Clinical Data Repositories

Nowadays, most institutions have existing clinical data repositories (CDR). in electronic or written
format, to represent an aggregated database of clinical information. The repositories usually house a multitude
of laboratory results, diagnostic reports, and various clinical documentation. These data are readily searchable
and exportable, often because the information is gathered from standard clinical care procedures (Robertson
and Williams, 2016). The repositories integrate physician entered data with data from different existing
information systems including laboratory, radiology, admission, and pharmacy They are placed where both
clinical data and other data of interest, such as external data sources and financial data, are assimilated
(Carter, 2001).
A clinical data repository can successfully depict the same sample across different points in time from
varying sources both within and outside the health institution. Common kinds of available information in the
CDR are listed below:
✓ Patient demographics ✓ Immunizations
✓ Patient's primary care provider ✓ Diagnoses
✓ Medication list ✓ Procedures
✓ Allergies ✓ Laboratory results
✓ Hospital in-patient visits ✓ Social history
✓ Emergency department encounters ✓ Vitals
✓ Outpatient practice visits

Maintaining them poses a lot of advantages since the longitudinal view of a patient's medical
record can assist in improving patient experience, and having information about prior test results
and procedures leads to more informed patient care decisions and helps avoid redundant
treatment.

CDR Integration with HIS

Bergeron (2013) describes a clinical data repository as a systematically structured and
gathered "storehouse" of patient-specific data, which is usually mirrored from a clinical
application, or supplemented with data from other clinical systems. Since it is maintained as a
separate database particularly created in aiding decision analysis, the main application avoids
computational loading, and response time to a query is improved. Moreover, because almost
all simple, customized, or complex patient records are mirrored in it. queries are possible without
sacrificing the performance of the source applications. Furthermore, since the data typically
originated from one source with little to no manipulation, near real-time retrieval of clinical data
is possible.
There are different levels of integration in the said repository. These levels depend on
locations, indices catalogues, semantic translations or equivalences, syntactic structures, and
links to external information. They influence functionality by setting constraints on how easily
someone can make queries for any of the contents. The integration structure from the CDR to
the laboratory information system, for example, may be different for radiology or pharmacy.
These differences might mean that a user may only access certain types of information, and
use particular types of queries from a given information system depending on the restrictions
which were set during the integration process. The aforementioned restrictions vary in terms of
the user's access. While some CDRs are fairly open, others are restricted either to employees
of an institution or to members of some research network Access control to the CDR functions
as a safeguard to uphold data security and integrity.
Wade (2014) emphasizes that the longitudinal nature of the CDR requires a way of linking
various observations of the same identified subject. Most repositories usually contain
personally-identified data; however, due to privacy issues, they only release de-identified data
which can lead to the omission of some da in a dataset. The lack of identifiers could also prevent
the linking of data for some patients Presented below (Table 13,1) are the different types of
clinical data repositories that Wade classified according to factors described above

Table 13.1 Types of clinical data repositories

Repository Type Definition

Study A database that collects observations for a specific clinical research
study
Electronic Health Record A database of observations made as a result of direct health care
Registry Observations collected and organized for the purpose of studying
or guiding particular outcomes on a defined population; associated
studies are either multiple or long-term and evolving over time
Warehouse A repository that adds levels of integration and quality to the
primary (research or clinical) data of a single institution to support
flexible queries for multiple uses; is broader in application than a
registry
Collection A library of heterogeneous datasets from more organizations than
a warehouse or more sources than a registry; organized to help
users find a particular data set, but not to query for data combined
across datasets
Federation A repository distributed across multiple locations, where each
location retains control over access to its own data, and is
responsible for making the data comparable with the data of other
locations

These repositories are beneficial in consolidating patient information, a disadvantage is

that most CDRs are only integrated with clinical data. Laboratory results, diagnoses, and
demographics might be available in one platform, but overall patient satisfaction, the amount of
time a patient had to wait before being treated, and other information not directly related to
patient care might be unavailable.

Multiple Views for Patient Medical Record

Information on patients is typically scattered across multiple subsystems. A clinical data
repository standardizes data from disparate sources into a cohesive format. It comprises
numerous tables which offer a partial view of patient information (Gensinger, 2014). Its structure
allows data to be extracted along dimensions such as time (by year. month, week, or day),
location, or diagnosis. These data can often be accessed in smaller units within the same
dimension. For instance, a user can view the number of patients with a certain type of diagnosis,
laboratory result, or prescription within a year, then a month in that year. and further into a day
in that month. One can also access how many times a particular procedure has been performed
at all locations within a health system, and then see the aggregate amount per region or per
facility. It helps organizations to transform large amounts of information from distinct
transactional files into a unitary decision-support database (Wager, Lee. & Glaser, 2013).
Ball and Douglas (2013) elaborate that a well-deployed clinical repository has multiple
advantages. First advantage is the CDR function to provide longitudinal views of patient
information. It is often organized primarily around patients and secondly around visits or
encounters, a method that easily accommodates views that span multiple visits. This allows
clinicians to trend and chart results independent of the visits and test panel organization. For
example, a clinician could study the trend of a patient's blood sodium levels over the past six
months independent of other factors.
Another advantage is its capability to provide access to information when needed. Since
it receives information from a multitude of feeder systems, it can create a "one-stop shopping
environment. This is done by allowing the clinical staff to access a variety of patient-focused
information through a consistent and easy-to-use graphical interface (GUI). The GUI access
can be deployed through hand-held devices, bedside computing devices, computers in
physician's offices, or computing devices in nursing stations. In any case, this wide variety of
information access moves far closer to deployment of information at the point of care.
Finally, CDR provides a cross-continuum view of information since it allows information
to be gathered and viewed from sources other than an acute setting. This type of ambulatory-
focused information combines with the acute information to give clinicians a new level of insight
into the wellness of their patients.

Data Visualization of Laboratory Results and Vitals

Data collected through an electronic health record system may be retrieved at the
request of an authorized user, whether a physician, medical technologist, nurse, or radiologist.
The electronic health record may present patient care information as text, tables, graphs,
sounds, images, full-motion video, or signals on an electronic screen, phone, pager, or paper
(Bronzino & Peterson, 2014).
Unfortunately, analyzing trends and patterns from large data sets can be a challenging
process. This is where data visualization, the art of representing data in a pictorial or graphical
format, becomes useful. It helps in simplifying a wide array of information, and it allows decision-
makers to derive analytical results from the information presented visually. Through this,
correlations, patterns, and trends which might be undetected from text-based clinical data can
be revealed and recognized with more ease.
For example, the physician can easily review the results of multiple chest x-rays obtained
over the course of months or years when deciding if a nodule has grown. This information would
not have been accessible when basing on textual clinical data alone. Moreover, patients
suffering from specific diseases that require careful charting or monitoring of laboratory values,
including anticoagulation or blood sugar values, can understand what is expected in their care
because of better means of data presentation (Figure 13.1).
Visualization of clinical data is increasingly becoming an important tool in decision-
making The graphical representation feature of most clinical data repositories enables scenario
analysis, which helps users use different kinds of filters in order to change the level of
information that may be seen Common filters include age and gender, in order to assess
outcomes of certain interventions based on isolating certain factors. This kind of analysis is a
good opportunity in empowering the frontline staff by giving them straightforward data which will
efficiently and effectively facilitate the performance of their tasks (Raiss & McCustion, 2018 )
Key Points to Remember
✓ Clinical data repositories (CDR) integrate physician-entered data with data from different
existing information systems including laboratory, radiology, admission, and pharmacy.
✓ A CDR is a systematically structured and gathered "storehouse" of patient-specific data,
which is usually mirrored from a clinical application, or supplemented with data from other
clinical systems.
✓ Repository types include study, electronic health record, registry, warehouse, collection, and
federation.
✓ CDRs offer a cross-continuum view of information since they allow information to be
gathered and viewed from sources other than an acute setting.
✓ Data visualization helps in simplifying a wide array of information, and it allows decision-
makers to derive analytical results from information presented visually.
Ethics in Health Informatics
Technology helped in the modernization of the health care industry, however, this made
practitioners to be dependent on the use of mechanical aids in providing patient treatment.
Conversely, human values should continue to govern research and the actual practice in health
care.
Health care informatics covers issues on honorable actions and proper and improper
behaviors in the field of health care. However, most health practitioners are not familiar with
ethical issues even if some issues have been controversial.
Nowadays, privacy and confidentiality are among the popular sources of debate.
However, more important issues such as the use of appropriate informatics tools in clinical
settings, determination of users, system evaluation, system development, and many others
need attention. These and other questions on the various legal and regulatory requirements
need to be addressed (Goodman, 2016).
Listed below is a set of ethical principles for appropriate use of decision-support
systems, particularly in informatics, as described by Shortlife and Cimino (2013)
1. A program should undergo appropriate evaluation prior to use in clinical practice. It should
perform efficiently at an acceptable financial and timeframe cost.
2. Adequate training and instruction should be completed before proceeding to the
implementation
3. A qualified health profesional should be assigned to handle concerns regarding uses,
licenses, and other concerns. The software systems applications should not replace
functions such as decision-making
Information systems store patient's records that can be retrieved when needed. These
records assist in the dispensation of health care or other supplementary services which are part
of health informatics. Health informatics is guided by health information ethics defined as the
application of the principles of ethics in the domain of health informatics. The three main aspects
of information ethics are general, informatics, and software ethics (Samuel & Zaiane. 2014).

General Ethics
In public health, general ethics guide the reasoning and decision-making of all people
and organization involved in health care. Two of the ethical principles a health professional must
uphold are autonomy and beneficence and non-maleficence
1. Autonomy
Autonomy is defined as the idea of either allowing individuals to make their own
decisions in response to a particular societal context, or being free from external influence
or control. Electronic health records (EHR) must maintain respect for patient autonomy, and
this entails certain restrictions about the access, content, and ownership records
compromise be reached between levels of patient autonomy and quality of patient records.
When patients are given too much control over their EHRs, this could defeat the purpose of
the use of such document because critical information might be modified or deleted without
the knowledge of the health professionals. Limiting patient access and control over patient
 records improves document quality because patients can also verify their own records
(Mercuri, 2010).
2. Beneficence and Non- maleficence
These two principles are respectively defined as do geed and do no harm. In health
informatics, beneficence relates most significantly with the usage of stored data in the EHR
system, and non-maleficence with how the stored data is protected.
Deeply integrated EHR systems will contain substantial amounts of raw data, and great
potential exists for the conduct of groundbreaking biomedical and public health researches.
These kinds of research will be beneficial to both the individual patient and the society. With
this in mind. new EHR systems should be developed with the capacity to allow patients to
release information from their EHRs which can be valuable to researchers and scientists
Similarly, the available consolidated data from clinical data repositories will allow health care
professionals to provide the best possible treatment for their patients, further upholding the
principle of beneficence.
However, the integrated data storage in health informatics is also a breeding ground for
varying threats. Temporary outages, at a minimum, might prevent health care professionals
from performing necessary procedures. At worst, it could even result in significant patient
mortality. Total system failures, however, may cause even greater damage. In order to avoid
these instances, all data must have multiple back-ups for fast and easy recovery. Since
medical records contain very sensitive information about an individual, the highest level of
data security possible should also be upheld. Vulnerabilities in security put patients at a
risky position, and might ultimately lead to the violation of the principle of non-maleficence
(Mercuri, 2010).

Informatics Ethics
Informatics ethics is about the ethical behavior expected from an individual assigned
to handle information. as prescribed by the International Medical Informatics Association
(2016). It follows seven principles:
1. Principle of Information Privacy and Disposition
Everyone has the fundamental right to privacy. Every individual should ensure that he
or she has control over the collection, access, use, communication, manipulation, storage,
linkage, and disposition of data about himself or herself.
2. Principle of Openness
The control measures of particular data should be disclosed to the concerned individual
in an appropriate and timely fashion.
3. Principle of Security
Legitimately collected data should be protected through all appropriate measures against
access, use, modification or communication, manipulation, linkage, loss, degradation, and
unauthorized destruction.
4. Principle of Access
Authorized individuals should be given access to electronic health records and the right
to correct the data with respect to their completeness, accuracy, and relevance.
5. Principle of Legitimate Infringement
The right to privacy and control over personal data should be conditioned by the
appropriate. legitimate, and relevant data-requirement of a democratic society and by the
equal rights of others.
6. Principle of the Least Intrusive Alternative
Any infringement of privacy rights should occur in the least intrusive manner and with
the least amount of interference with the rights of the affected parties.
7. Principle of Accountability
Any infringement must be justified to the concerned individuals in a timely and
appropriate fashion.

Software Ethics
Health informatics ethics relies on the use of the software to store and process
information. It follows that the activities carried out by the developers might affect the end-users.
Therefore, software ethics is the ethical duties and responsibilities of software developers to
the stakeholders (society, institution and employees, and the profession). They should execute
all system activities with the best interest of the society in mind. They should disclose any
threats or known defects in the software. They should ensure that completed activities serve
the best interests of the institution and its employees. They should be straightforward about
their personal limitations and qualifications. Finally, they must build products that meet the
professional standards through testing and detailing unresolved issues. In support of the
mentioned responsibilities of software developers, the management should require ethical
approaches in software development (Samuel & Zaiane, 2014).

Privacy, Confidentiality, and Security

Privacy and confidentiality are often used interchangeably, but they are not synonymous.
Privacy generally applies to individuals and their aversion to eavesdropping, whereas
confidentiality is more closely related to unintended disclosure of information. For example,
someone who is spying on a certain person to find out about his or her visit to an acquired
immunodeficiency syndrome (AIDS) clinic is a violation of that person's privacy. On the other
hand, if someone breaks into the clinic to view an individual's patient record, that act is in
violation of confidentiality.
There are numerous significant reasons to protect privacy and confidentiality. First,
privacy and confidentiality are widely regarded as rights of all people which merit respect without
the need to be earned. argued, or defended. Second, protection of these rights is ultimately
advantageous for both individuals and society. Patients are more likely to be comfortable to
share sensitive health care data when they believe this information would not be shared
inappropriately. This kind of trust essentially establishes a successful physician-patient or
nurse-patient relationship, and enables the practitioners to perform their jobs better.
Furthermore, the protection of privacy and confidentiality benefits public health. When people
are not afraid to disclose personal information, they are more inclined to seek out professional
assistance which helps in diminishing the risk of increasing untreated illnesses and spreading
infectious diseases (Goodman, 2016).
When patients trust medical professionals and health information technology enough to
disclose their health information, the latter will have a more holistic view of patients' overall
health and both health care professional and patient can formulate more informed decisions. In
circumstances in which breaches of privacy and confidentiality occur, serious consequences for
the organization await, such as reputational and financial harm, or personal harm to patients
Poor privacy and security practices heighten the vulnerability of patient information and increase
the risk of successful cyber attacks (USA Department of Health and Human Services, 2015).
In summary, the idea that physicians should hold health care information in confidence
should be applicable no matter what the circumstance. The obligation to protect privacy and to
keep health information confidential fall on system designers, maintenance personnel,
administrators, and, ultimately. to the physicians, nurses, and other frontline users of the
information. The protection of privacy and confidentiality is non-negotiable because it is a duty
that does not fluctuate (Goodman, 2016).

Levels of Security in Hospital Information System

Safeguards are the solutions and tools which may be utilized to implement security
policies at different levels of health organization. At the administrative level, they may be
implemented by the management as organization wide policies and procedures, Mechanisms
can be put in place to protect equipment, systems. nd locations at the physical level, while
automated processes to protect the software and database access nd control can be
implemented at the technical level. Examples are enumerated in Table 14.1 below, as
discussed by the USA Department of Health and Human Services.
It is important to note that the types of safeguards may be prescribed or restricted by
law. Another important consideration is the cost-benefit principle. If it is not cost effective for an
institution to avail of an expensive technology to mitigate a risk to electronic health information,
an alternative is to require the staff to follow a new administrative procedure that equally reduces
that risk Conversely, if an institution cannot afford to place additional burden on the staff due to
possibilities of human error, it may choose to purchase a technology that automates the
procedure in order to minimize the risk
Regardless of the type of safeguard (Table 14.1) chosen to be implemented, it is
important to monitor its effectiveness and regularly assess the health IT environment to
determine if new risks are present.
Table 14.1 Administrative, Physical, and Technical Safeguards for HIS

• Regular risk assessment of the health IT

environment
• Continuous assessment of the effectiveness
of safeguards for electronic health
information
Administrative Safeguards • Detailed processes and procedures for
viewing and administering electronic health
information
• Training for the users of health IT to
appropriately protect electronic health
information
• Reporting of security breaches (eg, to those
entities required by law or contract) and
continued health IT operations
Physical Safeguards • Placing office alarm systems
 • Locking offices and areas that contain computing
equipment that stores electronic health
information
• Having security guards that make regular rounds
in the vicinity
Technical Safeguards • Configuration of computing equipment to
ensure security (e.g., virus checking, firewalls)
• Using certified applications and technologies
that store or exchange electronic health
information
• Setting up access controls to health IT and
electronic health information (e.g.,
authorized computer accounts)
• Encryption of electronic health information
• Regular audit of the health IT operations
• Having backup capabilities (e.g., regular
backups of electronic health information to
another computer file server)
Source:Reassessing your security practices in a Health IT environment: A guide to small health care practices (Office
of the National Coordinator for Health Information Technology, n.d.)

The National Research Council (1997) emphasizes that technological security tools are
essential components of modern distributed health care information systems, and that they
serve five key functions:
1. Availability - ensuring that accurate and up-to-date information is available when needed
at appropriate places.
2. Accountability - helping to ensure that health care providers are responsible for their
access to and use of information, based on a legitimate need and right to know
3. Perimeter Identification - knowing and controlling the boundaries of trusted access to the
information system, both physically and logically
4. Controlling Access- enabling access for health care providers only to information essential
to the performance of their jobs and limiting the real or perceived temptation to access
information beyond a legitimate need
5. Comprehensibility and Control - ensuring that record owners, data stewards, and patients
understand and have effective control over appropriate aspects of information privacy and
access

Levels of Security in the Laboratory Information System

McPherson and Pincus (2017) narrate the following flow of information, described in
Table 14.2. in a specific portion of the hospital information system, that is, the laboratory
information system.
Table 14.2 Key Steps in Laboratory Information Flow for a Hospital Patient
 Step Description
Register Patient The patient record (eg. ID Number, name, sex, age, location) must be created in the
LIS prior to the testis). The LIS usually receives these data automatically from the
hospital registration system when a patient is admitted.
Order Tests The attending physician orders the tests for the patient and the procedure is
requested as part of the laboratory's morning blood collection rounds. These orders
are entered into the CIS and they are sent to the LIS electronically.
Collect Sample The LIS prints a list of all patients who have to be drawn which also includes the
appropriate number of sample barcode labels for each patient order. Each barcode
contains the patient ID, sample contained, and laboratory workstation which is
used to sort the tube once it reaches the laboratory, An increasingly popular
approach is for caregivers or nurses to collect the blood sample. Sample barcode
labels can be printed fon demand) at the nursing station on an LIS printer or
portable bedside printer prior to collection.
Receive Sample Once the sample arrives in the laboratory, the status is updated in the LIS from
"collected to received." This is done by scanning each sample container's barcode ID
into the LIS. Once the status becomes "received the LIS then transmits the test order
to the analyzer that will perform the required test.
Run Sample The sample is loaded to the analyzer, and the barcode is then read. No worklist is
needed because the analyzer knows what test to perform from the order provided
by the LIS. However, when tests are performed manually, the technologist prints a
worklist from the LIS. The worklist should contain the names of the patients and the
tests ordered on each and next to each test is a space to record the result.
Review Results The analyzer then produces the results and sends the same to the LIS. The result is
only viewable to the assigned technologists until it is released for general viewing.
The LIS can also be programmed to flag certain results-for example, critical values-so
the technologist can easily identify what needs to be repeated or further evaluated.
Release Results The technologist is responsible for the release of the results. Unflagged results are
reviewed and released at the same time. The LIS can be programmed to automatically
review and release normal results or results that fall within a certain range. This
approach reduces the number of tests that a technologist has to review. The results
are automatically transmitted to the CIS upon release.
Report Results The physician can now view the results on the CIS screen. Reports can be printed
when needed.

The aforementioned principles regarding administrative, technological, and physical safeguards

can applied similarly to the laboratory information system in order to improve its security.
Examples are list in Table 14.3
Table 14.3 Administrative, Physical, and Technical Safeguards for LIS

Administrative Safeguards • Continuous training for the users of the

LIS
• Periodic review of standards used to
identify results that should be flagged
• Review of the authorization and
supervision policies
 • Strict implementation of the rules and
regulations for the testing procedures
• Release and dissemination of guidelines
on the proper disposal of laboratory
specimen
• Enforcement of strict policies on the
proper use of laboratory workstations
• Requiring appropriate disciplinary
measures as needed
Physical Safeguards • Ensuring the periodic maintenance of
laboratory equipment
• Having biometrics or other security
measures for laboratory access
• Maintenance of controlled temperature
both for equipment and specimen
• Presence of contingency operations plan
• Use of appropriate personal laboratory
safety equipment
Technical Safeguards • Presence of automated identity
confirmation procedures for users
requesting access
• Regular updating of passwords
• Requiring different authorizations based
on user level
• Capacity of the unit to automatically log
off after a specified period of inactivity

Philippine Data Privacy Act of 2012

Business process management, particularly involving health information technology, is
an increasingly growing industry within the Philippine economy. With total IT expenditure
reaching $4.4 billion in 2016, the industry is forecasted to go beyond doubling itself by 2020. In
addition, Filipinos utilize social media heavily, with a whopping 3.5 million users on LinkedIn, 13
million on Twitter, and 42.1 million on Facebook (Wall, 2017)
Given the rapid evolution of the digital economy and heightened international data
trading, the Philippines has decided to strengthen its privacy and security protection by passing
the Data Privacy Act of 2012, with an aim to protect the fundamental human right of privacy of
communication while ensuring free flow of information to promote innovation and growth"
(Republic Act No. 10173, Ch. 1, Sec. 2).
The Act applies to individuals and legal entities that are in the business of processing
personal information. The law applies extraterritorially, applying both to companies with offices
in the Philippines and even those located outside that use equipment based in the Philippines.
It covers personal information of Filipino citizens regardless of the place of residence. The main
principles that govern the approach for this Act include transparency, legitimacy of purpose, and
proportionality.
 Furthermore, in the Data Privacy Act of 2012, consent is one of the major elements
highly valued. The Act provides that consent must be documented and given prior to the
collection of all forms of personal data, and the collection must be declared, specified, and used
for a legitimate purpose. In addition, the subject must be notified about the purpose and extent
of data processing, with details specifying the need for automated processing, profiling, direct
marketing, or sharing. These factors ensure that consent is freely given, specific, and informed.
However, an exception to the requirement of consent is allowed in cases of contractual
agreements where processing is essential to pursue the legitimate interests of the parties,
except when overridden by fundamental rights and freedom. Such is also the case in responding
to national emergencies.
Processing of sensitive and personal information is also forbidden, except in particular
circumstances enumerated below. The Data Privacy Act of 2012 describes sensitive personal
information as those being

• about an individual's race, ethnic origin, marital status, age, color, and religious,
philosophical, or political affiliations,
• about an individual's health, education, genetic or sexual life of a person, or to any
proceeding or any offense committed or allegedly committed.
• issued by government agencies "peculiar" (unique) to an individual, such as social security
number, and
• marked as classified by an executive order or act of Congress.
The exceptions are

• consent of the data subject,

• pursuant to law that does not require consent.
• necessity to protect life and health of a person
• necessity for medical treatment, and
• necessity to protect the lawful rights of data subjects in court proceedings, legal
proceedings, or regulation.
The provisions of the law necessitate covered entities to create privacy and security program
to improve the collection of data, limit processing to legitimate purposes, manage access, and
implement data retention procedures.
The Act provides for different penalties for varying violations, majority of which include
imprisonment. These violations include:

• unauthorized processing.
• processing for unauthorized purposes,
• negligent access.
• improper disposal.
• unauthorized access or intentional breach.
• concealment of breach involving sensitive personal information,
• unauthorized disclosure, and
• malicious disclosure.
 Any combination or series of acts enumerated above shall make the person subject to
imprisonment ranging from three (3) years to six (6) years, and a fine of not less than one million
pesos (P1,000,000.00) but not more than five million pesos (P5,000,000.00) (Republic Act No.
10173, Ch. 8, Sec. 33).

Key Points to Remember

✓ Health informatics ethics is the application of the principles of ethics to the domain of health
informatics. There are three main aspects of health informatics ethics: general ethics,
informatics ethics, and software ethics.
✓ General ethics covers autonomy, beneficence, and non-maleficence.
✓ Informatics ethics refers to privacy, openness, security, access, infringement, least intrusion
and accountability.
✓ Software developers should consider the best interest of the society in general, the
institution and its employees, and the profession.
✓ Administrative, physical, and technical safeguards are placed to regularly monitor
effectiveness and assess the health IT environment.
Change Management
Generally, there are four kinds of changes that all kinds of organizations might
encounter, with the likelihood of overlap among the conceivable outcomes.
a. Operational changes can influence the way dynamic business tasks are led, including the
computerization of a particular business segment.
b. Strategic changes occur when the business direction, in relation to its vision, mission, and
philosophy, is altered. For instance, changing the business technique from business growth
to increasing market share in the overall industry is a case of strategic change.
c. Cultural changes influence the internal organizational culture, for example, the way the
businessbis conducted, such as actualizing a CQI (continuous quality improvement)
framework.
d. Political changes in human resources occur primarily due to political reasons of varying
types, commonly, changes that happen on top patronage levels in the government agencies.
Different sorts of changes typically have dissimilar impacts on different organizational levels.
For instance, operational changes tend to have the highest impact on the lower organizational
levels, and mostly affect frontline employees. Employees working at the upper levels might be
indifferent to the changes, which may cause significant distress to those attempting the
implementation of change.
Conversely, the effect of political changes is more strongly felt on the higher levels of the
organization. When changes occur relatively in a bureaucratic organization, those working on
the bottom level often notice the change at the top (Lorenzi & Riley, 2000).
There is no denying that organizational changes have varying degrees of impact on both
the organization, and in effect, its clientele. This lesson discusses change management
contextualized in health informatics, which is increasingly becoming a course of action that
health institutions avail in order to improve their services.
Changes are inevitable especially in organizations because they need to evolve to meet the
demands of the stakeholders which include global competition, changes in customer demand.
technological advances. and new legislation.
Organizations may even change the way they operate in order to cope with the demands.
Redefining roles, eliminating ineffective processes, or initiating new ways of working are
considered minor adjustments. Conversely, there are times when pressures necessitate major
disruptions which transform the culture, re-organize people, processes and systems; and
change the organization's strategy radically.
For more than 100 years, change management has been evolving with its beginnings rooted
in health and job-related grief studies. Currently, most change management processes which
are designed to drive business transformations draw their inspiration from behavioral and social
sciences and IT and business solutions.
A survey on change management conducted in 2007 involving over 400 senior HR
managers in the US revealed the following reasons behind the percentages of organizations
implementing or planning change over the previous two years:
• New performance management process • Operational changes resulting from new
(58%) legislation, economic conditions, or
• Relocation or facility closure (57%) national/international events (30%)
• Organizational culture changes (54%) • Product rebranding (26 %)
• New IT systems (51%) • Acquisition (25%)
• Change of strategy (45%) • Off shoring or outsourcing (16%)
• New financial/accounting systems (41%) • Merger (10%)
• Downsizing, layoffs (40%) • Corporate ownership change (8%).

Meanwhile, in the health care industry, the following are factors that contribute to the
changes:
1. Regulatory adjustments
2. Shifts in consumer behavior patterns
3. Accelerated pace of IT development
Health care consumers want a more customized experience and greater opportunity to
participate in their health care decisions. This means that health care institutions need to adapt
a more innovative technology, implement an informed patient engagement strategy, and adjust
their organizational structures to drive better patient experiences which may result in numerous
and rapid changes (Quinn, 2017). However, technology alone is not enough. The truth of the
matter that no technology can be successfully implemented without the human factor which
intensifies the work processes and gives the appropriate guidance. The need to find the right
balance between technology and human factor is necessary in the roadmap for organizational
changes.
Another vital element in change management initiatives is communication, Information
should be shared so the stakeholders would be advised about the timing, nature, and
importance of changes in the business Participation from management is crucial to the
successful implementation of the planned changes. Any change can only be successful when
the employees are motivated towards the change and are willing to accept the vision presented
by the organization's leadership (Aljohani, 2016).
Those organizations which are able to manage change well will definitely survive and thrive.
This is basically the concept of change management. The managers need to direct, control, and
monitor the changes to ensure that the objectives are met. They must ensure that the
employees adapt the changes without disrupting the regular operations (Downey, 2008).
Change management process has a wide range of models with each model having its own
strategic approaches. The more common change practice examples include:
1. Kurt Lewin's Unfreeze-Change-Refreeze model
This three-step model was proposed by Kurt Lewin, founder of social psychology, in the
1950s. This is still widely used as the basis for many change management strategies.
2. Proski's ADKAR model
This acronym means "Awareness of the business reasons for change. Desire to engage
and participate in the change: Knowledge about how to change. Ability to implement
change, and Reinforcement to ensure change sticks" (ADKAR).
3. Kotter's Change model
This eight-step model was developed by John Kotter of Harvard Business School
Building a strong collaborative team by using a solid strategy, creating effective
communication channels supporting staff empowerment, using a phased and steady
approach, and securing the change within an organization's culture are the core concepts
of this method (QuickBase, 2017).

Application of Change Management

Change management is defined as a series of tools, techniques, and processes aimed
at successfully effecting change. These tools support the application of other initiatives such as
Six Sigma, Customer Relationship Management (CRM), Total Quality Management (TQM), or
Enterprise Resource Planning (ERP), but can be implemented in a variety of contexts.
Downey (2008) enumerates the common tools and techniques that can be used during
a change initiative:

• Gathering information about the 'as is' and 'to be status of the current process
• Mapping of the process for both as is' and to be status
• Gap analysis.
• Business case development
• Project management
• Problem solving
• Requirements elicitation techniques
• Negotiation skills
In addition, the progress of the change initiative can be measured against the objectives set
by the organization (Downey, 2008). The said objectives will be measured by the key
performance indicators (KPI) which include reducing rework by x%, improving in stakeholder
satisfaction, for example, comes employee surveys, reducing time to market, enhanced speed
of delivery, and having good return on investment (ROI) which is the total cost to implement the
initiative versus total savings gained from the initiative per period
In the world of health care, some hospitals are reluctant and indignant towards the idea of
change, and they find it difficult to adjust. Thus, health informatics hopes to change the way
health care institutions conduct their business on a daily basis Health care providers need to
welcome change and approach information technology with an open mind. Aziz (2007)
emphasizes that a mechanism for the transformation of business and clinical processes should
be in place By encouraging the adoption of innovation in health care information technology by
clinicians, therapists, nurses, and physicians, health care providers can achieve key come
factors (Table 15.1)
Table 15.1 Key Success Factors

Key success factors at the leadership
level in health care organizations
1. Setting the vision and strategy
roadmap for the organization
Key success factors at the program level
1. Clear and timely dissemination of information
2. Building a strong project leadership team and other
functional
teams
 2. Forming a governing body to set
direction and priorities, and to
allocate resources
3. Designating of the organization's
executive sponsor, departmental
champions, and program
manager
4. Defining reporting requirements
for the project
5. Setting and managing the users'
expectations
3. Providing proper training on the new changes especially on
the workflow and technology
4. Forming integrated teams to address and resolve critical
and
complex issues
5. Empowering staff and end-users to improve the process by
removing barriers and obstacles
6. Maintaining changes through by positive reinforcement
7. Frequent celebration of success by acknowledging
contributors thus keeping the motivation and momentum
8. Monitoring and constant measurement of key indicators
(eg, using a dashboard to report progress and benchmarks)
9. Involving those who are affected by the change in decision
making (e.g. choice of computer carts, COW)
10. Other creative actions and incentives e.g, monthly prizes
for high performing teams, providing snacks and drinks

Working with Physicians

Most physicians have patients in multiple hospitals since they are non-hospital
employees. Systems of health institutions may differ from each other which complicates the
situation. Thus, they should have clear cut adoption methods to avoid any issues. Aziz (2007)
lists some ideas for the success of the transformation.
1. Communicate patiently the benefits of the changes in terms of patient care and safety.
2. Nominate physician leaders at the start of the program.
3. Use web, CBT and other multi-channel learning and training opportunities.
4. Be ready and available to answer questions and clarifications.
5. Make sure that there is a process in place in handling enhancement requests and
developments.

Training and Education in Health Informatics

Below is a list of practices that emphasize life-long learning in support of the change
management that must be initiated by the leaders of the organization (Aziz, 2007).
1. Provide instructor-led training classes to cover different shifts.
2. Present contemporary models of training.
3. Make computer laboratories available for practice (24/7)
4. Roll out accompanied by on-the-job/real-time training
5. Summarize the steps and make cheat sheets handy.
6. Print easy to carry colorful booklets in a pocket.
7. Provide a short manual with key facts and how-to-tips.
8. Have well equipped training rooms.
9. Schedule train-the-trainer program to give enough time to practice.
10. Assign a super-user to keep people involved.
11. Provide the business process maps and process workflows.
12. Prepare a day-in-the-life scenario for the simulation.
13. Walk them through the flow several times until they are able to adapt.
14. Entertain and answer questions clearly and provide details.
15. Prepare the users by discussing some of the challenges and frustrations they might
encounter in the early stages of the rollout.
Enumerated are the fundamental practices that management needs to embrace as its well-
rounded strategy (Aziz, 2007).
1. Align business leaders with clinical leaders by creating a governance structure.
2. Focus on the process design and map the workflow clearly.
3. Have due diligence to ensure a thorough organizational and business impact analysis.
4. Encourage the involvement of clinicians at various levels at the start of the project
5. Show commitment by staying on the course and communicating the objectives clearly.
6. Have a strong program customized to address different needs.
7. Get feedback into the loop and work on it
8. Have a 24x7 help desk to ensure that the program is well-structured and has ample support.
9. Select a couple of measurement criteria for benchmarking and system evaluation.

Health Information Profession

Role of Health Information Management Professionals
Health information management (HIM) professionals have a special skill set that
qualifies them to assume the role of privacy and security officers who take care of the storage,
protection, and maintenance of the information in the health care institution. This is coupled with
their academic preparations, experiences in the health sector, and commitment to the advocacy
of patient care and professional code of ethics (May, 2014).
HIM professionals should be committed to the timely and accurate collection and
management of data which cover the aggregation, analysis, and dissemination of patient health
information. They manage the said information and medical records, administer the computer
information systems, and standardize the coding systems for the diagnoses and procedures of
the services provided to patients. Such information is kept secure and private in accordance
with state laws.
A career in health information management and health information technology is not
limited to data capture, documentation, and maintenance of clinical information but also
includes data analytics and interpretation, and management of the health information
technology systems.
HIM professionals may fall into various job categories with varied titles, including
1. Health information management 7. Clinical coding specialist
department director 8. Patient information coordinator
2. Health information management system 9. Physician practice manager
manager 10. Health information administrator
3. Information security officer 11. Revenue cycle specialist
4. Chief privacy officer 12. Director of quality management
5. Health data analyst 13. Health information manager
6. Health record technician specialist
14. Health information technologist/
technician

These professionals also ensure that a patient is billed accurately and assure that the
accumulated health care information is compiled and analyzed to assist in making
recommendations that can improve the health services. They are also expected to devise
policies that address concerns on the delivery of high quality health care and the availability of
quality information for decision-making (May, 2014).

Philippine Health Information Profession

Advancements in ICT (information and communication technology) are upsetting not only
for traditional businesses, but even those not immediately thought of as probable beneficiaries
such as the health care sector. From electronic patient records to the wireless transmittal of
patient files for remote diagnosis, improvements in communication and technology will lead to
better delivery of health care services. Telemedicine, or the use of electronic communications
to transmit and exchange medical information and data to provide patient treatment, is quickly
gaining momentum within the country and the rest of the ASEAN region.
With the increasing popularity of smartphones, wireless tools, and other comparable
technology. primary care and specialist referral services, as well as remote patient monitoring
and patient medical health information, are undeniably improved with the help of telemedicine.
Thailand, Singapore, and Malaysia have started adopting health care IT solutions to bring the
sector to the next level. In 2009, Singapore developed its National Electronic Health Record
initiative, which permitted health care practitioners in the country to access patient's records
across the health care continuum. Malaysia initiated a Hospital Implementation System in 1993,
with its first telemedicine project in 1996, and Thailand created its National Health Information
Committee in 2010.
Likewise, the Philippines has developed an e-Health Strategic Framework and Plan for 2014
to 2020, whose objective is to utilize information and communication technologies in the health
sector. This will assist in the delivery of health services and manage health systems for greater
efficacy, with the ultimate goal of providing universal health care for the Filipinos. One of the
strategic goals of this framework is to establish unified and coherent health and management
information systems, to take advantage of ICT to reach and provide better health services, and
support the attainment of the UN's Sustainable Development Goals. In line with this, the
Department of Health (DOH) in Region IV-B has launched the first interactive telemedicine
system in Marinduque, and seemingly the entire country, at the Dr. Damian J. Reyes Provincial
Hospital. The system currently provides medical consultations and diagnostics through video
calls (De Dios, 2016).

Telemedicine in the Philippines

For an archipelago such as the Philippines, the delivery of health care services might be
proven to be challenging Fortunately, the rise of telemedicine within the region has been a
beneficial turn of events for the Philippine health care sector.
 Multiple players in the telemedicine scene currently exist, ranging from mobile apps to
call center services. Some providers of over-the-phone telemedicine services are Medgate and
Lifeline. Common features include 24/7 call centers, diagnosis using images sent via email,
medical certificates, and treatment plan summaries. Telemedicine centers usually have a
corresponding mobile app to facilitate easier access Unique Lifeline, however, is video
consultation with doctors, patient education, free doctor or nurse home visits, and delivery of
medication and prescriptions in exchange for a fixed monthly subscription fee
Mobile app-based telemedicine centers, on the other hand, include MyPocketDoctor
and MyDocNow. These providers are usually in partnership with other international
telemedicine centers. Medway Healthcare Inc. offers the most comprehensive telemedicine
services by using telefollow-up and teleconsultation procedures. These applications are
accessible online. It is the first medical clinic in the Philippines which mobilized the pre-
employment medical examination (PEME).
Telefollow-up is a specialized application which notifies patients of the medical
evaluations results via text messages. Patients will know the status if they are fit to work or still
have pending workups within 24 hours of PEME. On the other hand, follow-up teleconsultation
takes care of the online communication between the patient and the physician regarding the
follow-up of medical results when the patient is unavailable to get the results personally. The
physician gives the necessary advice and schedules the follow-up visit.
The specialist teleconsultation is also available which gives way to consultation despite
distance barrier. This application enables real-time consultation with a physician with the
assistance of a nurse and utilization of the appropriate telemedicine equipment. If the specialist
needs to listen to the patient's breathing, the nurse would place the telephonic stethoscope on
the appropriate areas of the patient's body and the sound would then be transmitted back to the
specialist. The equipment uses high-definition cameras to focus on lesions or specific body
parts. As for the test results, they are transmitted by using a store-and-forward technology if
real time option is not available. (Medway Health Inc., 2012).
The government pioneered nationwide telemedicine efforts, through research and
service work of the National Telehealth Center (UP-NTHC) of the University of the Philippines
Manila and funding from the Commission on Information and Communications Technology
(CICT). It implemented the Buddyworks Telehealth project from 2004 to 2007. This uses web-
based and SMS-based telehealth platform. Subsequently, the Department of Health (DOH.
funding from 2011 to 2013) and Department of Science and Technology (DOST, 2007 to
present) supported the UP-NTHCS continuing telehealth program expanding its geographic
scope and telehealth innovations. From an initial 10 isolated and disadvantaged sites, it grew
to link over a thousand young doctors with clinical specialists based in the UP-Philippine
General Hospital and regional hospitals of the Cordillera Administrative Region and Eastern
Visayas to support them in their clinical decision making. Other DOH regional hospitals are
being prepared by the UP-NTHC to become telehealth hubs in the locale.
The RxBox diagnostic telemedicine device was incorporated in the government
telehealth program through DOST's support. The first version was developed in 2007 by Dr.
Alvin Marcelo and De Luis Sison of UP-NTHC and UP Engineering in Diliman, respectively. The
RxBox device included sensors that can measure blood pressure, pulse rate, temperature, and
even an electrocardiogram. Dr. Marcelo, a trauma surgeon, envisioned that the RxBox would
be used in ambulances transmitting a patient's clinical parameters via telehealth to prepare
better the emergency room clinicians to receive these critical patients Dr. Sison continued to
develop the second version beginning 2012, this time with Dr. Portia Fernandes Marcelo". They
added sensors that will detect fetal heart beats and the pregnant woman's uterine contractions,
and envisioned its use in rural health units. The objective was to equip these rural centers with
lifesaving diagnostic tools and better manage health information. Clinical data gathered by the
RxBox is exchanged with the community health information tracking system (CHITS) electronic
medical records system; in the event of clinical dilemma, data can be pulled from CHITS and
transmitted to specialists for teleconsultation. In the latter part of 2018, the seamlessly linked
systems of RxBox, CHITS, and telehealth will be implemented in 1,000 rural municipalities and
with medical specialists in all regions nationwide.
Director, UP-NTHC (2011-2017)

Key Points to Remember

✓ Change is inevitable and pervasive. Organizations are driven to change in order to respond
to the many pressures they encounter from their environment. These pressures include
global competition. changes in customer demand, technological advances, and new
legislation.
✓ Change management is a series of tools, techniques, and processes aimed at successfully
effecting change.
✓ Health information management (HIM) professionals, credentialed with their academic
preparations. work experiences, and commitment to patient advocacy and professional code
of ethics, have a specialized skillset that uniquely qualifies them to assume the role of both
privacy officials and/or security officials who store, protect, and transmit information in all
media and formats.
✓ One of the strategic goals of the e-Health Strategic Framework and Plan for 2014-2020 is
to establish unified and coherent health and management information systems to take
advantage of ICT to reach and provide better health services, and support the attainment of
the UN's Sustainable Development Goals
✓ Telemedicine efforts from the government and other non-profit organizations have also
ensued. The National Telehealth Center is the leading research unit in the University of the
Philippines responsible for developing cost effective tools and innovations in the realm of
information and communications technology (ICT) for improving health care.