Chapter 15 : Dependable Systems for Quality care
1.To explain the relationship between dependability and health care quality. 2. To identify and explain five guidelines for building dependable systems. 3.To present an informal assessment of the healthcare industry with respect to these guidelines. Objectives :
Introduction: The healthcare industry is undergoing a dramatic transformation from today’s inefficient costly, manually intensive, crisis driven model of care delivery to a more efficient, consumer centric, science based model that proactively focuses on health management. The technologies that enable the transformation are largely state of the art and include enterprise application integration (EAI); wireless communications; handled and tablet computers; continuous speech recognition; new models for knowledge representation, integration and interpretation; electronic sensor technology; radio frequency identification (RFID) tagging and Robotics.
The functional capabilities these applications and techniques can provide are indeed impressive and can vastly improve the quality of healthcare delivery. The international Council of Nurses (ICN) code of ethics for nurses affirms that the nurse “holds in confidence personal information” and “ensures that use of technology…[is] compatible with the safety, dignity, and rights of people” Fulfilling these ethical obligations is the individual responsibility of the nurse who presumably has the ability and authority to ensure that personal information is protected and that technology is safe. Thus, ethical obligations drive requirements for system reliability, availability, confidentiality, data integrity, responsiveness, and safety attributes collectively referred to as DEPENDABILITY.
What is Dependability? is a measure of the extent to which a system can justifiably be relied on to deliver the services expected from it. Dependability comprises the following six attributes: 1.System reliability: The system consistently behaves in the same way. 2.Service availability : Required services are present and usable when they are needed. 3.Confidentiality : Sensitive information is disclosed only to those authorized to see it. 4.Data integrity : Data are not corrupted or destroyed. 5.Responsiveness: The system responds to user input within an expected and acceptable time period. 6.Safety : The system does not cause harm.
When things go wrong: In August 2003, the blaster and SoBig worm attacks invaded hospitals around the world. In Galsgow, Scotland, 10,000 computers used by city hospitals and emergency services were infected, and systems at one hospital were down for 15 hours. Nearly one third of the computers at Baylor College of Medicine (about 2,100 machines) were infected by the blaster and SoBig worm attacks. The cost to recover from the attacks exceeded $100 K and 2.5 days of productivity were lost campus wide due to system out ages. The bottomline is that systems, networks and software applications are highly complex, and the only safe assumption is that failureswill occur. Thus, dependability is an essential factor in system planningand operations.
Guidelines for Dependable systems: Guideline 1: Architect for Dependability : a fundamental principle of system is that an enterprise system architecture should be developed from the bottom up so that no critical component is dependent on a component less trustworthy of itself. At the bottom of the architecture are the physical and logical networks that supports the enterprise and provide the “pipes” that carry data from system to system. One or more computers are connected to this network and the software foundation of each computer is an operating system that is responsible for managing all of the resources in the computer system. A corollary is that any vulnerabilities that exists in the networks, operating systems, and other services that support the application will propagate up to the applications, creating vulnerabilities for them as well. Single point dependencies should be avoided or eliminated. The simplest design and integration strategy will be the easiest to understand, to maintain, and to recover in case of a failure or disaster.
Guideline 2: Anticipate Failures : in anticipation of failures at the infrastracture level, features that are transparent to software applications should be implemented to detect faults, to fail over to redundant components when faults are detected, and to recover from failures before they become catastrophic. Guideline 3: Anticipate success : the systems planning process should anticipate business success and the consequential need for larger networks, more systems, new applications, and additional integration. Modeling of use case scenarios that anticipate hospital and clinic managers, acquisitions,and a growing patient/ customer base will enable the system designer to visualize the dataflows,system loading and network impact resulting from business growth and success. Such models can provide valuable input into planning for scalability and future integration.
Guideline 4: Hire Meticulous Managers :good systems administrators meticulously monitor and manage system and network performance, using of band tools that do not themselves affect performance. These managers use middleware to manage the workload across the network. They take emergency and disaster planning very seriously: they develop, maintain and judiciously exercise plans and procedures for managing emergencies and recovering from disasters. Guideline 5: Don’t be Adventurous : for dependability, one should use only proven methods, tools, technologies and products that have been in production, under conditions, and at a scale similar to the intended environment. The enterprise with a requirement for dependable systems should not be the first (or second) to adopt anew technology.
Assessing the Healthcare industry > Healthcare clearly has a need for dependable systems both now and after the transformation, as the industry becomes increasingly dependent on IT in the delivery of patient care. This assessment is by no means “ scientific,” nor is it intended to represent “all” healthcare organizations. Rather it coveys observations of the healthcare industry as a whole and the opinions of a passionate advocate of dependable systems for healthcare.
HEALTHCARE ARCHITECTURES : for adherence to the first guideline “architect for dependability” the clinical care provider community gets a barely passing grade of “D”. Healthcare organizations build or perhaps “compose” their systems from the top down rather than from the bottom up. The healthcare professionals select their user interfaces they like, and the IT team negotiates terms with the vendors who offer the systems that generate those interfaces. These systems are familiarly known as “departmental” systems because they are used only in one department, such as registration, laboratory, or Pharmacy, “EAI”or “interface engines” are used to transfer data, most commonly from a clinical system to a billing system.
The Health Insurance Portability and Accountability Act (HIPAA) security regulation prescribes administrative, physical, and technical safeguards for protecting the confidentiality and integrity of health information and the availability of critical system services. The ff. eight required administrative safeguards represent important operational practices that clearly will contribute to system dependability: >Security management, including security analysis and risk management >Assigned Security responsibility >Information access management, including the isolation of clearinghouse functions from other clinical functions. >Security awareness and training >Security incident Procedures, including response and reporting
>Contingency planning, including data backup planning, disaster recovery planning, and planning for emergency mode operations. >Evaluation >Business associate contracts that lock in the obligations of business partners in protecting health information to which they may have access.
The five specified physical safeguards also contribute to system dependability by requiring that facilities, work stations, devices, and media be protected. Most of the required technical safeguards are widely viewed within the security community and security aware industries as “minimal” security controls: 1.Access control, including unique user identification and an emergency access procedure 2.Audit controls 3.Data integrity protection 4.Person or entity authentication 5.Transmission security
Anticipating Failures : For adherence to the second guideline “expect failures” the clinical provider community gets another grade of “D”. Medical technology and prescriptions, as well as clinical treatment protocols, are required to undergo extensive validation before they can be used in clinical practice. Anticipating Success : With respect to the third guideline “expect success” the clinical care provider community has earned a mediocre grade of “C”. Healthcare organizations definitely expect their software applications, computer systems, and networks to works
IT Management : For the fourth guideline “hire meticulous managers” the clinical care provider community has been assigned a mediocre grade of “C”. Many provider organizations truly do recognize the critically of IT to their business success. Adventurous technologies in Healthcare :The fifth and final guideline “don’t be adventurous” is the most difficult to assess for healthcare. On the one hand, healthcare givers typically are not early adopters, but on the other hand, they seem to cast fate to the wind for technologies that catch their collective fancy. So a grade of “C” seems appropriate here.
SALAMAT JAMO! xD davidabad08