The protocol defines the processes and rules that devices will follow to communicate with each other.
This model was created by the International Organization for Standardization. It is a seven-layer model that describes the processes that should take place for communication to occur between two devices on a network.
Application, Presentation, Session, Transport, Network, Data Link, Physical
is the OSI layer closest to the end user. HTTP (hypertext transfer protocol) is the protocol that works at this layer.
Tis layer prepares data to be passed to the next layer. It is at this layer that data encryption and compression takes place.
This Layer establishes, maintains, and ends the connection between the end points. It is responsible for establishing connections between two devices. This may involve authentication.
This Layer makes sure that data is received correctly at the destination. If it is not received re-sends data.
This layer uses network addresses (an example is IP addresses) to move packets across a network from source to destination.
Data Link Layer
This layer uses physical (or Media Access Control (MAC) addresses) to move data across the network.
This layer transforms bits into signals (either electrical or optical) that are then sent across the network media (wired or wireless).
TCP/IP Model Layers
Network Access, Internertwork, Transport, Application
Protocol Data Units (PDUs)
Data, Segments, Packets, Frames, Bits
___ is the protocol that is used by the majority of networks today. Actually a suite of protocols.
IP Address Class A
IP Address Class B
IP Address Class C
IP Address Class D
The movement of data from one router to another.
Routers operate at the Network layer of the OSI Model. Routers are multiport connectivity devices that connect different networks (LANs, WANs, different transmission speeds, media, and protocols) to each other. They move packets from one network to another (routes packets).
Transmission of data in one direction.
Signals may travel in both directions, but only in one direction at a time.
Signals travel in both directions at the same time.
Is theoretically the maximum amount of data that a particular media can carry.
Is the actual amount of data that is being transmitted on the media at a given period of time.
A signal loses strength as it travels awayfrom the source.
Any device on the network that has an address and can send or receive data.
A delay between the transmission of a signal and its receipt.
Interconnectivity devices include hubs, switchers, routers, and wireless access points.
Network interface cards (NICs) connect the devices to the media.
Most networks use twisted wire cables. 2 types of twisted-pair (TP): unshielded twisted-pair (UTP) and shielded twisted-pair (STP). Both contain color-coded pairs of insulated copper wires twisted around each other and encased in a plastic coating. There are typically 8 wires twisted into 4 pairs and all 4 pairs are twisted around each other.
A device used to connect a computer or router to a telephone circuit that has DSL service configured. DSL is provided by your local phone company.
Healthcare Information Technology Policy Council (HITPC).
This committee identifies and recommends policy to achieve the goals of interoperability for healthcare delivery across the US. It was responsible for creating the draft requirements for Meaningful Use.
Healthcare Information Technology Standards Committee (HITSC)
This committee identifies and recommends standards to achieve the goals of interoperability for healthcare delivery across the US.
de facto standards.
A large organization with a lot of power in the market can create standards that the community will follow because of the market value.
ad hoc standards
Standards created by a group of (usually) vendors who get together and create a standard.
Standards Developing Organization (SDO
We refer to a group that creates standards as_____.
Archetypes are data structures such as the components that are part of a blood pressure measurement.
is the ability to share data whose meaning is unambiguously clear and precise, its context understood, and it can be used for any purpose.
is a set of words used to express a concept or thought. It means that some organization has placed some constraints and organization on the set of words and managed content. Ex: LOINC
is considered by most to be a synonym of vocabulary. It is a system of specialized terms and a symbolic representation of conceptual information.
refers to a system of names or terms used in a particular science or art. It is a consistent, systematic method of naming to denote classifications and avoid ambiguities. Ex: SNOMED
is a grouping of objects into a class or classes according to some common relations or attributes. Ex: ICD-9
is the practice and science of classification. Taxonomies are typically arranged in a hierarchical structure and exhibit parent-child relationships.
ICD-9 and ICD-10
ICD is the most commonly use controlled terminology, world-wide, and it is used mostly for diagnoses. Centers for Medicare and Medicaid (CMS) requires its use for claims. Sponsored by the WHO.
a term can have more than one parent.
used to index medical literature by the NLM.
Current Procedural Terminology (CPT)
CPT codes are used to define, for purposes of billing, the nature of the visit - initial, routine, complicated - and the extent of activity by the provider. By the AMA.
Diagnosis Related Groups (DRG)
Codes are used to group hospital cases into approximately 500 diagnosis-related groups. Each group includes diagnoses, procedures and other factors (age, severity, complications, co-morbidities). These codes are grouped based on the expectation that a group of items would use similar hospital resources.
are used by the FDA. It is a list of all drugs manufactured for commercial distribution.
is produced by the NLM and is included in the Unified Medical Language System. It provides normalized names for clinical drugs
provides high quality information about marketed drugs. This information includes FDA labels (package inserts). Database of info for patients.
is used in the US primarily for the name of laboratory tests. Its use in the US is quite wide-spread. It is available without charge.
is considered to be possibly the most comprehensive, multilingual clinical healthcare terminology in the world. By IHTSDO .No charge in US.
It is the most comprehensive vocabulary for signs and symptoms.
Medical Subject Headings (MeSH)
is used by the NLM to index the medical literature.
Unified Medical Language System
is a compendium of many controlled vocabularies in biomedicine and health. It is designed and maintained by the NLM.
Specification and Standardization of data elements.
Cancer Data Standard Repository (caDSR)
NCI National Cancer Institute data element repository.
Clinical Data Interchange Standards Consortium (CDISC)
These data elements are defined for the research community.
Compound Data Element
Is a structure that includes other data elements. The attributes are similar to those for simple data elements.
Complex Data Element
Complex data elements may include description logic and mathematical calculations. Complex data elements may include calculations, logic statements, or actions. They may invoke an action.
Clinical Document Architecture (CDA)
An HL7 template using XML. The CDA is a document markup standard that specifies the structure and semantics of clinical documents. The CDA specification is richly expressive and flexible. CDA uses XML as the markup language. It is based on the HL7 Reference Information Model. The major components of the CDA are a Header and a Body. Used to exchange data in a document form.
Health Level Seven (HL7) Messaging Standard
The most commonly-used data interchange or messaging standard used in the US. The popularity of v2.n is that it is easy to use and understand, and easy to implement.
Continuity of Care Document (CCD)
A constrained version of the CDA, defined to accommodate the exchange of summary clinical data is the CCD--basically an implementation manual based on the CDA.
Continuity of Care Record (CCR)
ASTM has produced a similar standard called the Continuity of Care Record, which can also be used to exchange a patient summary record. The contents of the CCD and the CCR are similar, and both use XML syntax.
Exchange of images
produces a family of standards to support the claims/reimbursement data exchange.
has a set of standards that support the exchange of prescription data for ePrescribing, ANSI accredited. Required by HIPAA for MU.
When and what data is exchanged is defined by a trigger event -- such as patient admission, patient discharge, patient transfer, lab test order, lab result reporting, etc.
Medical device standards
Claims and reimbursement, required by HIPAA & MU.
HL7 Reference Information Model (RIM)
At the basic level, the RIM defines Entities and Acts, and includes the Role of the Entity, the Participation of the Entity with the Act, and the Act Relationship.
HL7 Model Repository
A database holding the core of the HL7 semantic specifications.
Based on object information model, called RIM
is used to exchange prescription information between physician/prescriber and the pharmacy.
UNIT 6 EHR_ Functional Model
Electronic Medical Record
A longitudinal record, birth to death. Also called: Automated Medical Record, Computerized Medical Record, Electronic Medical Record
A principal repository for data concerning a patient's health care that affects virtually everyone associated with providing, receiving, auditing, regulating or reimbursing health care services.
The IOM definition defines a computer-based patient record as an electronic patient record that resides in a system specifically designed to support users by providing accessibility to complete and accurate data, alerts, reminders, clinical decision support systems, links to medical knowledge, and other aids.
ISO TR 20514
Provides some simple concepts about what an EHR might be. ISO TR 20514 is a technical report published in 2007. It is very general, simply defined, and its purpose is only to provide information about the EHR. (TR is informational not a standard)
ISO TS 18308
Defines the Requirements for an Electronic Health Record Reference Architecture, and provides some suggestions for an EHR architecture that would support interoperability and data sharing. (A Technical Specification) Does not define functional requirements. A technical specification is somewhere between an information document and a standard.
ISO IS 13606
addresses multiple aspects of an EHR_
Goals of 13606
1) Define architecture for communicating the EHR_ 2) Preserve clinical meaning 3) Confidentiality of data
ASTM Standard (E 1769)
Defines Functions, reminders & alerts, authorized use of EHR_, protection of data (most valuable of ASTM standards)
The EHR generally refers to just the storage of the data and maybe a few related functions associated with collecting and presenting the data. The EHR system expands to include all functions related to the EHR. These functions will be such things as billing and claims support, decision support, various reporting functions, queries, etc. These functionalities provide the value behind an EHR.
HL7 EHR-S FM
This standard evolved into a normative standard and was approved by ANSI in 2007. Work continues on this standard, and release two of the standard has been published. This standard was also recently approved as an ISO standard. (FM=functional model) Used for certification
HL7 EHR-S FM Sections
The standard is divided into three sections: Direct care, support, and information infrastructure.
Direct Care Section
Care management, CDS, operations management & communications (Direct care includes the day to day direct delivery of care to patients in various settings)
Clinical support, administrative & financial processes
Security, Privacy, safety, as well as operational efficiencies and minimum standards for interoperability.
Functional profiles identify a set of functionalities to enable an EHR in a specific setting. The profiles currently registered with HL7 include: Behavioral health, child health, long term care, legal EHR, regulated clinical research (Clinical Trials), vital statistics reporting, and the list is growing rapidly.
HL7 Personal Health Record Functional Model
Specifically, the HL7 Personal Health Record Functional Model does not define PHR but does assume certain characteristics. The PHR-FM assumes a "pull-push" or "push-pull" model. It assumes many sources of data, and it assumes control by an individual, usually to the person whose data is included in the PHR.
There are currently five models or approaches to the PHR. 1) Provider-based- provider portal 2) Health record bank- maintained by a trust 3) Payer-based- primarily claims data 4) Free standing- web based, purchased and maintained by patient 5) Employer-based.
Provider Based Model
The Provider-Linked model largely means that the a healthcare organization designs a portal by which a patient can see their clinical, administrative and financial data, which is clinician-controlled, and is derived from the institutional EHR.
Released 2008. The functional outline for the PHR is divided into three sections, similar to the EHR-FM. These sections are: Personal Health, Supportive, and Information Infrastructure. A core set of functions is identified in each.
Certification of EHR's
Certification is to provide confidence that electronic health information technology products and systems are secure; can maintain data confidentiality; can work with other systems to share information; and can perform a set of well-defined functions. Certification is designed to assure health care providers that the EHR technology that they acquire can perform the functions they need to participate in the Medicare and Medicaid EHR incentive program.
Certification Commission for Healthcare Information Technology (CCHIT)
CCHIT is authorized to offer certification for complete EHRs that meet Stage 1 Meaningful Use requirements.
Clinical Decision Support (CDS)
Applies knowledge to data to provide information to the user. CDC further provides concise, accurate, and unambiguous factual information (accepted, scientific knowledge or consensus expert opinions) and advice containing evidence and recommendations and address information needs at the point and time of decision-making.
Clinical Decision Support Systems
Triggers associated with specific data elements interact with the CDS service component, passing the required and specified data elements. This process is a pull, where the functionality of CDSS is invoked by the application. The CDSS module does its work, then pushes the response back into the clinical application.
Clinical practice guidelines
Serve to reduce inappropriate variations in practice, to improve patient safety, to improve health care, and to reduce costs. Guidelines capture the experience of experts and bring equality to patient care.
A "rules syntax" specification that allows rules to be individually published independently of a computer system and subsequently imported into computer systems for healthcare use.
HL7 has contributed Arden Syntax, GELLO, GLIF, and Infobuttons to the CDS standards.
Medical Logic Module (MLM)
Is simply a text document identifying appropriate data elements engaged in the logic, the logic expressions, and the actions to be taken during a given event.
an object-oriented expression language for clinical decision support.
National Guideline Clearing House
Sponsored by AHRQ, makes available a number of guidelines to providers at no cost.
Guideline Interchange Format (GLIF)
HL7 -- GLIF is a format for sharing clinical guidelines independent of platforms and systems. It is based on an object-oriented logical model of concepts, and uses XML syntax. It is an executable model.
Guideline Elements Model (GEM)
Contributed by ASTM. It uses a hierarchical data structure to organize the heterogeneous information contained in practice guidelines and uses an XML editor designed specifically for guideline markup.
Is a key standard, it provides context-sensitive links to information that can be seamlessly built into the clinical information system.
Computer Physician Order Entry systems (CPOE)
CPOE goals are appropriate testing, patient safety, higher quality of care and reducing cost.
Are popular ways of using statistics and probabilities to guide decision making. The first step is to define the problem in concept and scope.
Traditional conceptualizations based on research utilization, clinical trials-based, and clinical practice guidelines. It is the application of domain knowledge to patient care evidenced as a continuum.
Structured Product Labeling (SPL) standard is the US HHS Directive which is to develop a standard for communicating the content of drug product labelling
Individual Case Safety Report (ICSR)
In the Domain of Public Health, The Individual Case Safety Report (ICSR) is important as this is the electronic form that is used to report adverse medication events.
Serves as the official source of approved labelling for prescribing physicians, patients and healthcare providers and is based on HL7 Clinical Document Architecture (CDA) and is computer readable.
Visual Integration Messages
Are an interoperability specification for visual integration of applications that allows users to experience an integrated computer-user session on the desktop. EX: CCOW
Clinical Context Object Workgroup (CCOW)
is an interoperability specification for visual integration of applications that allows users to experience an integrated computer-user session on the desktop. It enables disparate applications to synchronize in real-time at the user interface level. CCOW Provides two discrete functions: Facilitates a process called context management that links subjects to applications, and provides single sign on that enables secure access of disparate applications by a user.
The value of CCOW
1) connects and interfaces multiple disparate applications, such as, labs, meds, cardiology, scheduling, billing, etc. 2) provides easy access to data and tools for a family of users, including physicians, nurses, therapists, administrators, etc. 3) enables connectivity from kiosks as well as personal workstations located in hospitals, clinics, offices, homes, etc. In too many instances, the user has to log on separately to the individual systems and interact independently with each system. CCOW makes these disparate systems appear to be a single system.
Entity identification is a necessity if we are to share data and resources.
Master Patient Index (MPI)
Contains required data to identify and distinguish the patient across healthcare facilities and levels; includes some patient demographic data; may include multiple identifiers the patient is assigned across various facilities; and has a primary identifier. (A clinic may assign one number, the hospital another number, an employer another number, and the insurance plan another number. The MPI links all of these numbers together.)
Clinical Genomics Work Group
HL7 -- produces standards to enable the standard use of patient-related genetic data such as DNA sequence variations and gene expression levels for healthcare purposes ("personalized medicine') as well as for clinical trials and research.
Service Oriented Architecture (SOA)
(SOA) is a flexible set of design principles providing an automation of common services shared across a community. It ensures functional consistency across applications. It is an accepted industry best practice and has been required by the Office of the National Coordinator (ONC) for recent grants.
Extensible Markup Language (XML) is commonly used for interfacing with SOA services.
Web Services Description Language (WSDL) describes the services in SOA.
Simple Object Application Protocol (SOAP) describes the communication protocols in SOA.
In order to use SOA we must have interoperability between different systems as the basis for integration between applications on different platforms through a communication protocol like Transmission Control Protocol/Internet Protocol (TCP/IP). If a hospital or clinic changes from application vendor A to application vendor B, and if vendor B is able to interface with the SOA then we are able to make changes without affecting the entire system. You can use any Master Patient Index (MPI) without re-integrating. The data are independent. MPI is a database that maintains a unique index (or identifier) for every patient registered at a health care organization. You just link modules together.
The service contract includes the name of service, version, owner, responsibility assignment and type (i.e. presentation, process, business, data, integration). It defines the product you are building. The service contract also includes non-functional information like: security constraints, quality of service, & service operations.
EA View Points
Need to look at an EA from 5 viewpoints: 1) The enterprise view 2) The information view 3) computational view 4) The engineering view 5) The technology view
1) The enterprise view is the why.
2) The information view is the what.
3) How is covered in the computational view.
4) The engineering view covers the where.
5) The technology view covers what is required to support the system.
A common practice in healthcare, Ensures functional consistency across applications, Accepted industry best practice, Minimizes duplication across applications, provides reuse, Service-oriented architecture provides the framework for automation of common services.
Services-Aware Enterprise Architecture Framework (SAEAF).
HL7 created a framework for interoperability for EA. SAEAF has four defined areas: services, awareness, EA, and framework.
Healthcare Service Specification Project (HSSP)
is an effort between HL7 and Object Management Group (OMG) to create common "service interface specifications".
Information security is protecting information and information systems (including computers, computing devices and networks) from unauthorized access, unauthorized use, unauthorized alterations, unauthorized interruptions and devastation.
CIA of Security
Confidentiality, integrity and availability are commonly referred to as the CIA of security.
Making sure that only authorized individuals have access to information. Also making sure that individuals with that access keep the information private, and do not share with others.
Addresses the security and privacy of health data, and encourages the widespread use of electronic data interchange (EDI) in the U.S. health care system. HIPAA gives you rights over your health information, and sets rules and limits on who can look at, and receive, your health information.
Means that the data on a system is the same as the data from the original source. The data has not been altered or destroyed.
Is the process of taking data, referred to as plaintext, and applying an encryption algorithm, called cipher, to create ciphertext. This ciphertext is unreadable by anyone that intercepts the data as it is being transferred. In order to decrypt the data a receiver must have the same cipher and the key that was used to encrypt the data.
The key to encrypt is called the public key.
The receiver has the key that is used to decrypt the ciphertext.
Provides proof that a certain action has taken place, or that something/someone is what he claims to be.
Public Key Infrastructure (PKI)
The hardware, software, and procedures needed to manage certificates.
Used to verify the identity of the source. Certificates are used to bind a public key with a person or an organization.
HTTPS vs. HTTP
HTTPS uses SSL (Secure Socket Layer) which means that the information being transmitted between the website and the client's system is being encrypted.
Who, or what, is allowed access to a particular resource, and what level of access is allowed.
3 Steps Of Access Control
Access control involves three steps - identification, authentication, and authorization.
Process of allowing user to perform actions.
Discretionary Access Control
The owner of the objects decides who has access and what they can do.
Mandatory Access Control
An owner or administrator cannot decide who has what access. Access is controlled by a numeric access level.
Role Based Access Control
Access is based on the role a person plays in an organization.
Access Control List (ACL)
A list that is associated with a file, directory or object that lists who has access to it, and the type of access. ACLs are created by the owner of the object.
Virtual Private Network (VPN)
Use the internet to transmit data between sites. Data is encrypted.