both patients and medical staff alike-in filling out medical paper forms, which often contain redundant information.

Overview

Proposal:

– The solution we have in mind is inexpensive to implement, highly-portable, secure, and easily adopted: ideally patient information would be stored electronically on a thumb drive, thus obviating the need for organization and storage of large amounts of paper forms.

Group #3 Workflow Diagram

The patient enters their medical history on the USB pen drive.

The patient carries the USB pen drive to each of their health providers.

The health care provider may update the EMR for this patient.

The health care provider may choose to print the patient medical history to paper.

- OR -

The patient enters their PIN or fingerprint to authorize the transfer of data to the provider.

HealthProviderComputer

HealthProviderComputer

HealthProviderComputer

HealthProviderComputer

Group #3 Technical Diagram

Standard USB Pen Drive to contain the patient’s Personal Medical History data.

Minimum capacity of the USB Pen Drive of 64Mb to successfully store medical history data.

Cost of device approximately $25 depending on capacity.

Group #3 Technical Diagram

All data stored on the device must be encrypted to ensure privacy and security.

Autorun application is installed on USB Pen drive to transmit Personal Medical History data from the pen drive to the Healthcare provider’s computer or Electronic Medical Record system.

The Patient’s personal medical history data is stored in an XML format for easy transfer and display.

Group #3 Technical Diagram

The patient can update the data on the pen drive anytime new information is available.

Optionally, If the storage capacity allows… the patient may store electronic X-ray images or other documents on the pen drive to transport from one health care provider to another.

Personal Health Information

Who owns Personal Health Information? Traditionally, Health Information “belongs” to

the healthcare entity that captures or records the information.

According to the Markle survey, the majority of Americans believe they could gain more control and effect ownership over their healthcare by using EHRs e.g., portable thumb drive.

At issue is the top concern for most Americans concerning EHRS: misuse of personal data.

The HIPAA Privacy Rule

Issues of security, privacy and protection of the electronic exchange of PHI fall under the auspices of the Privacy Rule of HIPAA.

The Privacy Rule address the use/disclosure of PHI by organizations subject to rule (covered entities).

A covered entity may use PHI 1). As Privacy Rule permits ad 2). With individual’s written consent.

There are several exceptions that do not require consent.

Disclosure of PHI should be “minimum necessary” and on a “need to know” basis.

Application of Privacy Rule to thumb drive.

Patient needs to be assiduous about password. It should not be decipherable and should be changed regularly.

The PHI loaded on thumb drive must be secured through encryption of data and possibly use biometric delimiters to decrypt data.

The thumb drive should be received (provider’s location) solely by an authorized “need to know” person or designee.

The authorized person should have access only to the “minimum necessary” information needed to accomplish job.

High Level Technical Requirements

Form Factor: – Easy to carry. Easy to identify. Cost effective.

Premium versions.

Security: Unauthorized Access Prevention– Data is sole property of device owner and the

owner is the only one who can grant and allow access.

Security: Virus Prevention– Portable devices can spread viruses between

computer systems. An effective virus control scheme must by employed.

High Level Technical Requirements (cont)

Security: Data Storage and Transaction Encryption – Data must be stored and transacted in a way that

prevents unauthorized access.

Capacity– Sufficient capacity to store platform and text.

Docking Mechanism– Widely available and adopted mechanism should

be used to limit costs.

High Level Technical Requirements (cont)

Docking MechanismRead / Write Compatibility– Do not limit the types of machines that can read /

write to the device.

Backup– Backup is optional in case of loss, damage or

theft. The limited scope of the data included on the device doesn’t require extensive backup schemes.

Financial Analysis

Refer to Spreadsheet

Conclusion

This will help providers because the office visit is enhanced, and the interaction is more problem focused on the patient complaint vs. spending time on redundant information.

Patient’s medical information is more readily available, accurate, and accessible.

Overall this increases patient satisfaction, and improves general medical care.

Questions

Questions?