|
|
|
|
Integrated Action Learning Project Plan
Final Report
Development of a Proposal for the Implementation of a Medical Technology Wireless Data Network for St. Mary Hospital
Ralph W. Beckon
TS4990 Integrated Action Learning Project
Instructor, Dr. Sharon L. Bender
September 11 2005
My IAL project is a proposal for the installation of a Medical Technology Wireless Data Network to be used by four Medical Technology Service (MTS) personnel at St. Mary Hospital . The proposal would permit remote and wireless access to vital service documentation, equipment history, communications and service alerts. The system will also allow data updates and implement the use a bar code readers to increase workflow processes, efficiency and improve data accuracy. The basic system will involve the use of our current hospital backbone providing personnel wireless access and the full functionality of their desktops.
The project objectives in producing my IAL Project have been to :
1. Produce a wireless network proposal that will benefit MTS. I completed this objective based on a significant amount of project research. This object was also completed through feedback from Keith Miller, Dr. Sharon L. Bender and other coworkers and project beneficiaries.
2. Produce documentation that may be duplicated at other Trinity Health sites. I was able to produce documentation that can be duplicated at other Trinity sites. The variables in this project implementation include the site size, available hardware, available infrastructure, number of employees and site policy and procedures.
3. Apply the skills that I have learned about during my education at Capella University . To accomplish this objective I applied many of the skills that I learned at Capella University toward the completion of this project. I few course examples that I used skills from include, fundamentals of Networking, Project Management, Business, Quality Assurance, Risk Management and Telecommunications. Other skills that I used are subsets of these classes and include technical writing, Spelling and grammar, organization, planning, research, and ethics.
In producing my project my learning objectives are to:
1. Learn about new wireless technologies and standards; something I have avoided so far. The weeks of research produced during my project tracking phase taught me about the latest wireless technology available, Hardware solutions, Security issues and the differences and similarities of wireless standards. I accomplished this objective through extensive research and mentor feedback.
2. Refine my current skills in the development of a project plan and project Management. During my research for this project I was able to build on my current skills and project development methods. This was accomplished through books, Internet research and white papers. Feedback was also instrumental in refining my skills. I received from Keith Miller, Dr. Sharon L. Bender and other coworkers and project beneficiaries.
3. Learn new research and enhance project pricing skills.
I did learn new pricing skills and learned that just because an item is cheap does not make it suitable or a good deal. I learned that careful examination of features, specific product use, product support and use environments are necessary before you try to find a low price.
Tasks |
Duration |
Research Phase |
8/8/05 – 8/14/05 |
Task 1: Research Basic Wireless networking technology Theories. Task 2: Research Security issues and HIPAA Policies. Task 3: Research existing infrastructure and available wireless technologies. |
|
Resources Literature Bender, S. L. (2003). Producing the Capstone Project. Brelsford, H. (2001). MCSE Windows 2000 Designing. Savetz, K (2004). How To Install A Wireless Network. Smart Computing. October 2004 • Vol.15 Issue 10 PMBOK (2000). A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—2000 Edition. Resources Internet Cisco (2005). Home Page http://www.cisco.com/ Cisco (2002). Wireless LAN Security White Paper ID Automation.com http://www.idautomation.com/scanners/Opticon_LG2.html Microsoft TechNet http://support.microsoft.com/default.aspx?scid=kb;en-us;314897&sd=tech Microsoft Technical support and Wireless configuration Guide. Resources People: Keith Miller
|
|
Analysis Phase |
8/15/05 – 8/21/05 |
Task 1: Analyze Risk and Security and issues Task 2: Analyze Patient HIPAA Policies. Task 3: Analyze wireless compatibility issues. |
|
Resources Literature (2005). MTS Policy and procedure guidelines. This is the Policy and procedure manual that is the basis of all Medical Technology services at St Mary Hospital. The manual is produce by Trinity Health corporate office and is followed in over 40 major hospital. (2004). St Mary Hospital policy and procedure manual. This manual covers internal St Mary Hospital policies and procedure and includes a comprehensive communications policy that will be used in part to define the new systems communication plan. Resources Internet AAMI. Association for the Advancement of Medical Instrumentation. http://www.aami.org/publications/BIT/guidelines.html AAMI is the standards organization that defines specific medical device standards. These guidelines will help to reduce the risk of interference between our new mobile wireless system and patient medical devices. Cisco (2002). Wireless LAN Security White Paper FDA. U.S. Food and Drug Administration (2002) http://www.fda.gov/cdrh/EMC/wmt-about.html In partnership with the FCC the FDA monitors specific medical devices for safety. This site give resources and defines the specific frequencies that cannot be used by our wireless network. The Wireless Medical Telemetry Service (WMTS) report sets aside the frequencies of: 608 to 614 MHz, 1395 to 1400 MHz, and 1429 to 1432 MHz for primary or co-primary use by eligible wireless medical telemetry device and equipment. HIPAA. Guidelines for Academic Medical Centers on Security and Privacy. http://www.aamc.org/members/gir/gasp/ The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a government mandate document that provides both protection and security of patient information. This website offers a comprehensive source for HIPAA guidelines that must be enforced when using a wireless network that has any connection to personal patient information. Resources People: Tom Hargin, IT specialist. |
|
Preproduction Phase |
8/22/05 – 8/28/05 |
Task 1: Obtain Hardware Cost estimates. Task 2: Produce Manpower time estimates. Task 3: Produce Concept map and basic Network Diagram. |
|
Resources Literature PMBOK (2000). A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—2000 Edition. Bender, S. L. (2003). Producing the Capstone Project. Resources Internet ID Automation.com http://www.idautomation.com/scanners/Opticon_LG2.html Price Watch.com http://www.pricewatch.com/ Resources Software (2002) Microsoft Visio 2002
|
|
Documentation Phase |
8/29/05 – 9/4/05 |
Task 1: Amend existing HIPPA Policy to reflect wireless Technologies. Task 2: Produce staff user training and guidelines Documentation. Task 3: Produce rough draft |
|
Resources Literature (2005). MTS Policy and procedure guidelines. (2004). St Mary Hospital policy and procedure manual. Hacker. D. (2003) A Writers Reference. Fifth edition. Resources Internet: Capstone Learning Center . (2005). http://sharonbender.com/capstone.html
|
|
Proposal Signoff Phase |
9/5/05 – 9/11/05 |
Task 1: Seek feedback from the Stakeholder. Task 2: Obtain Proposal signoff from Keith Miller. Task 3: Review / Lessons learned. |
|
Resources: Literature NNSA. (2001). Lessons learned Assessment Checklist. http://www.eh.doe.gov/ll/proceedings/proceed1001/nvassess1001.pdf Resources People: Keith Miller
|
|
I was able to follow this schedule as and complete my project as planned. The only Potential problem I came across happened during week 4 between August 29 2005 and September 5, 2005 . This problem was resolved by making an amendment sheet with potential policy addition statements. The rest of the schedule was completed with hard work and research.
Several risks were identified in performing a risk assessment of my IAL Project. They are shown in the table below.
Risk Factor Checklist |
||||
Risk Considerations
|
Low Risk |
Medium Risk |
High Risk |
|
Equipment Reliability |
|
|
x |
|
Production Quality |
|
|
x |
|
Obstructions to Delivery |
x |
|
|
|
Data Reliability |
|
x |
|
|
|
|
|
|
|
High Risk Analysis |
||||
Risk Considerations |
Risk Significance and Potential Solution |
|||
|
|
|||
Equipment Reliability |
Problem: Interference with Patient Medical devices. Equipment reliability and interference has always been an issue in an industrial setting. Reliability is of especially high risk because of the mission critical effects that failures can bring. Solution: The solution has been provided by the FCC which has set aside certain frequencies to be used only by certain categories of medical equipment. Other ways that St. Mary Hospital can reduce interference is by tracking equipment use, testing and performing preventative maintenance on equipment and verifying UL and CSA standards on equipment that is in use.
|
|||
Production Quality |
Problem: Security or sensitive patient data hacking. The risk of production quality is a factor because the IT staff has been overworked and may be lacking in some security skill sets. Solution: To improve the production quality and security the key stakeholder have been brought in and involved at an early stage. Other measures might include a review at each stage by the technical manager at the corporate offices. Allocations of overtime or bringing in third party venders are options that may improve the overall quality of the final implementation of the project. |
|||
The two highest risks were Equipment Reliability and Production Quality.
Reduction of Equipment reliability and interference risk issue has been addressed in part by the federal governments FCC guidelines as stated in the project proposal. St Mary Mercy Hospital also has an obligation to test and verify that the equipment used is in good working condition and passes strict testing and verification standards.
The risks associated with Production Quality have been reduced by brining in technical experts from the start of the projects proposal. Other reductions can be made by implementing security protocols mention in the project proposal.
I did not need to resort to my contingency plan.
This week one I completed research on basic wireless technologies. I learned that to implement a basic wireless network you need the networking operating system (NOS), a wireless router or an access point, and each computer will need a wireless network adaptor. In addition to this there are also data security issues and solutions as well as interference concerns.
Hardware options include access points or routers that have additional capabilities such as a firewall and internet sharing capabilities. A wireless internal PCI adaptor is more expensive that a USB wireless adapter but USB devices can be more complicated to configure and will increase the load on your power supply and system, a real concern when using a battery operated laptop.
Wireless standards are important to consider when configuring a wireless network. There are currently three major wireless data standards IEEE 802.11 known as WI-FI that is used in modern devices. 802.11b is the mainstream method for transferring wireless data. 802.11b offers a good range, wide compatibility with current devices and low pricing. 802.11b has a range of between 70 and 150 feet and transmits up to 11Mbps at 2.4GHz radio spectrum. 802.11b is slow compared to the 100Mbps found in a common Ethernet connection. Disadvantages include that the access points are manually configured, have a maximum of three distinct channels and have potential interface with cell phones and microwaves
802.11a uses 5Ghz and transfers data at 54Mbps. 802.11a uses 8 channels which is better for larger high capacity networks. The disadvantages of this standard are that it is not directly compatible with 802.11b and the equipment has a higher cost.
802.11g uses the 2.4Ghrz and offers a data transfer speed of 54 Mbps; could be considered the best of 802.11a and 802.11b.
Security issues are a concern because on a wireless network your data transmission is wide open to anyone with the right equipment. To secure you network two basic methods are used MAC filtering and WEP.
MAC address filtering requires manually entering a list of addresses found on you local network and configuring a router to allow a wireless connection only to these specific addresses.
WEP is a wireless Encryption Protocol and uses a shared key between the access-point and the client computer.
The major accomplishment of this research is that I have learned about new technology, standards and security issues. These ideas will now allow me to complete my project proposal with the latest information available.
Sources: Pc Stats.com (2005). Beginners Guides: Wireless home networking
Retrieved August 2005 from: http://www.pcstats.com/articleview.cfm?articleID=1428
I also researched security issues and HIPAA Policies. This research deals with the physical security issues outside of the network data transmissions discussed in task one. Since a big part of the HIPPA Policies revolve around patient privacy this is included in this task.
Physical security starts with simple measure like locking the MTS laptops down to the carts, facing the screens away from unauthorized observers, and using paperless processes. In addition to this policies should reflect not leaving a laptop unattended and password protection for all devices.
HIPAA is the Health Insurance Portability and Accountability Act of 1996 that is a government mandate document that provides both protection and security of patient information. Information that need to be protected includes patient names, room numbers, test results, type equipment used and any other information that may be connected to a specific patient.
My research suggests that the simplest rule in relation to this project is that patient information and privacy must be protected at all costs. Since the devices used to input data may include this information, specific procedures and policies must be developed to support the HIPAA guidelines.
The major accomplishments associated with this research is that I have a gained a greater understanding for the need of a high level of security that will protect patient's rights and promote compliance of the HIPAA guidelines.
Sources: AAMC. (2001). The Guidelines for Academic Medical Centers on Security and Privacy: Practical Strategies for Addressing the Health Insurance Portability and Accountability Act (HIPAA)
Retrieved August 2005 from: http://www.aamc.org/members/gir/gasp/
University of Chicago . (2000). NSC: Physical Security.
Retrieved August 2005 from: http://security.uchicago.edu/docs/physicalsec.shtml
I also researched existing infrastructure and available wireless technologies.
I found out that the Hospital is completely configured with 96 percent connectivity access. What this means is that there is sufficient access points throughout the desired area of coverage. We use devices that are compatible with the 802.11b wireless standard and use WEP data encryption for security.
The major accomplishment associated with this research is that the tasks in weeks two and three were dependant on this research; I used these specifications to build and complete my project proposal.
Sources: Tom Hargin, MCSE; IT specialist. and Keith Miller, BMET; Telemetry specialist.
Research Week Two
This week I researched the risk concerning my wireless network proposal and possible interference with our wireless telemetry system. I also took a closer look at physical and network security issues.
Interference is the first high risk area of concern is with equipment reliability; this risk involves the potential problem of interference with patient medical devices; specifically with the wireless telemetry systems that measure and track patients with heart conditions.
Through research I found that Saint Mary Mercy Hospital has already restricted the use of cellular telephones and radio transmitters in rooms containing life-sustaining equipment such as equipment found in Intensive Care, Cardiology, Surgery, and Dialysis.
I researched the FCC guidelines in conjunction with the FDA had completed “The Wireless Medical Telemetry Service” (WMTS) report which in affect orders companies to set aside the frequencies of: 608 to 614 MHz, 1395 to 1400 MHz, and 1429 to 1432 MHz for primary or co-primary use of wireless medical telemetry users. This eliminates the risk that a manufactures unmodified wireless equipment will interfere with Saint Mary Mercy's medical telemetry system. To further validate our protected frequencies the installers of the MTS wireless network can review the FCC statement included with all wireless devices.
Other research showed that a minimal concern is the reliability of the equipment proposed in the wireless system. This is a relatively low risk issues because backups and equipment redundancies can be set in place. A mobile device can be used to collect equipment data and then be synchronized in case of network failures. Another solution is manual data input if a barcode device fails.
Sources: A). FDA (2002). US Food and Drug Administration. Wireless Medical Telemetry - About WMTS
Retrieved August 2005 from: http://www.fda.gov/cdrh/EMC/wmt-about.html
B). FCC rules for wireless medical telemetry devices.
Retrieved August 2005 from: http://www.fcc.gov/Bureaus/Engineering_Technology/Orders/2000/fcc00211.doc
Security is the second part of this research involving patient data and the possibility of hacking. MTS employees will occasionally be exposed to a limited amount of private information as established by HIPAA regulations and the policies established by Saint Mary Mercy Hospital. The type of information MTS staff will be exposed to includes, room numbers, the type of equipment used by the patient, certain health conditions that could affect our personal health, and reviewing specific patent waveforms or data. This information could be transmitted across the wireless network. My project proposal will have to address physical, local computer and encrypted wireless transmissions security.
Research showed that if my project proposal was based on low-end access points, our security will be limited to Wired Equivalent Privacy (WEP) and MAC address filters. WEP is a system for encrypting our network data and prevent unauthorized users from gaining access. WEP uses keys that get combined with a keystream that encrypts your data into ciphertext. A corresponding keystream is used to decrypt the data at the receiving end.
WEP authenticates MTS employees so that they can access the network. Both the access point and our Laptops PCMCIA adapter cards need to be configured to use WEP. WEP can use a maximum encryption mode of 128-bits. Hackers that face a WEP system can eventually obtain the encryption key need to unlock access to the data.
Through this research I learned that by using a higher end access point we can utilize Temporal Key Integrity Protocol (TKIP). TKIP works on top of WEP by giving us an extra layer of security and offering stronger security than WEP. I learned that TKIP delivers encryption algorithms and constantly changes the encryption keys making them much more difficult for hackers to capture. Even if a key gets captured, the hacker will not have the time to use it because the wireless LAN will be using different encryption keys. TKIP also encrypts the encryption keys making current hacking processes virtually useless. I also learned that TKIP is a newer technology and some access points and wireless client cards do not support it. I propose the purchase of TKIP access points for all new installations and using WEP security until upgrades are completed.
I researched that our secondary risk of production quality based on staff training has been reduced because the IT staffing has been approved for further security training and this should not pose to be a big risk issue. The production quality as it related to security will also be improved because the key stakeholder has been brought in and involved at an early stage. The technical manager will also be required to review the project details and security issues.
A major accomplishment associated with this research is that the FDA has established specific rules and set 14 MHz of frequency for telemetry and wireless medical devices. This fact significantly reduces the risk of interference between the MTS wireless network and our Medical telemetry system. Other research showed that TKIP encryption which will significantly increase the level of wireless security and can enhance and secure Saint Mary's HIPAA compliance. I can now put this risk issue at rest and move on to the next portion of my project defined in week 3.
Source: Cisco (2003). Wireless LAN Security White Paper. Retrieved August 2005 from:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b469f.shtml
Through my research I found that the HIPPA regulations can be very complex. For the purposes of my project proposal I will define the HIPAA regulations as a means to prevent inappropriate use and disclosure of individuals' health information. This includes the MTS department responsibility to protect that information and the systems that store, transmit, and process it.
HIPAA Security and Privacy requirements apply to almost anyone who has any affiliation to a medical practice and include Health providers, Health plan providers, Healthcare support and supplies organizations, Healthcare business associates, contractors and consultants and researcher who may have person information.
HIPAA Security requires assignment of responsibility for security of health information to ensure integrity and confidentiality of all health care information that is stored or transmitted in any format. Responsibility includes protecting information against reasonably anticipated threats to security or unauthorized uses and disclosures of patient information.
HIPPA also requires implementation and documentation for administrative security procedures, physical security, technical security services and technical security mechanisms. This is usually done by implementation of a HIPAA security and privacy compliance program. A typical compliance program should have a privacy and compliance officer and an oversight committee involving all stakeholders
A complete HIPPA program would address risk issues, training, policy and procedure development, trading partner agreements and compliance review procedures.
HIPAA Violations and non-compliance can involve individuals or organizations and include civil monetary penalties and tough penalties for misuse with knowledge or intent including large fines and even prison terms.
The major accomplishment associated with this research is that I gained a much deeper understanding of the HIPAA regulations. This understanding allowed me to develop my proposal taking into consideration HIPPA compliance as it relates to MTS and my project proposal.
Source: AMMC. Guidelines for Academic Medical Centers on Security and Privacy
Retrieved August 2005 from: http://www.aamc.org/members/gir/gasp/
I researched equipment compatibility issues I found that St Mary Hospital did not have any real issues to deal with. As for hardware compatibility our laptop computers will be upgraded with the PCMIA cards compatible with both the 802.11b standard and TKIP encryption protocols. The access points are either WEP compatible or TKIP compatible.
My research verified that we use a Microsoft's SQL based database and our laptop computers already have direct access to the hospital backbone. We will only be adding the proposed wireless network to the established network. Research also showed that the barcode readers are compatible with our AIMS MTS database. Our current hardware and software will allow direct data input from various barcode readers. I learned that our current wireless infrastructure will allow additional wireless network communications and compatibility will not an issue.
The major accomplishments associated with this research are that our current hardware, software and operating systems will be compatible with the newly proposed network and barcode readers. This will significantly simplify any installation of my proposed wireless network system.
Sources: Tom Hargin, MCSE; IT specialist. and Keith Miller, BMET; Telemetry specialist.
Research Week Three
Research for the hardware cost was easy because the access points and laptops have already been purchased. The project only required three hardware devices.
1). Wireless network interface PCMCIA card:
Cisco 802.11a/b/g CardBus Adapter FCC CNFG, Source: from Provantage.com
The Cisco PCMIA wireless network card was 10 times the price of a standard wireless device but it featured full compatibility with 802.11a/b/g
Security specifications for this card include: IEEE 802.1X support, including Cisco LEAP, PEAP-GTC, PEAP-MSCHAPv2, and EAP-TLS for mutual authentication with dynamic per-user, per-session encryption keys via TKIP enhancements. Full support for WPA. Ready for IEEE 802.11i/WPA2 AES support.
Price $ 112.70 each.
2). Opticon LG2 - 2D Barcode Reader from ID Automation. http://www.idautomation.com/scanners/Opticon_LG2.html
Research showed that the Opticon LG2 - 2D Barcode reader offers the MTS staff the best option for our barcode reading needs. One problem that MTS has experienced with their past Palmtop systems is the lack of durability and loss of data due to breakdowns. In our extreme work environment, high usage and service situations the probability that the barcode reader will be dropped is high. The LG2 has been designed to withstand drops to concrete.
Price $ $719.00 each.
3). Opticon LG2 Battery Charger 2-Bay Battery Charger, AC Power Supply Mfg # 32-LG2CCHG01-01
Price $ 149.00 each. Source: http://www.idautomation.com/scanners/Opticon_LG2.html
Research for labor estimates for the St Mary implementation was easy to figure. Because my previous research showed that the access points are already in place, configuration would only take around 4 hours including verification at the network end.
The laptop configuration will involve installing the PCMIA wireless adapters and Windows 2000 already has the drivers so installation time should be minimal. TCP/IP will be done dynamically. Security will be configured manually at Labor estimate of 1 hour per PC.
I obtained help with my research from both Paul Mioduszewski and Keith Miller this week. I researched pricing on price watch.com and found the majority of products were low end and not suitable for the hardware demands of my project proposal. I also researched products found on Cisco.com and learned that the Cisco PCMIA offered significant advantages over general PCMIA devices. I learned that some wireless systems have reassociation delays when moving from one access point to another or within or across subnets. Cisco promises transparent mobility between subnets.
Sources: Retrieved August 2005 from Pricewatch.com. http://www.pricewatch.com/
Retrieved August 2005 from Cisco.com http://www.cisco.com/en/US/products/hw/wireless/index.html
This week I researched several different types of PCMIA cards and Bar code readers. The proposed selections are listed in Task one above.
PCMIA cards research included generic and name brand cards. The generic and house brands had low prices but did not have the required TKIP security features and were not backward and forward compatible with 802.11a/b/g standard. I found them through Pricewatch.com. During my research I found unbranded and branded cards ranging from $ 12.00 to around $ 100.00 Each. Here are a few examples.
Item A) Generic 802.11b Wireless PC Card Adapter A-306/7F. The price was $ 14.99 and included 64-bit/128-bit WEP encryption but no TKIP security features. 90 Day warranty. I learned that generic and house brands are inexpensive but do not offer the features or product details that the name brand PCMIA cards have.
Source: Retrieved August 2005 from:
Item B) D-Link Air DWL-650 Wireless 802.11b Pc Card Type-II 11mbps wireless LAN adapter with a price of $31.00.
D-link is a major brand and offered a one year warranty that was superior to the Generic PCMIA card. I learned that the D-Link also offered enhanced features compared to the generic card. The DWL-650 can be used in a Peer-to-Peer network without an access point. This device can also transmit data at 11, 5.5, 2 or 1 Mbps per channel and transmit rates can be manually selected for Auto Select 1 or 2 Mbps, Fixed 1 Mbps, Fixed 11 Mbps, Fixed 2 Mbps, Fixed 5.5 Mbps and Fully Auto. The DWL-650 offers full mobility and seamless roaming. The range of coverage per cell indoors is up to 328 feet.
Source: Retrieved August 2005 from: http://www.compuplus.com/insidepage.php3?id=672&refer=pricewatch.com
Research for Barcode readers showed a wide variety of units available. I found that the CipherLab Handheld 1000 barcode Scanner was a good and reliable handheld barcode reader for only $ 54.00. I learned that this might be a good and inexpensive value for those that do not require an industrial scanner.
The CipherLab 1000 Handheld CCD barcode scanner offers a ergonomic design, low power consumption and easy connectivity. This scanner also features a programmable interface and has the ability to decode of all the popular 1D barcode symbols. This unit would work as a substitute for the proposed scanner found above in task one and at its low cost may be an option for some sites.
Source: Retrieved August 2005 from: http://www.ebarcode.com/new/main/scripts/prodview.asp?idProduct=907
Research Week Four
I used the following resources for research this week for computer usage and HIPAA guidance. Along with these resources I researched the hospitals communications policy.
Sources: Saint Mary Hospital Communications Policy. Human Resources Policy Guidebook.
The University of California , San Francisco . Safe Computing guidelines.
Retrieved September 2005 from: http://www.radiology.ucsf.edu/staff/docs/safe_computing_RAD.pdf
Research from the safe computing guidelines enhanced the value of my project by providing specific examples and ideas that I could apply directly to my project proposal. My level of understanding has also increased through the use of this document. I learned that in addition to physical security and passwords a computer's software should be regularly patched and all updates should be applied. Research showed that in my previous exploration of security I overlooked the need to reduce outside hacking through programs and security holes within the installed computer software. By adding this information to my final project proposal will be improved.
Source: The University of California , San Francisco . departmental HIPAA security compliance
Retrieved September 2005 from: http://www.ucsf.edu/hipaa/dept_compliance/
This is part of the University of California 's website dedicated directly to HIPAA resources. From my research I learned about Information classification and how categories can be investigated in order to protect patient information. On the MTS wireless laptops there will be several layers of information, understanding their differences will help our department apply HIPAA policies and benefit my project proposals documentation phase.
Research showed that information can be divided into these categories:
a). Public Information is information accessible under the Public Records Act is available to any person.
b). Restricted Information is non public information disclosed to or used by employees to carry out their duties.
c).Confidential Information is “information that may or may not be protected by law but which is desired to be treated as confidential and protected as such. Access to confidential information is prohibited unless permitted by policy or an exception to the law.”
Definitions
Personal Information is “an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: Social Security number; driver's license number or identification card; or an account, credit or debit card number in combination with any required security code or password that would permit access to the account”.
Protected Health Information (PHI): PHI is an individual's health information or data collected from an individual that is created or received by a health care provider. This includes past present or future information that is transmitted or maintained in any form.
PHI is the information that is the most relevant to my project proposal and defining PHI will give greater understanding to those who might implement this proposal.
Research showed that St Mary Hospitals policy and procedure guidelines had no policies that where directly related to HIPAA compliance and our departments record system. I brought this to our department heads attention and this will be amended soon. As I researched the 15 plus HIPAA policies in human resources, I found a “User Security Training Program with will be beneficial for use for task one listed above and my final project proposal. I learned that any medical provider or organization needs a clear unified policy related to general HIPAA guidelines.
Research Week 5
I researched the NNSA lessons learned checklist to help me analyze my projects success and shortcomings. This article supported Keith Millers feedback method by relating to past experiences. I learned that providing real examples is a good way to provide feedback. I also learned that there should be a methodology in place to evaluate, document and follow-up lessons learned. I learned that lessons learned are not learned unless they are shared.
Source: NNSA. (2001). Lessons learned Assessment Checklist.
http://www.eh.doe.gov/ll/proceedings/proceed1001/nvassess1001.pdf
This document served as an example and was used as a basic guideline to assess my projects success and lessons learned.
My research showed me a lessons learned method. This helped me develop a method even within the small scope of my project proposal. I learned that to complete a lessons learned document you must include the things that went right as well as the things that went wrong.
Source: Retrieved September 5, 2005 from: Australian Public Service Commission website.
http://www.apsc.gov.au/learn/evaluation/outcomeslessons.doc
I also researched the book Project Management by Clifford F. Grey. This book taught me about a more complex level of project review. On a larger project a project might be audited by a third party. A project would also be reviewed by the team and managers before being signed off by the stakeholder. The team and managers performance should also be reviewed. For a project of this size the book also emphasized the need to find and review both the good and bad and provide possible solutions so that future developers can learn from your mistakes and success.
Source: Gray (2003). Project Management, The Managerial Process. McGraw-Hill. Boston .
The major lessons learned in producing my IAL Project have both positive and negative associations. As a review the project I am glad I did not have any major roadblocks and the project went along as scheduled. My project proposal will also benefit St Mary Hospital and potentially 40 Trinity health hospitals. As with any serious review also found things that I would have done differently. Below is a list of three lessons learned to share with my fellow learner.
The major lesson I learned that feedback is one of the most useful tools that one can use to complete a project. For example in week 5 of my project Keith advised me to get an outside opinion concerning the project proposal. I would have overlooked this without this feedback. Another example of the importance of feedback is during my product research phase. I used to think the getting the best price was of primary importance. Through feedback from several resources I learned that product specifications and durability are more important than cost if a quality project is to be completed.
The second lesson learned was that the planning phase is one of the most important steps in project development. For example In the analysis phase I would have separated task 1 into Analyze risk and another task Analyze security. The lesson learned is that project tasks should be broken down to the smallest variable; in project management term work units. By having tasks that were two big I had to subdivide the tasks within the project. If I were to use a WBS these larger task would not look correct. On my next project I will plan tasks into smaller more manageable sections.
The third lesson learned is that you should not assume anything but verify your facts. Research is the key to understanding. During week three I just assumed that any PCMIA card would do. Feedback from Paul Mioduszewski helped realize that you could get multi-standard PCMIA cards. His advice dramatically improved my project proposal and taught me that you cannot assume anything. I also made the assumption that our hospital would have in place a HIPAA policy directly affecting the proposed wireless network; this assumption caused me significant delays.
The following appendixes evidence project completion and provide a sample of my work:
Appendix A: Proposal Documentation.
Appendix B: Letter of Project Completion from the Stakeholder; Keith Miller.
bravenet.com