Posted: December 17th, 2016

Determine two (2) significant methods that health care systems should use in order to prevent misuse of information and protect data privacy and thus achieve a high level of security of health information

Assignment 2: Competiveness and Performance Effectiveness for Health Care IT Systems

Due Week 8 and worth 250 points

Write a six to eight (6-8) page paper in which you:

Define the fundamental responsibilities and key characteristics of the Chief Information Officer (CIO) and Chief Technology Officer (CTO) within health care organizations. Make one (1) recommendation where they can utilize their expertise to assist with employee and patient satisfaction. Support your response with related examples of such expertise in use.
Suggest two (2) developing technologies that health care systems should use in order to improve health care processes and thus increase the quality and lower the cost of health services. Provide a rationale to support your response.
Determine two (2) significant methods that health care systems should use in order to prevent misuse of information and protect data privacy and thus achieve a high level of security of health information. Provide a rationale to support your response.
Suggest one (1) strategy for health care organizations to train providers in using technology in health care. Provide a rationale to support your response.
Provide three (3) best practices for effective IT alignment and strategic planning initiatives. Justify your response.
Use at least three (3) quality academic resources in this assignment. Note: Wikipedia and similar type Websites do not qualify as academic resources.

Your assignment must follow these formatting guidelines:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length.

The specific course learning outcomes associated with this assignment are:

Examine the impact technologies have on health care information systems.
Describe the basic components of a strategic information system plan.
Describe the major types and classifications of health care information standards and the specific organizations that develop and regulate these standards.
Discuss the need for, and identify methods of, accomplishing the security of information systems.
Evaluate the impact of strategic information system plans on organizational competiveness and performance.
Use technology and information resources to research issues in health information systems.
Write clearly and concisely about health information systems using proper writing mechanics.

Critical Factors in Implementing an IT System in Health Facilities

Model Paper

Strayer University

HSA 315 Health Information Systems

What are Critical Factors in Implementing an IT System in Healthcare Facilities?

The focus of this paper is to address the following topics: identify key reasons why healthcare organizations (HCO) are reluctant to implement electronic medical record (EMR) programs. Review how the Health Insurance Portability and Accountability Act (HIPAA) has an impact on the storage and security of patient medical records (PMRs). Describe several pros-and-cons of how the Health Information Technology for Economic and Clinical Health (HITECH) Act affects healthcare professionals. Analyze the primary ways that federal initiatives impact the standards of health care information. Specify the advantages of applying the information technology (IT) system within an HCO, and predict new IT developments in the healthcare field in the upcoming decades.

Why are HCOs Reluctant to Implement EMRs?

HCOs cite various reasons for not converting to EMRs. Three of these are financial barriers, organizational and behavioral barriers, and privacy and security barriers (Wager, Lee, & Glaser, 2013). Financial cost is the most common barrier given for not updating to EMRs. The cost to install a fully-operational EMR system is estimated to be from $15,000 to $50,000 (Wager et al.,2013). For a small practice, typically eight or fewer physicians, this is an unaffordable expense. Approximately seventy-eight percent of practicing physician’s in the U.S. fall into this category (Wager et al., 2013). Larger HCOs can justify the cost of implementing a new EMR system, but the setup time and personnel training usually result in a decrease of productivity. Production loss is estimated to be from ten to fifteen percent during the first few months of EMR usage (Wager et al., 2013). Many HCOs are not willing to accept this monetary loss in production.

Organizational and behavioral barriers include physician resistance to conversion from PMR to EMR. Provider workflow is affected in the early application of the EMR system. Caretakers must respond to various alerts and reminders while typing notes into patient’s files. Once an individual becomes familiar with the software, they can maneuver about the system without difficulty. Another problem is different state regulations concerning the installation of EMR systems, security, and licensing (Wager et al., 2013).

Privacy and security barriers are a major concern in the healthcare industry. With all the documented cases of personal information being compromised, and the subsequent lawsuits, no one is willing to accept the responsibility to ensure that patient information is kept confidential. HIPAA, and especially HITECH, are written specifically to address these issues (Wager et al., 2013).

How HIPAA Impacts Patient Medical Records (PMR).

HIPAA or Public Law 104-191 became effective on August 21, 1996. There are several parts of this Act. Under Title II, you have the Privacy Rule, Transactions Rule, Security Rule, Identifiers Rule, and the Enforcement Rule (104th Congress, 1996).

The Privacy Act is one of the key contributors to Privacy and Security Barriers. The law applies federal standards to the security and handling of protected health information (PHI). PHI refers to any information that describes an individual’s health status; the type of healthcare provided or its subsequent payment. It also pertains to patient identification information handled, stored, or transmitted (104th Congress, 1996). All information is protected by law in any form (physical, electronic, or oral-based) (104th Congress, 1996). This Act also permits the patient’s to examine and obtain copies of their personal healthcare information (Wager et al., 2013).

The Transactions Rule mandates the usage of medical terms, concepts, diagnosis and procedure codes. ICD-9-CM was the standard for medical coding but effective October 1, 2014 ICD-10-CM diagnosis codes, and ICD-10-PCS procedural codes became the medical coding standard (Wager et al., 2013). A new set of internationally accepted codes is already being developed to replace the ICD-10 codes. Systemized Nomenclature of Medicine-Clinical Terms (SNOMEDCT) are, “a comprehensive set of standard terms for clinical information for use in electronic health records” (White & Griffith, 2014). This system is in use in many countries, including the United States (U.S.).

The Security Rule establishes guidelines on the accessing, auditing, storing, and transmitting of EMRs (104th Congress, 1996). Meeting HIPAAs standards under this rule is another critical factor in the Privacy and Security Barriers. Two plans enforced under this rule are the Backup and Recovery Plan and Incidence Response Plan. Backup and recovery focuses on the ability to restore electronic PHI and EMRs if it is corrupted or lost. HCOs must have an in-place strategy that meets HIPAA standards to ensure ongoing business operations in the case of a catastrophic EMR system event. Incidence response applies when PHI become compromised in some manner. A plan on how to respond to such an issue is essential (104th Congress, 1996).

The Identifiers Rule standardizes specific codes used on PHI to regulate administrative data. These rules fall into three categories; Standard Unique Employment Identifier, National Provider Identifier (NPI), and the Health Plan Identifier (HPID). The Standard Unique Employment Identifier is the same as the Employer Identification Number (EIN) used by the Internal Revenue Service (IRS) and identifies an employer providing healthcare benefits to an employee. The NPI is a ten-digit number that identifies healthcare providers. HIPPA uses this unique identifier for administrative and financial transactions (104th Congress, 1996).

Approved by the HHS on September 5, 2012, the HPID is a unique identifier used by the Center for Medicare and Medicaid Services (CMS). Controlling health plans (except small health plans) must be compliant with this regulation and get HPIDs by November 5, 2014. Small health plans must obtain HPIDs by November 5. 2015 (Centers for Medicare and Medicaid Services, 2014).

Advantages and Disadvantages of HITECH?

The Enforcement Rule or HITECH become effective on February 17, 2009. It is part of the American Recovery and Reinvestment Act (ARRA) of 2009 and is also a part of HIPAA. The Act is designed to promote, support, and financially assist with the transition from paper PMR to EMR. EMR compliance provides multiple benefits in overall healthcare performance (Wager et al, 2013).

Advantages include a reduction in medical errors. Most medical errors occur from erroneous interpretation of illegible handwritten physician notes or prescriptions. EMR systems make accessibility to personal health information easier for caregivers. More complete and current EMR decrease redundant medical procedures. Filing and sorting are no longer necessary with the elimination of paper health records improving overall patient care workflow (Wager, et al., 2013).

The Medicare and Medicaid Incentive Programs are designed to supplement the cost of upgrading to EMS systems. During 2011 and 2012 caregivers could earn up to S44,000 over a five-year period, but this support has steadily decreased since then. The intent of the subsidy was to get providers to convert early-on and not wait to the last minute to meet HIPAA guidelines (Crandall, 2013).

Disadvantages include each-and-every barrier discussed under the EMR implementation heading. EMR systems must also comply with CMS guidelines. Non-compliance can result in penalties administered by CMS and possible fines under HIPAA. HITECH penalties apply when PHI or PMR become compromised. Four different rules define these violations. Penalties vary depending on whether a violation took place before, on or after the suspense date of February 18, 2014 (104th Congress, 1996). The fines range from a minimum of $100 per violation, up to $50,000 each. The amount of total loss in any calendar year cannot exceed $1.5 million per provision. If multiple infractions occur under different rules, then violators can be charged up to $6 million in a given year (Crandall, 2013).

The financial loss can be damaging to an HCO, but this may pale in comparison to the possible repercussions under the Breach Notification Rule. This regulation requires that an HCO must notify each affected individual and the Secretary of HHS. When more than five hundred individuals are affected, the media are also required to be notified (Wachler & Fehn, 2009). Once a security breach is made public, the reputation of the HCO may suffer severe damage. The fallout may involve civil lawsuits and a loss of patient clientele. Overall, the public notification of a security breach may cost the HCO more money than the financial penalties levied against them (Wachler & Fehn, 2009).

The strategy to avoid these problems is to adhere to the federal standards established by HITECH and HIPAA. The HCO must also be compliant with CMS guidelines. If a breach occurs, the HCO can provide appropriate evidence to show they fulfilled their burden of proof under federal law (Wachler & Fehn, 2009). The fine applied to the HCO may decrease or be eliminated entirely.

Workflow Processes and Most Significant Process to Eliminate.

Workflow refers to the sequence of steps taken in the performance of a task from start- to-finish. In regards to healthcare, the process typically starts upon patient admission for care and ends when the patient leaves after treatment. Not all facilities use the same workflow pattern, but there is usually only a slight variation in the flow process. An example of a workflow model is as follows; 1. The Patient signs-in for healthcare. 2. PHRs are pulled for treatment. 3. The nurse or physician’s assistant screens the patient. 4. The Patient is evaluated by a physician. 5. The doctor writes all necessary medical prescriptions. 6. The doctor or staff writes any necessary consults or referrals. 7. Support specialist complete lab work and x-rays are taken, when necessary. 8. The patient completes treatment and leaves. 9. The doctor writes notes on the patient’s treatments, and staff transcribed the notes into the PHR. 10. File the PHRs.

In a larger hospital, the files may be stored in a central location. The records are pulled prior to the appointment and sent to the caregiver. Upon completion of the exam, all files are sent back to the central storage facility. What is important is that workflow guidelines are established and strictly adhered too. They should be reviewed periodically for improvement.

With the implementation of an EMR system any step that requires the handling of PHR is no longer necessary and subsequently removed from the process. In the above model, steps two and ten are eliminated. Steps three, five, six, seven, and nine take less time to complete now that healthcare information is entered directly into the computer database. Through the removal of paper files, the overall patient workflow process becomes more efficient.

Federal Initiatives Impact on Healthcare Standards

The HHS established the Office of the National Coordinator for Health Information Technology (ONC) in 2004 (Wager et al., 2013). Its primary mission is to implement and use the most advanced health information technology (HIT) possible, while promoting health information exchange (HIE). To accomplish this, CMS, HIPAA, and HITECH provide guidelines for the use, handling, and transporting of PHI. CMS withholds caregiver benefits to those that do not comply with their EMR guidelines. The HIPAA Privacy Act controls the handling and security of PHI. The Security Rule governs the accessibility, auditing, storage, and transmission of EMR. HITECH enforces HIPAA timelines on EMR system implementation and denotes the amount of a penalty for PHI security violations. The Breach Notification Rule indicates the courses of action an organization must take in the case of a security breach (Wager, et al, 2013).

Advantages of IT System and Prediction of New Developments

There are several key advantages of an IT System within healthcare. The conversion of PHI and PMR to electronic format improves workflow productivity, reduces errors, and improves ease of access for authorized users. The use of passwords, security keys, encryption, and biometrics enhances overall security. Supply costs should decrease as there are no longer paper files to create, store, or destroy (Crandall , 2013; Wager et al, 2013).

New IT developments in the healthcare industry include a fully operational nationwide health information network. Presently, there are geographical or state systems that operate at a lesser level. These systems are being modified or replaced for compatibility allowing the network to expand. Completion should occur within the next decade or so. A fully integrated system would allow a physician to see a patient’s PHI from across the country. Teleconferencing and telemedicine would not only become commonplace but would transition to the home eventually. Touch screens have become standard on today’s computers. Future designs will utilize voice command with an interactive artificial intelligence (AI) based-system that can communicate directly with the user. All of this technology is in the works (Wager et al., 2013).

Health Care Information Systems

In conclusion, healthcare is one of the largest and fastest growing fields in the U.S., and yet it lags behind many other industries when it comes to the use of IT. According to a report submitted by the U.S. Department of Health and Human Services (HHS), “approximately fifty percent of doctors and eighty percent of hospitals are currently using EMRs” (U.S. Department of Health and Human Services, 2013). An estimated 580,000 practicing physicians and 7,800 qualified hospitals currently operate in the U.S. (U.S. Department of Health and Human Services, 2013). For the industry to keep up with the demands of today’s society, it must evolve as the society evolves.

This paper explains three reasons why HCOs are reluctant to implement EMR programs. It describes the key rules within HIPAA that impact medical records. The advantages and disadvantages of HITECH adoption are discussed, along with a suggested strategy to mitigate the main disadvantage to healthcare professionals. A workflow model is studied to analyze the process for patient care. EMR system technology is then added to the setup to show how it can eliminate steps to improve service. Key federal initiatives outline their impact on healthcare information privacy, safety, and confidentiality standards. Finally, IT advantages and future technological advancements are reviewed over the next two decades with justifications for the reasoning of their predictions.


104th Congress. (1996, August 21). Health Insurance Availability and Portability Act of 1996 (HIPAA). Retrieved October 30, 2014, from CMS:

Centers for Medicare and Medicaid Services. (2014, October 31). Retrieved November 2, 2014, from

Crandall, D. (2013, May). Key Provisions of the HIPAA Final Rule.. PT in Motion, 5(4), 38 – 41. Retrieved November 2, 2014, from

U.S. Department of Health and Human Services. (2013, August 5). HHS. Retrieved Nov 2, 2014, from HHS:

Wachler, A. B., & Fehn, A. K. (2009, October). The HITECH Breach Notification Rules: Understanding The New Obligations.. Health Lawyer, 22(1), 1 – 13. Retrieved November 2, 2014, from

Wager, K. A., Lee, F. W., & Glaser, J. p. (2013). Health Care Information Systems: A Practical Approach for Health Care Management (3rd ed.). San Francisco, California, USA: Jossey-Bass. Retrieved October 30, 2014

White, K. R., & Griffith, J. R. (2014). The Well-Managed Healthcare Organization (7th ed.). Chicago, Illinois, USA: Health Administration Press. Retrieved October 30, 2014

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
Live Chat+1-631-333-0101EmailWhatsApp