 To explain the relationship between dependability and health care quality and safety.  To identify and explain five guidelines for dependability systems.  To present an informal assessment of the healthcare industry with respect to those guidelines.

 The healthcare industry is undergoing a dramatic transformation from today’s inefficient, costly, manually intensive, crisis- driven model of care delivery to a more efficient, consumer-centric, science-based model that proactively focuses on health management.  This transformation is driven by several factors: The skyrocketing cost of healthcare delivery The exposure of patient-safety problems And an aging ‘’baby boom’’ population that recognizes the potential for information technology (IT) to dramatically reduce the cost and improve the quality of care.

 The Electronic Health Record (EHR) will form the foundation for pervasive, personalized, and scientific-based care.  Other key application are: Clinical information system (CIS) with integrated Outcomes-based decision support Clinical knowledge bases Computerized physical order entry (CPOE) Electronic prescribing Consumer knowledge bases and decision support And supply chain automation

 The technologies that enable the transformation are largely state of the art and include enterprise application integration (EAI); Wireless communication hand-held and tablet computers Continues speech recognition Integration Interpretation Electronic sensor technology Radio frequency identification (RFID) tagging And robotics  The functional capabilities of these application and technologies can provide are indeed impressive and can vastly improve quality of healthcare delivery

 The International Council of Nurses (ICN) Code of Ethics for Nurses affirms that the nurse “holds in confidence personal information” and “insures that use of technology is compatible with the safety, dignity, and rights of people” (ICN, 2000)  As IT assumes a greater role in healthcare decision-making and in the provision of care, the nurse increasingly must rely on IT to help protect the patients personal information and safety.  Thus, ethical obligations drive requirements for: System reliability Availability Confidentiality Data integrity Responsiveness Safety attributes collectively referred to as dependability

 Is a measure of the extent to which a system can justifiability be relied on the deliver the services expected from it.  Dependability comprises six attributes: 1. System reliability : the system consistently behaves in the same way. 2. Service availability : required services are present and usable when they are needed. 3. Confidentiality : sensitive information is disclosed only to those authorized to see it.

4. Data integrity : data are not corrupted or destroyed. 5. Responsiveness : the system responds to users improve within an expected and acceptable time period. 6. Safety : the system does not cause harm.

 All computer system are vulnerable to both human-created threat, such as malicious code attack, and software bugs, and natural threats, such as hardware aging and earthquakes.  Removing all system vulnerable is not practical particularly given complex, heterogeneous environments where software and hardware changes are a part of routine operations  A more practical approach to attaining dependability is to build tolerant system.

 Is a system that anticipate problems; that detect faults, software glitches and intrusions; and that take action so that services can continue and data are protected from corruption, destruction, and authorized disclosure.

 Physical and logical networks that support the enterprise and provide the “pipes” that carry data from system to system.  One or more computers are connected to this network, and the software foundation of each computer is an operating system that is responsible for managing all of the resources in the computer system.  Distributed architecture can tolerate failures more easily than large, centralized system.

 As computers are getting faster systems are getting more and more complex, and design flaws are becoming an increasingly catastrophic problem.  The infrastructure level features that transparent to software application should be implemented to detect faults, to fail over to redundant components when faults are detected, and recover from failures before they become catastrophic.  Security features to detect, disable, and recover from malicious attacks, while preserving system stability and security, should be implemented.

 The system planning process should anticipate business-success and the consequential need for larger networks, more systems, new applications, and additional integration.  Modeling of use-case scenarios that anticipate hospital and clinic mergers, acquisitions, and a growing patient/consumers base will enable the system designer to visualize the data flows, system loading, and network impact resulting from business growth and success.

 Good system administrators meticulous monitor and manage system network performance, using out of band tools that do not themselves affect performance.  They take emergency and disaster planning very seriously; develop, maintain; and judiciously exercise plans and procedures for managing emergencies and recovering from disasters.

 Cute Chutes a small start-up company has announced the availability of a new parachute unit that promises to revolutionize the sport of sky diving.  for dependability, one should use only proven methods, tools, technologies, and products that have been production, under conditions, and at a scale similar to the intended environment.

 Healthcare clearly has a need for dependable system both now and after transformation, as the industry becomes increasingly dependent on IT in the delivery of patient care

 The Health Insurance Portability and Accountability Act (HIPAA) security regulation prescribes administrative, physical, and technical safeguards for protecting the confidentiality and integrity o health information and the availability to critical system services.  HPAA requirement for emergency access that is the ability to override security in an emergency situation is unique to healthcare

 HPAA security requirement for “information system activity review” is an important safeguard to counterbalance the necessity of authorizing many people access to patient’s records.  HPAA security standard is a tremendous contribution toward achieving dependable system in healthcare,the current standards lacks fundamental system assurance requirements that are so important to system dependability.

 Eight required administrative safeguards represent important operational practices that clearly will contribute system dependability: 1.Security management, including security analysis and risk management. 2.Assigned security responsibility. 3.Information access management, including the isolation of clearinghouse functions from other clinical functions. 4.Security awareness and training

5.) Security incident procedures, including response and reporting. 6.) Contingency planning, including data backup planning, disaster recovery planning, and planning for emergency mode operations. 7.) Evaluation. 8.) Business associate contracts that looks in the obligations of business partners in protecting health information to which they may have access.

 Five specified physical safeguards also contribute to system dependability to requiring that facilities, work stations, devices, and media be protected. 1. Access control, including unique user identification and an emergency access procedure 2. Audit controls 3. Data integrity protection 4. Person or entity authentication 5. Transmission security

 Medical applications that hosted on PC’s and personal data assistants (PDAs) have a higher likelihood of failure than application hosted on server machines that are physically protected, managed by trained system administrators, and continuously monitored.  Computers are increasingly being used in safety critical clinical applications, and without careful and appropriate attention to software safety, we can reasonably expect that failures will contribute to the loss of human life.

 Healthcare organizations definitely expect their software applications, computer systems, and networks to work.  Providers assume their systems will work as well as any other medical equipment despite the fact that many of the software applications they use are running on the same kind of PC’s that have failed them at home.  Healthcare organizations do not foresee tat their business success may increase their need for processing power and network capability.

 Organizations have hired IT managers who appreciate the important role of IT in a healthcare environment and who recognize the need for dependable systems that can anticipate and recover from failures.  IT managers who recognize the strong relationship between system dependability and the quality and safety of patient care implement fault-tolerant systems with strong security protection, middleware to manage workload, and tools to continuously monitor the health and performance of their applications, system and network.

 The fifth and final guideline “don’t be adventurous” is the most difficult to assess for healthcare.  On the one hand, healthcare givers typically are not early adopters, but on the other hand, they seem to catch their collective fancy.  Healthcare clinicians, including nurses, historically and typically are very resistant to change, largely because they are taught to be circumspect in considering new approaches, treatment protocols, and drug regimens.

 Before adopting new idea, they investigate it, they talk about it among their colleagues, they watch someone else to try it, and then perhaps, they may try it themselves.  Wireless networking and handheld computers can serve as a good example for technologies that are not yet nature enough for safety-critical applications.  yet, wireless information system are one of the most frequently used technologies in healthcare