Challenges of health information sharing records for emergency preparedness

Introduction

While enhancing patient quality of care health care organizations face dynamic challenges. The complexity is the challenge of data and information expansion, reducing cost while continuing patient safety and quality care in the United States health care market. Since health technology have moved from paper to health information technology (HIT), electronic health records (EHR) and health information exchange (HIE) health information are saving $300 billion, with integrated data and information sharing. During the last 20 years public and private sectors are implementing ways to prevent security breach of storage and sharing through different parties and boundaries of fee for service and value base care delivery of information. The Office of National Coordinator for Health Information Technology (ONC) negotiated ways to provide guides and tools for healthcare organization and vendors to support patient engagement, sharing health information and contract negotiation. All are responsible for protection and security are health information management, health information informatics as well as physicians, nurses, volunteers and other health providers. Each is responsible for the understanding of the legal system of laws, regulations, standards and ethical obligations (Brodnik, Rinehart-Thompson, Reynolds, 2017).

According to Premier, (2015) Healthcare organizations and staff members are the key role in emergency preparedness and response of disasters which include man-made, terror attack, and nature. Therefore, every healthcare organization and their staff should facilitate planning, mitigation, prepare response and recovery. Organizations can better prepare themselves by enlisting resources from federal government agencies, health agencies, professional organizations, education and training. Premier, (2015) provided links to key planning resources that will guide care givers and other health organization management tools to communicate and prepare for disastrous events. The key models are CDC’s Healthcare Preparedness Activity tools and resources for public health emergency, and the United States Department of Health and Human Services which gives resources on Federal, State, local, territorial and tribal stake holder’s incidents before, during and after disaster. The Health and Human Service website according to Premier, (2015)http://www. phe. gov/emergency/hhscapabilities/Pages/default. aspxPublic Health Emergency provide links, example Situation Awareness, Public Health Surveillance and Medical Care Personnel and other capabilities, product and support to help health care entities understand emergency management.

According to PourHosseini, Ardalan, Mehrdhassani,  (2015) the abnormal events that may cause disaster are earthquakes, fires, floods and unnatural events. Disasters impact and disrupt communities, society, economic, environment loss and resources. Disasters disturbs people healthcare therefore, proper health care is needed. Because of the terrible impact of disaster health management delivering health services can delegate improvement. Administration and healthcare management can begin the challenges of operational decision making, planning to enable better communication and information for healthcare organizations. There are two questions that healthcare organizations can answer which are response stage to disaster and the impact of health management and healthcare services in disaster examples of desired functions. The questions were answered using a method and material approach which is a qualitative and analysis approach. The study provided interviews with 30 Iran organization management experts who included natural disaster within the last 10 years. The interview consist of face to face questions of own experience operation evidence. The results included themes and optional performance. Examples are human resource, management, regional needs, assigned task, welfare of patients and equipment. The physical resource management includes victim’s management transfer, information and communication management, budget management and environmental health to name a few (Pourhosseini, Ardalan, Mehrdhassani, 2015). Pourhosseini, Ardalan, Mehrdhassani, (2015) describe the following organizations included, Health and Medicare Education Ministry, Red Cross, University of Medical Science, Fire Department, Police, Municipal, electric and oil company, and government hospitals. Natural disasters implementation in set for disasters and health services and what response stage furthermore, disaster management should reflect proper coordination of communication, information and commend lines. Operation planning of healthcare services and sectors would benefit from communication and influence with relationship to other health sectors.

When the world look at natural disaster news on television (Puranik, 2018) or read about it individuals do not understand the complexity of vulnerability of data security. According to Puranik, (2018) 58 percent of organizations are not well implemented toward disaster management and 60 percent will lose a fortune if not well prepared. Organizations are now investing in cloud back up and organization test for weakness. The most important approach to a disaster recovery plan is a potential business impact analysis, determine possible outcome of operation, and staff response so business can function under stress. Organizations are now investing their staff understands software, access of mobile device, laptops, evacuation plans, chains of contact, and lines of communication and continued data backup.

To prevent data loss during a disaster it would be wise to implement data safe guards. According to Brodnik, Rinehart-Thompson, Reynolds, (2017). The American Health Information Management Association functional plan consist of data backup, system and component recreation, location, description, paper record, configuration, network, hardware and software, policy procedures, contracts, and estimated functions of providers and organizations. In question of data recovery and estimated time which is a demand, data recovery may exist in time of destruction though implementation involving uploaded documents from a secured database. Other health securities may include strong passwords, authentication, and antivirus. As healthcare and technology continue to grow healthcare professionals such as Administration, Managers and Security Officers can enforce training in relation to compliance (Brodnik, Rinehart-Thompson, Reynolds, 2017).  The American Health Information Management Association implemented of backup tapes and servers including the secondary suggested site away from disruption, re-transcribing copies of health information from doctors’ offices, or other facilities. Power outages emergency operation contingent planning should include a disaster plan with organizational ability to function without electricity. Organization planning would include function for each case of disaster whether it is a hurricane, fire, flood or explosion. Each department should have names of originators, dates, assumptions, limitations, alternatives, and solutions phone numbers, assigned responsibility and contact information. The many threats that are known to health care organizations are phishing, employee’s errors, natural and environment threats, identity medical theft, cyber-attacks, and ransom ware. Organizations can invest in firewall protection, for traffic entering and leaving the network.

The code of ethical principle is a mission to values and acceptable behavior. There are sets of laws health care organizations can introduce to health care worker. The American Health Information quality of care, The American Medical Association relates to private and confidentiality, and Health Insurance Portability and Accountability Act for protection of health information. Health organizations are measured by how leadership can generate in-service meeting to properly train and alert health care organizations to law, regulations and policies (Brodnik, Rinehart-Thompson, Reynolds, 2017).

Disaster Preparedness

In times of emergency healthcare organizations can work together to secure people lives. Health care facilities are the day to day care provider so when disaster strikes health organizations must protect patients, staff, and visitors from hazards by investing in health infrastructure (USA, 2017). Health organizations must continue to provide medical care, storage of patient data, and continue assessment of safety and preparedness. Healthcare investment reduces destruction and burden on hospital emergency service during disasters. The key is to protect health workers, and patients from acts of violence. Health infrastructure can reduce reliability of water and power supply as well as providing a sustainable environment. The risk factors are unsafe facilities, disruption of health service including healthcare, community support, supplies and other post disaster phases (USA, 2017). There should be in place a promise disrupted care and foster arrangements to respond to patient and visitors during a disaster therefore, reducing the risk of economic loss on funds, community program which is required to maintain a design to protect the population health care. Government and communities can began better preparation of healthcare organizations safety by investing in the national policy, programs for emergency safety, and ensure health essential services. Community and health organizations objective could be to join forces, implement risk management and resources, continue training and evaluate past disasters to better address future disasters. The frame work strengthens, reduces, and promotes transportation, education and saving lives during and after disaster (USA, 2017).

Risk Assessment and Risk Management

Risk assessment and risk management are proven to be a positive factor of prevention, response and recovery to determine and implemented actions against natural disasters, hazard and man-made disasters. A public health risk factors according to UNISDR, (2017) is the Nation Risk Assessment (NRA) policy approach that generate a framework of strengthening health risk management, identify weak links, developer policy measurement, address different population and geographical emergency needs in health disaster. Risk is also the ability to invest in government agencies ensuring mechanism of policies or technology is developed. The public risk education may be hazard, context components and exposure assessment (UNISDR, 2017). The process of disaster risk management or risk assessment is that potential positive consequences are identified at early stages of disease, and evaluate exposures. An example is human to human, droplet, or effective issues. Health care organizations can provide a risk characterization matrix strategy to reduce levels of hazards by define and identify vulnerability, response, implementation, risk mitigation and preparedness. Another example of risk harassment is a Strategic Tool for Assessing Risk (STAR). How this work is early detected warning response measure processed through Rapid Risk Assessment, consistency and interdisciplinary strategy (UNISDR, 2017).

Public and Consumers Privacy and Security

What better go with risk and management assessment to include data support, security, and confidentiality for health organization? The goal is to accommodate, every health care organization providing and maintaining confidentiality and security to health records. According to CDC, (nd) organizations that lack state and local level programs can develop or upgrade security, policies procedures, and confidentiality. Team members can better protect their health organization health investments and patients by initiating managers, directors and leaders, include staff, program managers, directors and other healthcare leadership in requirement and proceedings, and involve technology experts.  Technology should consist of early stage and understanding, review of policies and procedures, key individual’s involvement, educate on state and local laws, implement electronic data storage, training, barriers to weakness and gather past history breech of data (CDC, nd). The NCHHSTP inquired programs to follow rules of developing and maintaining information guidelines to protect data security, confidentiality, policies, legislation, standards, state and local laws. Although there are available programs and information to secure sensitive data breeches may still occur. Enforcement can reduce the risk. To break the barrier organizations can invest in system requirements of confidentiality at all levels. Therefore, health organizations can invest in storage data at other locations or the use of clouds. Also, the Health Information Technology for Economic and clinical health Act (HITECH) is part of the American Recovery and Investment Act of 2009 security and Guidance of electronic health records. HITECH is connected to HIPAA to reinforce rules of liability to many health organizations against compliance (CDC, nd).

Natural disaster impact on facilities is the destruction to nonexistent. Fortunately, facilities can prepare themselves with powered systems in place to manage personal health records. Disaster preparedness is the health organization understanding the role or function of each individual. Disaster preparedness is also having an evacuation safe place, having medical history, medicine and treatment information stored in a safe place. Health care technology enhances communication by providing portable cell towers and high speed mobile internet for back up. Natural disaster can come at any time when you least expects therefore, organization can protect themselves with: (Renjan, 2018)

1. A preparedness plan
2. Cloud bass system
3. Location of IT
4. Back up data
5. Medical Device (Renjan, 2018)

It is important that health care organizations prepare themselves using rules and regulations to protect consumers and the public. Each individual deserve the protection of their sensitive information and protect from improper use, disclosure or theft. To properly understand privacy rules laws health organization can provide structure from HIPAA and The Joint Commission. (Brodnik, Rinehart-Thompson, Reynolds, 2017).

1. Right to request confidentiality
2. Intel communication across healthcare sectors
3. Implement privacy rules
4. Laws and regulations (Brodnik, Rinehart-Thompson, Reynolds, 2017).

Contingency and Disaster Recovery and Planning

The contingency and disaster recovery planning according to Brodnik, Rinehart-Thompson, Reynolds, (2017) also known as disaster recovery is a mandated Health Information Portability Accountability Act of 1996 to protect electronic Protected Health Information during emergency disaster that eliminates power or access to facilities. A business continuity plan should be implemented to continue health care operations during and after service of an interrupted event, activity and process. There are two types of plans, the contingency plan and disaster plan. The contingency disaster plan is the critical business function however, the contingency disaster plan is the, during and after lost which is implemented upon technical procedures, and organization implementation that relieves the stress of organization disruption which would include information damage, stability or recovery. Several key components that outline the contingency or disaster plan which is required by the Health Information Portability Accountability Act Security Rule are risk assessment and analysis data backup, disaster recovery emergency operation and contingency planning. A risk assessment found in HIPAA regulations the AHIMA disaster and planning and recovery toolkit and NIST regulation is to be implemented before the continuity plan as well as assessment that brace electronic records and patient care. Data backup of information is another mechanism for health departments to protect patient information. Backup data may consist of according to Brodnik, Rinehart-Thompson, Reynolds, (2017) servers, and medical tapes that remain at another location where disaster would not occur. The AHIMA disaster and recovery toolkit she included more than the HIPAA security Rule. There are 5 inclusions which consist of all data backup with guidelines to reproduce all elements of the health information system, electronic hybrid or paper record description and location including hardware and software configuration, policies and procedures, contract and data process, assignment backup of personnel dysfunction and an estimation of time of recovery stage. The need for extra backup should be minimized if procedures are correctly followed. Healthcare providers can always seek other health organizations for support of data recovery. They should have standard principles of formatting data, data retention policies, an outlined policy and procedure of the backup version and recovery time table estimation of how long the organization can go without data from an earlier time. According to Brodnik, Rinehart-Thompson, Reynolds, (2017) if records are not obtainable health organizations can upload from an undamaged database, transcribe or gather previous copies from other health facilities. Another phase of contingency or disaster planning is the emergency operation outline which may include prerecording of clinical information. In case of an employee emergency, the healthcare organization can implements plans for securing ePHI with events a list of disasters for the particular part of a country, core process included patient identification, documentation and workflow. Healthcare providers should also provide functions in case of electric issues. Health organization can also provide security for threat from known sources like cyber security, The National Cyber Security Alliance (NCSA), antivirus software, passwords authentic technology and security training (Brodnik, Rinehart-Thompson, Reynolds, 2017).

Disaster Planning and Evacuation

Hospitals need more than disaster planning of risk assessment, data backup, recovery and emergency mode of operation Brodnik, Rinehart-Thompson, Reynolds,( 2017). According to California Hospital Association, (2017) a disaster plan evacuation must be included in health organizations for the confrontation of events on disaster. As for any disaster plan, preplanning and addressing management structure for healthcare operation is needed. The Memoranda of Understanding (MOUs) is a protocol plan that provides mutual aid during disasters. Every area has local emergency medical service agency (LEMSA), and Emergency Operations Center and Medical Health Operational Area Coordinator (MHOAC). The hospital uses local plan and protocols for evacuation while the LEMSA or EOC assist with identifying, coordinating placement and transportation. In cases where LEMSA or EOC are not available hospital management is responsible for instruction of identifying, providing consent before transferring patient to receiving facilities as well as evacuation protocol for medication, supplies, equipment, medical records and tracking patients. California Hospital Association, (2017) also said the hospital check list provide information, structure and procedure of evaluation and shelter. Staff expectation should consist of individuals accompanying patient to local Alternative Care Sites (ACS) and provide drills and training to acknowledge the plan is honorable. There is a plan and phase evacuation that depends on the natural disaster. An example is the specific area that has a specific disaster like a certain country that is known for earthquakes. The phase and evacuation are different roles with part 1 being of guidance and structures, Part 2 are roles and responsibility which provide creation plan and revised up update and part 3 is the shelter in place while brainstorming and identifying gaps and provide solution to compare to exiting plans California Hospital Association, (2017).

Disaster Evacuation

California Hospital Associate (2017) said in all cases of disaster emergency is the confrontation of events of evacuation. As of any disaster preplanning and addressing management structure for health care operation the Memoranda of Understanding (MOUs) is a protocol plan that provides material aid during disasters. Every area has its local emergency medical service agency (LEMSA), Emergency Operations Center and Medical Health Operational Are Coordinator (MHOAC). The hospital uses local plan and protocols for evacuation while the LEMSA or EOC assist with identifying coordinating placement and responsible for instruction of identifying, providing consent before transfer to receiving facilities as well as evacuation protocol for medication, supplies, equipment, medical records and tracking patient. Health care providers example, emergency hospital medical director are responsible for sending and receiving hospitals while providing each patient with their medical record. The hospital evacuation checklist provides information, structure and procedure of evacuation and shelter. Staff expectation should consist of individuals accompanying patients to local Alternative Care Sites (ACS) and provide drills and training to acknowledge safety plan evacuation. According to California Hospital Associate (2017) the plan and phase evacuation depends on the natural disaster. An example is an earthquake or flooding and the ability to sustain proper care of patients. The plan phase and evacuation are three different roles with part 1 being guidance and structure, part two provide creation an allowable update and part 3shelterin place while brainstorming and identifying gaps as well as provide solutions to compare to existing plans California Hospital Associate (2017).

Disaster Plan Put to Work

Natural disaster such as Hurricane Florence, Harvey, Irma and Maria are unexpected catastrophes that ruin lives and cause damage. Blumkin & Smith, (2018) said a catastrophic event in 2017 cause over $1 billion in damage. A United Nations sponsored group the Intergovernmental Panel on Climate change research estimate hurricane damage to about 70 percent of financial lost by 2100. Therefore, the healthcare organization will likely receive extra expense on material shortage, labor issues and cost of building.  Blumkin & Smith, (2018) said companies rarely turn capital construction or capital assets into revenue projects. If companies thought about their assets they would consider putting into place a plan to bank on when natural disaster strike, an unexpected budget plan for disaster events. The crisis management, disaster recovery and business continuity budget should be based on understanding various types and levels of disaster. The plan should list supporting ideas of operational, regulatory and financial implications and a response maganissm. The pre contract should support disaster and recovery at appropriate levels to determine the catastrophic budg4et, as well as optimizing to restore operations. Health organizations according to Blumkin & Smith, (2018) should considered natural disaster questions for their supply chain. Questions considered are expected shortages, distribution of material or prevention, renegotiation contracts in term of human resource and cost. Other concern is knowing, your coverage gap and making sure of adequate organization insurance policies cover physical and operation damage. To understand probable loss, health organization should do this each year, example update probable loss and determine coverage, values and deductibles as well as risk and exposures. Another example is business interruption covered loss. Another example is earning loss due to failure of delivered supplies or material, continued change of electric or utility service and lack of shipment or product. Also, in terms of capital project delivery, use a faster and smarter decision making aligning with organization structure to avoid overlapping. Improve reporting on integrated information and key performance indications which enables governance committees to acknowledge time, and save finance cost on project risk. The next step is damage evaluation damage asset, start the repair, make sure to include employee expense, security to protect from damage cite, lodging and food to deed workers as well as additional cost of gas, water, electric, phone service interruption and other needed operational service. Blumkin & Smith, (2018) said enlist a gate keeper for legal, operations, finance and accounting and answer questions on auditor, coordinate claims and disbursement. Blumkin & Smith, (2018) gave an example of the gatekeeper responsibility which was the Hurricane Katrina disaster. A gate keeper was enlisted to established federal and state regulations process for Public Assistance (PA) management of funds. Opportunities were identified which consist of improve accountability; fund reporting, design procedure, technology, fund assessment and expedited payments. The gate keeper also submits cost to the federal Emergency Management Agency (FEMA) for reimbursement, as well as reinforced a disaster recovery, and work force for the PA program. Because of the natural disaster complexity health organizations need to be prepared and challenged loss of a new location. Blumkin & Smith, (2018) said think business wise not insurance wise to update, improve and strengthen operations or new locations. Timely and informed decisions are made by well-developed continuity and communication plan. Each stakeholder should be aware of their responsibility, know there position, have appropriate communication channels as well as knowing which stakeholder will be challenged by natural disaster. Hospital management should be aware of grants from FEMA, Small Business Organization (SBA) Housing and Urban Development (HUD) as well as eligibility deadlines and expected services. Blumkin & Smith, (2018) gives an example of a grant management strategy for grant administration. The grant administration generate a strategy, when the health organization receive the grant the can start to rebuild. The next step is implementing a design project, monitor and report regulations over the life of the grant. Strategies of grants help manage capital projects and also help to deliver faster recovery with less cost, and improve timely decisions. Grant strategies also allow health organization gain capital investment with long term continued improvement (Blumkin & Smith, 2018)

References

• Blumkin, M. & Smith, M. (2018) Capital Projects: Managing the Risk of Natural Disasterhttps://deloitte. wsj. com/riskandcompliance/2018/09/18/capital-projects-managing-therisk-of-natural-disasters/
• Brodnik, M. S.,; Rinehart-Thompson, & Reynolds, R. B. (2017) Fundamentals of Law for HealthInformatics and Information Management (third ed.).
• California Hospital Association, (2017) Emergency Preparedness Hospital Evaluationhttps://www. calhospitalprepare. org/evacuation
• Center for Disease, (nd) Data Security and Confidentiality Guidelines: Standards to Facilitate Sharing and Use of Surveillance Data for Public Health Action
• http://www. cdc. gov/nchhstp/programintegatioin/docs/PCSIDataSecurityGuidline. PDF
• Pourhosseini, S. S.,; Ardalan, A.,; & Mehrdhassani, M. H. (2015) Key Aspects of Providing   Healthcare Service in Disaster Response Stylehttps://www. ncbi. nlm. nih. gov
• Premier, (2015) Emergency preparedness for healthcarewww. premiersafetyinstitute. org
• Puranik, M. (2018) 8 Key element of an effective disaster plan http://www. information-management. com
• Renjan, D. (2018) Personal health records: Their importance during natural disasters
• https://prognocis. com/personal-health–records-their-importance-during-natural-disasters
• United Nations International Strategy Disaster Risk, (2017) Words into Action National Disaster
• Risk Assessmenthttps://www. preventionweb. net/files/52828ehealthaspect[17]pdf
• USA, (2017) Health Emergency and Disaster Risk Management Safe Hospitals Prepared for Emergency Disastershttp://www. ncbi. nlm. nih. gov/pmc/articles/PMC4905876/