Reflective Journal Week 1

 Using the attached form, complete this weeks reflections related to your readings, assignments, and implications for current or future practice. 

Reflective Journal Rubric

20 pts

Exemplary

Developing

Needs Improvement

Discussion Criteria

10 Points

7 Points

4 Points

Faculty Comments

Application of Course Knowledge 

Journal contributes reflections and unique perspectives or insights gleaned from weekly objectives or examples from the healthcare field.

Journal entry has limited application of course knowledge and demonstration of perspectives.

Journal does not reflect application of course knowledge and personal insights or examples from healthcare.

Grammar, Syntax, APA Format

APA format, grammar, spelling, and/or punctuation are accurate, or with zero to three errors.

Four to six errors in APA format, grammar, spelling, and syntax noted.

Journal entry contains greater than six errors in APA format, grammar, spelling, and/or punctuation or repeatedly makes the same errors after faculty feedback.

Informatics

24 November 2015 • Nursing Management www.nursingmanagement.com

Safety solutions

Patient safety and IT trends

s care coordinators, nurses have a primary

responsibility to be aware of the potential risks

that may accompany the increasing use of

technology in the healthcare environment.

Being able to capture and document patient

data at the point of care in an electronic format

brings with it many benefits. But there are also

inherent risks that come

with the use of health

information technology

(IT) that may impact

patient safety and data

integrity.

Consider these examples:

• A medication is pre-
scribed to be given as an

I.M. injection. It’s actually

intended to be given I.V.;

however, the physician

selects the wrong delivery

route from the drop-down

menu when prescribing

the drug in the electronic

health record (EHR)

system.

• A pharmacist processes a
medication prescription for

acetaminophen for the

wrong patient because he

has two patient records

open at the same time and

becomes distracted during

the prescribing process.

There are also many examples of how well-designed

EHRs and strong clinical processes can improve safety

through their ability to provide historical data, offer

clinical decision support, and facilitate communication

among care providers.1 In order to realize these benefits,

it’s important to identify and analyze the factors that

can lead to health IT-related errors.

How do we minimize risks?

The Joint Commission has issued a Sentinel Event

Alert on the safe use of health IT.2 This report ana-

lyzes factors contributing to 120 health IT-related

sentinel events. The analy-

sis focused on eight general

categories:

• human-computer interface
(33%)—ergonomics and

usability issues resulting in

data-related errors

• workflow and communi-
cation (24%)—issues relating

to health IT support of com-

munication and teamwork

• clinical content (23%)—
design or data issues relat-

ing to clinical content or

decision support

• internal organizational
policies, procedures, and

culture (6%)

• people (6%)—training and
failure to follow established

processes

• hardware and software (6%)
• external factors
(1%)— vendor and other

external issues

• system measurement and monitoring (1%).
Recommended actions to reduce these risk factors

include creating an organization-wide culture of safety

and implementing effective change management pro-

tocols. These actions involve systematically analyzing

each adverse event to determine if health IT played a

By Joyce Sensmeier, MS, RN-BC, CPHIMS, FHIMSS, FAAN

A

Copyright © 2015 Wolters Kluwer Health, Inc. All rights reserved.

www.nursingmanagement.com Nursing Management • November 2015 25

role and what can be done to pre-

vent a similar event from happen-

ing in the future.

A proactive approach to process

improvement should be imple-

mented to continually assess for

health IT-related patient safety risks.

This approach includes comprehen-

sive testing of health IT hardware

and software to ensure that it’s free

from malfunctions; configuring the

system to allow clinicians to clearly

identify patients and maximize use

of the EHR to prescribe medica-

tions, tests, and procedures; and

providing patients with access to

their electronic records via portals

to enable them to review those

records for accuracy. For example,

organizations participating in the

OpenNotes project are seeing

improvements in quality and

safety over the 5 years of the study,

including enhanced error reporting,

more effective catching of medica-

tion errors, and improved care

coordination.3

Additional actions suggested by

The Joint Commission to reduce

risks emphasize the importance of

leadership and oversight of health

IT planning, implementation, and

evaluation. This oversight involves

examining workflow processes for

inefficiencies, choosing and opti-

mizing systems that align with the

work of clinicians, continually

improving system interoperability,

and monitoring system effectiveness

according to established metrics.

But the ultimate responsibility for

minimizing the potential negative

impact of health IT lies with the end

users who should be aware of

potential risks to patients in any

clinical situation.

Another resource that offers a

plan for protecting patient safety

and improving care quality is the

recently published Office of the

National Coordinator for Health

Information Technology’s Health IT

Safety Center Roadmap.4 Central to

the proposal is creating a health IT

safety center or “collaboratory” that

welcomes stakeholders from across

the healthcare spectrum and govern-

ment into a trusted space for collab-

orating on solutions. This center will

provide a forum for the exchange of

ideas and information focused on

promoting health IT as an integral

part of patient safety and carry out

the following activities:

• collaborate on solutions to address
health IT-related safety events and

hazards

• improve identification and sharing
of information on health IT-related

safety issues

• report evidence on health
IT-related safety solutions

• promote health IT-related safety
education and competency.

The center will also play an

important role in gathering and

analyzing evidence for preventing

low-frequency, high-severity events,

such as wrong-site surgery, in which

the stakes are high but the causes

are poorly understood.

Several healthcare technologies

used daily by nurses are identified as

potential areas of risk by two reports

published by the ECRI Institute.5 The

top two hazards in each of these

reports were 1) alarm hazards due to

inadequate alarm configuration poli-

cies and practices and 2) data integ-

rity failure due to incorrect or miss-

ing data in EHRs and other health IT

systems. Examples of data integrity

failures as listed in the ECRI Top 10

Health Technology Hazards for 2015

report include the following:

• appearance of one patient’s data
in another patient’s record

• missing data or delayed data
delivery

• clock synchronization errors
between medical devices and IT

systems

• default values being used by
mistake or fields being prepopu-

lated with erroneous data

• inconsistencies in patient informa-
tion when both paper and electronic

records are used

• outdated information being cop-
ied and pasted into a new report.6

To address these problems, organi-

zations should assess their health

IT systems and identify data integ-

rity failures, correcting them to pre-

vent similar problems from recur-

ring. Organizations should also

empower users to report all types of

health IT-related incidents, including

those that don’t cause any harm and

near-misses, because staff members

don’t always recognize health IT’s

contribution to an event. Nurses

should be especially mindful of the

risks of copying and pasting infor-

mation from one episode of care to

another. When errors in documenta-

tion are made, incomplete, inaccurate,

The ultimate responsibility for minimizing the potential
negative impact of health IT lies with the end users who should
be aware of potential risks to patients in any clinical situation.

Copyright © 2015 Wolters Kluwer Health, Inc. All rights reserved.

26 November 2015 • Nursing Management www.nursingmanagement.com

Safety solutions Informatics
or out-of-date information can end up

in a patient’s record, potentially lead-

ing to incorrect treatment decisions or

ultimately causing patient harm.

Where will technology take us?

It has been projected that by 2020 the

average household will contain sev-

eral hundred smart objects, including

LED light bulbs, domestic appli-

ances, sports equipment, and medi-

cal devices. These smart objects are a

part of the “Internet of Things” and

most of them will be able to commu-

nicate with an app on a smartphone

or tablet. Although it’s appealing to

anticipate having dinner prepared

by our smart appliances, we can also

imagine the impact these innova-

tions will have on healthcare.

Monitoring data from a patient’s

wearable technology or maintaining

an accurate up-to-date inventory of

the right supplies and equipment

will allow healthcare organizations to

stay ahead of the curve. Implement-

ing innovative solutions that capture

and analyze data in real time can

improve healthcare quality by find-

ing common patterns and anticipating

outcomes. With smart technologies

rapidly maturing, the healthcare

industry stands to benefit from this

enhanced intelligence to improve

performance through innovation.

Another emerging technology is

remote patient monitoring, which

merges wireless technology and

healthcare to focus on chronic condi-

tions such as heart disease and dia-

betes. Some healthcare providers are

installing devices in patients’ homes

to collect continuous data on weight,

BP, blood glucose, and blood oxygen

levels. These integrated systems

can allow providers to detect and

address issues before they have

serious health consequences. The use

of technologies, such as wearables,

telehealth, text messaging, and smart

devices, can potentially help reduce

rehospitalizations and promote pre-

vention, allowing for earlier diagno-

sis and intervention.7 The challenge

for nurses is to ensure that we main-

tain a meaningful provider-patient

relationship while leveraging the

power of high-tech monitoring and

treatment approaches.

Although these emerging and

innovative technologies may

improve health and healthcare, they

can also introduce new security vul-

nerabilities.8 During a recent hearing,

lawmakers heard testimony from

industry leaders about both the ben-

efits and risks to consumers of con-

nected health devices that may hold

large amounts of personal health

information.9 Individuals looking to

exploit this valuable health data can

hack into these systems, cutting to

the very core of personal privacy.

Cybersecurity protections are rap-

idly becoming essential safeguards

for EHRs that are connected with

mobile devices.6 Acknowledging that

mobile devices are increasingly

being used to store, process, and

transmit patient information, the

National Cybersecurity Center of

Excellence has developed resources

to help organizations implement

advanced technologies to ensure the

security of patient information trans-

mitted on such devices.10 Organiza-

tions can use these resources to

implement relevant standards and

best practices to minimize vulnera-

bility to attack. These guidelines

should be used as part of a continu-

ous risk management process that

will increase the security of EHRs.

Safe and secure

The role of today’s nurse in safe-

guarding patient care is increasingly

complex. Understanding the poten-

tial risks of health IT and mobile

technologies, as well as adopting

essential safeguards, will ensure

that care isn’t compromised and

errors are mitigated. Resources are

available to equip nurses to navi-

gate this evolving frontier, ensuring

patient safety and high-quality,

coordinated care. NM

REFERENCES
1. Agency for Healthcare Research and Qual-

ity. Chartbook on care coordination. www.
ahrq.gov/research/findings/nhqrdr/2014
chartbooks/carecoordination/index.html.

2. The Joint Commission. Sentinel event alert,
issue 54. www.jointcommission.org/assets/
1/18/SEA_54 .

3. Miliard M. OpenNotes showing benefits at
BIDMC. www.healthcareitnews.com/print/
95681.

4. Office of the National Coordinator for
Health Information Technology. Health
IT safety center roadmap. www.healthit
safety.org.

5. ECRI Institute. Top 10 patient safety
concerns for 2015. www.ecri.org/Patient
SafetyTop10.

6. ECRI Institute. Top 10 health technology
hazards for 2015. www.ecri.org/2015
hazards.

7. Blumenthal S, Somashekar G. Advancing
health with information technology in the
21st century. www.huffingtonpost.com/
susan-blumenthal/advancing-health-with-
inf_b_7968190.html.

8. Slabodkin G. Connected health devices
generate innovation and consternation.
www.healthdatamanagement.com/news/
Connected-Health-Devices-Generate-Inno-
vation-and-Consternation-51024-1.html.

9. U.S. House of Representatives Judiciary
Committee. Hearing: internet of things.
http://judiciary.house.gov/index.cfm/
2015/7/hearing-internet-of-things.

10. National Cybersecurity Center of Excel-
lence. Securing electronic health records
on mobile devices. https://nccoe.nist.gov/
sites/default/files/nccoe/NIST_SP1800-
1b_Draft_HIT_Mobile_Approach-Arch-
Security .

Joyce Sensmeier is the vice president of
Informatics at the Healthcare Information and
Management Systems Society in Chicago, Ill.

The author has disclosed that she has no
financial relationships related to this article.

DOI-10.1097/01.NUMA.0000472765.03731.28

Copyright © 2015 Wolters Kluwer Health, Inc. All rights reserved.

Reflective Journal

Name:

Date:

1. Summarize and reflect on this week’s, readings and learning activities.

2. How will these concepts impact your own professional practice now or in the future?

Chapter 1: Introduction to the Fundamentals of

Law

Fundamentals of Law for Health Informatics and Information Management, Third Edition

© 2017 American Health Information Management Association

© 2017 American Health Information Management Association

Defining Law

Law

Represents a set of governing rules designed to protect citizens living in a civilized society

Establishes order, provides parameters for conduct, and defines rights and obligations of government and its citizens

Controls behavior that threatens public safety and sets penalties for disobedience

© 2017 American Health Information Management Association
Two Types of Law
Public law
Involves federal, state, and local governments
Defines, regulates, and enforces rights and duties among individuals and businesses as related to government.
Private law
Involves rules and principles that defines rights and duties among individuals and private businesses

© 2017 American Health Information Management Association
Law and Healthcare
US healthcare is a trillion-dollar business regulated by federal and state laws, accrediting bodies, practice standards, and codes of ethics
Serves to protect consumers and providers by requiring accountability for services and privacy, confidentiality, and security of health information

© 2017 American Health Information Management Association
Law and Health Information
Health information
Data generated and collected as a result of delivering care to a patient
Uses of health information
Primary use—clinical care
Secondary uses—public health reporting, population health management, third-party reimbursement, quality improvement, and patient safety
Used as evidence in legal cases in which conflict arises and resolutions is sought through the court system

© 2017 American Health Information Management Association
Health Information
Protected under federal law—HIPAA,
defines health information as:
“It is any information, whether oral or recorded in any form or medium, that: (1) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual” (45 CFR 160.103).

© 2017 American Health Information Management Association
Health Information Technology
Push to decrease healthcare costs and improve quality and safety of healthcare through use of health information technology (HIT)
Movement from paper to electronic health records (EHRs) and health information exchanges (HIE) that enable the sharing of information with multiple parties and across multiple boundaries

© 2017 American Health Information Management Association
Law and HIT
Public and private collaborations are working together to eliminate legal barriers for sharing electronically stored health information
Example: National Governors Association— roadmap to help states improve health information flow

© 2017 American Health Information Management Association
Health Records
Health information comprises a health record which is defined as:
“Individually identifiable data, in any medium, that are collected, processed, stored, displayed, and used by healthcare professionals” (AHIMA 2010)

© 2017 American Health Information Management Association
Types of Health Records
Hybrid health record
Electronic health record
Electronic medical record
Personal health record

© 2017 American Health Information Management Association
Hybrid Health Record
Record that consists of both paper and electronic records and media (for example, film, video, or imaging system) and uses both manual and electronic processes
Data in the record may be handwritten, direct voice entry captured in a word-processing system, or from provider wireless devices such as handheld personal computers

© 2017 American Health Information Management Association
Electronic Health Record
“An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization.” The National Alliance for Health Information Technology (NAHIT) definition

© 2017 American Health Information Management Association
Electronic Medical Record
“An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one healthcare organization” The National Alliance for Health Information Technology definition

© 2017 American Health Information Management Association
Personal Health Record
“An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual” The National Alliance for Health Information Technology definition

© 2017 American Health Information Management Association
Protection of Health Information and Health Records
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Privacy Rule in effect 2002
Security Rule in effect 2003
Health Information Technology for Economic and Clinical Health Act (HITECH) of the American Reinvestment and Recovery Act of 2009 (ARRA)

© 2017 American Health Information Management Association

Privacy and Confidentiality of Health Information
Historically key components of the patient-provider relationship.
Inherent trust that patient information will be kept private and protected from unauthorized access.
It is important to understand differences between privacy, confidentiality, and security and how the concepts relate to law

© 2017 American Health Information Management Association
Privacy
Privacy is an important social value; it means “a right to be left alone.”
Definitions
“Privacy is a right of individuals to be let [sic] alone and to be protected against physical or psychological invasion or the misuse of their property. It includes freedom from intrusion or observation into one’s private affairs, the right to maintain control over certain personal information, and the freedom to act without outside interference” (ASTM 2010)
“Right to limit the disclosure of personal information” (Joint Commission 2016)

© 2017 American Health Information Management Association

17

Confidentiality
Results from sharing private thoughts with someone else in confidence
Definitions
“Status accorded to data or information indicating that it is sensitive for some reason, and therefore it needs to be protected against theft, disclosure, or improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to know” (ASTM 2010)
“Protection of data or information from being made available or disclosed to an unauthorized person(s) or process(es)” (The Joint Commission 2016)

© 2017 American Health Information Management Association
Confidentiality (continued)
Privileged communication
Confidentiality, as recognized by law, stems from a relationship where information is shared between two parties such as attorney and client, clergy and parishioner, husband and wife, or physician and patient. The information or communication shared in these relationships is considered “privileged.”
Confidentiality obligates healthcare providers (individuals and organizations) to protect patient information

© 2017 American Health Information Management Association
Security
Relates to privacy and confidentiality
Pertains to the physical and electronic protection of information that preserves these concepts
Definition
“Prevent unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system” (Joint Commission 2016)

© 2017 American Health Information Management Association
Security (continued)
ASTM E 31 offers two perspectives
Data security
Systems security

© 2017 American Health Information Management Association
ASTM E 31—Data Security
Data security is defined as
“The result of effective data protection measures; the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to accidental or intentional access or disclosure to unauthorized persons, or a combination thereof; accidental or malicious alteration; unauthorized copying; or loss by theft or destruction by hardware failures, software deficiencies, operating mistakes; physical damage by fire, water, smoke, excessive temperature, electrical failure or sabotage; or a combination thereof. Data security exists when data are protected from accidental or intentional disclosure to unauthorized persons and from unauthorized or accidental alteration” (ASTM 2010).

© 2017 American Health Information Management Association
ASTM E 31—System Security
System security is defined as
The totality of safeguards including hardware, software, personnel policies, information practice policies, disaster preparedness, and oversight of these components. Security protects both the system and the information contained within from unauthorized access from without and from misuse from within. Security enables the entity or system to protect the confidential information it stores from unauthorized access, disclosure, or misuse, thereby protecting the privacy of the individuals who are the subjects of the stored information” (ASTM 2010).

© 2017 American Health Information Management Association
US Code on Information Security
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide
Integrity, which means guarding against improper information modifications or destruction, and includes ensuring information non-repudiation and authenticity
Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and propriety information
Availability, which means ensuring timely and reliable access to and use of information

© 2017 American Health Information Management Association
Ownership of Health Record
Ownership of the health record
Traditionally granted to healthcare provider who generates the record. However, state and federal laws have long upheld the right of the patient to control the information within the record
The HIPAA Privacy Rule (45 CFR 164.524–526) grants a patient the right to access, view, copy, or amend the record.
Ownership does not permit providers to share or sell patient-identifiable medical information as they wish.

© 2017 American Health Information Management Association

Custodian of Health Records
“Individual who has been designated as having responsibility for the care, custody, control, and proper safekeeping and disclosure of health records for such persons or institutions that prepare and maintain records of healthcare” (AHIMA 2010)
Role of custodian = gatekeeper

© 2017 American Health Information Management Association
Stewardship
Similar to role of custodianship
Goes beyond physical record to include
“Responsibilities for ensuring integrity (accuracy, completeness, timeliness) and security (protection of privacy as well as from tampering, loss or destruction) within the context of electronic information and records management” (Davidson 2010)

© 2017 American Health Information Management Association
Information Governance
Stewardship as a component of information governance which is the “strategic management of enterprise electronic information including the standards, policies, and procedures for access, use, and control of that information” (Johns 2015)

© 2017 American Health Information Management Association
Stewardship and Governance
Role of steward requires leadership, responsibility and governance to ensure consistent application of, and compliance with policies across organization-wide distributed information systems.

© 2017 American Health Information Management Association