Part I
Based on the use of EHR applications throughout this course, you will develop a data security and maintenance plan. Develop the following security tools to reinforce ongoing monitoring and maintenance activities. Consider the functionality and accessibility factors of the EHRs to develop a list of security risks. Also consider the storage and retrieval requirements identified in previous EHR assignments. Then construct an outline for a security plan. Specifically address your plan to maintain data integrity.
Security tools:
- Checklist for the maintenance of equipment (such as EHR-related or document imaging equipment)
Optimization training focuses on how to communicate and teach system changes made post go live. Any system alterations introduced to the system should be made known to the end users.
EHR requires periodic upgrades to fix security patches and to integrate well with the underlying infrastructure. Upgrades provide new functionalities requested by the clients.
- Checklist for security threats
- List of common ways to minimize risk
- Risk Analysis Form - a form to evaluate the level of risk
- Security policies (at least two)
Part II
Develop a recovery and disaster plan. Every organization should have a written plan for emergency preparedness for protecting data and patient information. Your plan should include the following elements and directly correlate to your use of EHRs in this course:
Prepare for disaster before it occurs. An important aspect of computer security involves protecting electronic data from loss or corruption - that is, ensuring its integrity. Although there are many ways data integrity can be affected, the most common is loss of data from some sort of emergency or disaster, including human error, mechanical hard disk failure, equipment damage due to flooding, or computer virus infection.
A solid computer-system contingency plan is composed of a number of steps, including performing backups, preparing for continued operations in an emergency and recovering from a disaster.
The most important part of a contingency plan is having a backup system. A backup system is a combination of hardware and software that lets you retrieve exact copies of information if the originals become lost or damaged. There are several kinds of commonly used backup systems, including those that store data to tapes, compact discs or off-site devices. The equipment and service can cost from hundreds to thousands of dollars, and the best method for your practice can only be determined after you know how much data needs to be backed up. Your choice also will be influenced by cost, convenience and ease of use.
At a minimum, your practice's backup system should store all of the critical data needed to run the practice in the event of a disaster.
Activation requirements: It is important for everyone to know how and when the disaster plan will be activated. Address data recovery and mechanisms for maintaining patient care.
- General Responsibilities: An outline of the responsibilities of every department is required.
- Medical Staff Responsibilities: An outline with specific instructions and mechanisms for clinical staff caring for patients is required.
- Key Locations: Refer to where in the facility various activities will take place regarding protection of systems and hardware.
- Deactivation: Just as important as activation, the give instructions on how to deactivate the plan