• Web Hosting
• Guestbooks
• Hit Counter
• Forums
• Blogs
• Mailing List
• Free Web Hosting

Ralph Beckon

Development of a Proposal for the Implementation of a Medical Technology Wireless Data Network for St. Mary Hospital

Week 4: Sept 4, 2005

Tasks

Provide the status of the task. If stalled or changed, state why. What did you accomplish this week that is in line with your scheduled tasks?]

1) Task 1: Amend existing HIPAA Policy to reflect wireless Technologies. (Completed)

I completed this task but ran into some difficulty as describes in the decision section bellow. The basic problem was that there were a large number of policies with HIPAA guidelines but no unified specific policy about computer communications and HIPAA regulations. This problem was solved by making a single document that could be amended or applied toward any future policy.

2) Produce staff user training and guidelines Documentation. (Completed)

To complete this task I used advice from Keith Miller as stated below in the Learning Section. I also utilized St. Mary Mercy's Training Guidelines. The training involves basic in-service on how to use the barcode scanner and its interface with our database. The guidelines talks about HIPAA issues and how to protect patient information, maintain patient confidentiality and secure the laptop computer from unauthorized use.

3) Produce rough draft (Completed)

I completed this and will present it to Keith Miller and Linda Reinhart for review and comments.

Decisions

What came up that needed to be addressed? Did you run into a problem or roadblock? How did you solve it? What important decisions did you make this week that impacted your project?

During this week I ran into a big problem related to task 1 to a mend existing HIPAA Policy to reflect the proposed wireless network. The problem was first identified Monday when I found out that the hospital did not have one single policy that covers HIPAA but around 15 disjointed policies that discuss various aspects of the HIPAA regulations.

Since the HIPAA policies are currently under review I decided that I would make a separate sheet of proposed amendments that could be added to the final policy when completed by human resources.

This problem itself caused significant delays to my progress because I did not have one policy to tie my proposed amendments to. After significant research I came up with a short list of documents that I could use for further research. I then created a separate document of proposed policy changes and this solved the problem.

Learning

1) What helpful feedback did you get in the class (instructor, classmates) and outside the class (user, stakeholder, beneficiary, mentor, expert advisor, others)? What did you gain from this feedback?

I received feedback form my stakeholder Keith Miller and he thought the project was going well. He suggested that I review the hospital training policy to get some ideas for task 2 listed above. From this document I gained some good ideas including the use of attendance sign in sheets, written training documents, hands on user practice and use of informal review questions and answers. He emphasized that in addition to product training, additional HIPAA training should be given.

I received feedback from Linda Reinhart, a project beneficiary and she was pleased that I choose the high quality bar code reader. She related that on many previous occasions' data input devices were dropped or knocked off from work spaces. She added that the mobile carts would increase this probability and agreed with my proposed bar code reader selection.

2) What resources did you use this week (e.g., people, money, equipment, systems, or software)? Did you add new resources? What was your learning?

I had to add several resources this week because of the lack of specific policy concerning computer usage and HIPAA guidance. Along with the resources mentioned in my project plan and the hospitals communications policy I added the following resources:

The University of California , San Francisco . Safe Computing guidelines.

Retrieved September 2005 from:

http://www.radiology.ucsf.edu/staff/docs/safe_computing_RAD.pdf

The safe computing guidelines enhanced the value of my project by providing specific examples and ideas that I could apply directly to my project proposal. My level of understanding has also increased through the use of this document. I learned that in addition to physical security and passwords a computer's software should be regularly patched and all updates should be applied. In my previous exploration of security I overlooked the need to reduce outside hacking through programs and security holes within the installed computer software. By adding this information to my final project proposal will be improved.

The University of California , San Francisco . departmental HIPAA security compliance

Retrieved September 2005 from:

http://www.ucsf.edu/hipaa/dept_compliance/

This is part of the University of California 's website dedicated directly to HIPAA resources. From my research I learned about Information classification and how categories can be investigated in order to protect patient information. On the MTS wireless laptops there will be several layers of information, understanding their differences will help our department apply HIPAA policies and benefit my project proposals documentation phase.

I learned that information can be divided into these categories:

a). Public Information is information accessible under the Public Records Act is available to any person.

b). Restricted Information is non public information disclosed to or used by employees to carry out their duties.

C).Confidential Information is “information that may or may not be protected by law but which is desired to be treated as confidential and protected as such. Access to confidential information is prohibited unless permitted by policy or an exception to the law.”

Personal Information is “an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: Social Security number; driver's license number or identification card; or an account, credit or debit card number in combination with any required security code or password that would permit access to the account”.

Protected Health Information (PHI): PHI is an individual's health information or data collected from an individual that is created or received by a health care provider. This includes past present or future information that is transmitted or maintained in any form.

PHI is the information that is the most relevant to my project proposal and defining PHI will give greater understanding to those who might implement this proposal.

3) What research did you perform this week that was assisting and/or literature based? What was your learning?

I researched policy and procedure guidelines and learned several important things about our current hospital polices. As I reviewed the MTS policy and procedure book I could not find any policies that directly related to HIPAA compliance and our record system. I brought this to our department heads attention and this will be amended soon. As I review the 15 plus HIPAA policies in human resources, I found a “User Security Training Program with will be beneficial for use for task one listed above and my final project proposal. I learned that any medical provider or organization needs a clear unified policy related to general HIPAA guidelines.

Indicators

1) How well did you stick to your project schedule?

I had no problem keeping to my project schedule.

2) How prepared are you to conclude your project in Unit 10 as required in this course?

I see no problem in completing my project in Unit 10.

3) How likely is it that you will need to resort to your contingency plan?

I think it is unlikely that I will need to resort to your contingency plan.

Other

I have no additional comments at this time.