Isha Howard
Anthony Lauderdale
Daniel Rouse
Tyler Lenick
LIS4785
12/8/14


LIS4785 Project Proposal: Patient Safety and Privacy of Health Records



1.) Problem Statement
The issue we are presenting will be based upon ensuring safety of private and personal health records of individuals and how it can affect one another if these records are not properly secure. Protection of health records is a very crucial aspect throughout healthcare and health IT; therefore, it truly is important to work to find solutions that prevent the occurrence of unstable protection of health records.


· Health record safety solely affects patients throughout databases at doctors’ offices and hospitals.
· The main conflict that has occurred is that people may have somewhat of an easier access to private health records, especially over large databases. Certainly, this is a tremendous wake-up call to patients, health IT specialists, and doctors. Health records should already be protected under the federal government, so it comes as a surprise that situations such as these can occur.
· The problem starts to occur a bit shortly after a doctor or clinic visit when a patient’s personal information is stored in an electronic health record. There can be many circumstances in a situation like this, leading to neglected privacy from a physician who may have been informed to not receive all info from the patient, or it seems to be public for others to see.


This is an issue that must be fixed right away, due to the fact that legal issues could derive from it as well as the simple reasoning of privacy invasion. It is a problem that has the possibility of affecting the whole of the healthcare industry. From doctors offices to patients homes, medical records are kept in a number of varying places and the places they are stored are potentially vulnerable to an attack that can compromise the confidentiality of patents information, particularly if they are kept in a digital storage solution that is not secure. Our goal is to figure out ways we could promote safety in all areas of health IT and information/data systems.

2.) Evidence to support the problem
When dealing with electronic based records there will always be an issue with security. Problems could easily arise if someone is able to hack into an electronic health record database and gain access to individuals personal health records. If we were to create a national healthcare database, it would need to be secure. Having a central database would be a big target for hackers, compared to smaller databases.

In 2012 a small medical practice’s EMRs were hacked. The hackers demanded a ransom which caused the office to shut down their system. Since 2009 it has been reported that 37 hospitals and doctor’s offices in the U.S have been hacked. In these cases the result was theft or damage of EMRs. Also since 2009, 21 million Americans have had their EMRs stolen.

· One of the biggest EMR hacks was against TRICARE(the civilian healthcare program for armed forces members). In 2011 4.9 millions TRICARE members had their EMRs stolen.(Ungerleider, 2012)


· Another case in 2012 involved Eastern European hackers, hacking a hospital in Utah in order to obtain information such as patients social security numbers, diagnosis information, and medical billing information.As healthcare starts head more towards electronic records and systems the need for database security starts to become more important. If more people were to collaborate on a database it would be more secure than smaller hospitals or doctors offices hosting their own.


3.)Potential Solutions

Data security, privacy, and liability certainly are not underestimated conflicts that have been taking place throughout the world of Healthcare IT and information systems. Luckily, there are certain steps and actions that we can take to prevent any further disruptions in an individual's private and personal protection. There are ways we can make them feel safe and confident in their own health records.
· The first solution presented would be having a single main central based hub where all the information is stored in the hub, so that patients, doctors, and other medical staff could access this hub where they are in the US. The solution would also include a web biased application that would allow medical staff to access patent information when ever they needed it.
The hub would have to be rather large and expensive to be able to support multiple records and be able to take count of the files that are taken in and out of the system at specific times. This would become an issue if the main hub was taken offline and since it is the only resource that clientele can access, if would be more susceptible to, so security would be required to managed this central database around the clock.
· The second solution would involve having four regional hubs where all the information is stored based on where the regional area the clientele are.
These hubs would still be able to pool records from other hubs, however they would mainly be focused on the region they are stationed for. They would be mostly the same cost as the large one, mainly due to if one of them were damaged or attacked, the other three would still be able to managed the fourth information, however who would receive what record would take some time to stabilize the databases.
· The final solution is to have a main central hub and the web access application like the first solution, however allow all regions to access remote databases with all the information.This way it limits the threat of attack, and if a remote database goes down, it will be easier to replace than to fix the central hub after an attack. The central hub would still contain the same amount of monitored security, so the only other cost need would be to pay for IT professionals keep the remote databases up and running. Out of the other two these would be the most plausible option, because it going to be less money and hassle in the long run when setting up and managing the central hub.

4.) Existing solutions
There are a number of EHR solutions that are available to hospitals and other local physicians. eClinicalWorks, McKesson, Cerner and Allscripts are some of the top EHR programs available in the market right now. The issue with all of these alternative solutions however is that
1. They are complicated to use and require extensive training in order to be used properly.
2. They are all different in the way they operate. There is no current industry standard for EHR’s in the market at this time.
3. Typical EHR solutions available right now make they hospital store and secure the medical info that they are accessing. This a big security risk as well as an added expense that the hospital has to account for.
4. Hospitals who use the same EHR system don’t have access to each others records. This can be a problem if a patent needed to be seen at another hospital that they do not regularly go too. The other hospital would have to wait for the medical record to be delivered to them to access the patients information.

5.) Feasibility of solutions
1. The major benefit of the first solution is the security that having all the information in one location provides. However, if the system crashes or is down for mantinice, the information could become inaccessible until the problem is fixed. Another issue with this solution is the upfront cost of building the data warehouse needed to store all the EHR information.
2. The major benefit of having the regional hubs is the benefit of having your information spread out along a couple of areas. If the system were to go down, Hospital staff would still have access to the information that they needed while the system is fixed. However, having many hubs makes your system more vulnerable to hackers who could try to steal info.
3. Solution 3 involves a central hub much like solution 1 however, solution 3 involved giving access to medical info to all hospitals enrolled in the program. This solution has the same issues as solution 1 but allows for the best security for the system.

6.) Our Chosen approach
Basic app info:
· Name: InterHealth
· Audience: All major hospitals
· Concept: and EHR/ database that stores all patent info that can be accessible by all hospitals if needed.
· Purpose: to provide an industry standard for EHR’s as well as provide a secure system that gives hospitals easy access to patent information that is simple and easy to use.
· InterHealth is an EHR and database solution that aims to provide hospitals with a secure way to store and access patent information. This solution features a secured centralized database that can give any hospital enrolled in the InterHealth program to have access to any patents info if needed. The web biased EHR features a simplified UI that is easy to rain staff on as well was secure log in.

7.) Completion timeline
· September (Planning)
o Identify problem with current HER systems
o Brainstorm possible solutions
o Confirm project topic for submission
· October (Research)
o Research similar HER systems
o Find evidence to support problem
o Determine approach for project
· November (Design)
o Determine solution for project
o Plan app design
o Build and test prototype
· December (Presentation)
o Create presentation powerpoint
o Present project
o List future goals of the project

8.) Team roles
· Daniel Rouse
o Designed app prototype, researched possible solutions
· Isha Howard
o Compiled initial project report, researched alternative and existing solutions
· Tyler Lenick
o Responsible for recording meeting minutes and organizing group meetings
· Anthony Lauderdale
o Developed project PowerPoint for both presentations
9.) Meeting minutes






10.) Solution prototypes
Project Prototype

11.) Final Solution
The group has come up with a web biased EHR system database combo that will provide all hospitals with an easy to use system that is designed to be secure and easy to use.
The system works by enrolling hospitals in InterHealth giving them access to the database. We then convert all existing records and port them over into the system. After rolling out into a new hospital, the system will allow hospital workers to create, access, and alter EHR records while a patent visits. The app is designed to give each hospital worker a level of access necessary for them to complete their work. For example, a receptionist will not have access to patent info while a nurse will have limited access. A doctor will have full access in order to conduct their appointments. Receptionists who work at the front desk of hospitals will be able to check in patents and confirm their appointment. They will confirm their identity and send their medical info to the nurse to start the appointment.

12.) Next steps
The next steps for this project include
· Building the data warehouse for the system
· Enrolling hospitals in the program
· Designing a beta program to test usability

13.) Citations
· Osborne, C. (2013, June 26). The top ten most common database security vulnerabilities. Retrieved September 24, 2014.
· UNGERLEIDER, N. (2012, August 15). MEDICAL CYBERCRIME: THE NEXT FRONTIER. Retrieved September 23, 2014.
· "The 20 Most Popular EMR Software Solutions." The Top 20 Most Popular EMR Software Solutions. Web. 7 Dec. 2014. <http://www.capterra.com/infographics/top-emr-software>.