Health Informatics & Legal Issues

8/10/2019 Health Informatics & Legal Issues

1/59

Health Informatics &Legal Issues

26 March 2014NDU

Dr. Mona Al-Achkar Jabbour

[email protected] of Law

President of the Lebanese Information Technology Association(LITA)

Member Founder of the Pan arab Observatory for Cyber Security
mailto:[email protected]:[email protected]


2/59

Thank you


3/59

Added value

For:

citizens

governments

business sctor

Online prescribing, information patients portals

interactive communication

Extended service times

Decision support systems

Order clinicians entry online training

Clinical databases

communication

Workflow planning systems

budgetary systems


4/59

Directory of eHealth policies

In September 2010 Ban Ki Moon, launched the Global Strategyfor Womens and Childrens Health, with the aim of saving thelives of 16 million mothers and children worldwide by 2015 in 75target countries, including the worlds 49 poorest nations.

CoIAsrecommendations to improve accountability andtransparency emphasize the essential role of information andcommunication technologies (ICT) in achieving the goals set outby the Global Strategy.

by 2015, all target countries should have integrated the use ofICT in their national health information systems and health

infrastructure.


5/59

"Medical Informatics

"Medical Informatics studies:

the organization of medical information

the effective management of informationusing computer technology

and the impact of such technology on

medical research, education, and patientcare.


6/59

assessing current informationpractices,

determining the information needs ofhealth care providers and patients,

developing interventions usingcomputer technology,

and evaluating the impact of thoseinterventions.

The fieldexplorestechniques

for:


7/59

Objectives

optimize the use of information inorder to improve:

the quality of health care, reduce cost,

provide better education forproviders and patients,

and to conduct medical researchmore effectively."

Thisresearch

seeks to:


8/59


9/59

health information technology

medical practice

medical research

This area ofstudy supports:

systems such as electronic healthrecords (EHR)

electronic medical records (EMR)

health information exchange standards

medical terminologies

Clinical Terms and portable medical devices for the

collection of data.

It involves:
http://searchhealthit.techtarget.com/definition/Health-IT-information-technologyhttp://whatis.techtarget.com/definition/electronic-health-record-EHRhttp://whatis.techtarget.com/definition/electronic-health-record-EHRhttp://searchhealthit.techtarget.com/definition/Health-IT-information-technology


10/59

health informatics

The first use in the 1950s with dental data collected by theNational Bureau of Standards, now known as the National Instituteof Standards and Technology (NIST).

Accelerated usage with development of the MassachusettsGeneral Hospital Utility Multi-Programming System (MUMPS),which provided a standard programming language for clinicalapplications.

Today,International Medical Informatics Association (IMIA)oversees member organizations involved in health informaticsworldwide.
http://searchsoftwarequality.techtarget.com/definition/NISThttp://whatis.techtarget.com/definition/Mhttp://whatis.techtarget.com/definition/Mhttp://searchsoftwarequality.techtarget.com/definition/NIST


11/59


12/59

Scope - 1

It deals with:

- the resources

-devices

- required methods to optimize:

- the acquisition, storage, retrieval, and use

of information in health and biomedicine.


13/59

Scope -2

Health informatics tools:

Computers clinical guidelines

formal medical terminologies

information and communication systems
http://en.wikipedia.org/wiki/Medical_guidelinehttp://en.wikipedia.org/wiki/Medical_guidelinehttp://en.wikipedia.org/wiki/Medical_guidelinehttp://en.wikipedia.org/wiki/Medical_guideline


14/59

Scope -3

nursing

clinical care

dentistry

pharmacy

public health

occupational therapy

physical therapy

(bio)medical research

alternative medicine

It is

appliedto the

areasof:
http://en.wikipedia.org/wiki/Nursinghttp://en.wikipedia.org/wiki/Clinical_medicinehttp://en.wikipedia.org/wiki/Dentistryhttp://en.wikipedia.org/wiki/Pharmacyhttp://en.wikipedia.org/wiki/Public_healthhttp://en.wikipedia.org/wiki/Occupational_therapyhttp://en.wikipedia.org/wiki/Physical_therapyhttp://en.wikipedia.org/wiki/Biomedical_researchhttp://en.wikipedia.org/wiki/Medical_researchhttp://en.wikipedia.org/wiki/Alternative_medicinehttp://en.wikipedia.org/wiki/Alternative_medicinehttp://en.wikipedia.org/wiki/Medical_researchhttp://en.wikipedia.org/wiki/Biomedical_researchhttp://en.wikipedia.org/wiki/Physical_therapyhttp://en.wikipedia.org/wiki/Occupational_therapyhttp://en.wikipedia.org/wiki/Public_healthhttp://en.wikipedia.org/wiki/Pharmacyhttp://en.wikipedia.org/wiki/Dentistryhttp://en.wikipedia.org/wiki/Clinical_medicinehttp://en.wikipedia.org/wiki/Nursing


15/59

The term "medical informatics", refered to the processing of medical data bycomputers.

the importance of "information processing" wrapidly superseded by that of"information communication

Health applications then became known as "health telematics" or"telemedicine", and now "e health".

the value of these applications lies not in the technology itself or even in theexchange of data but in the ability to develop human networks of competenceand expertise in the field of health.


16/59

Tele-health

surveillance, healthpromotion and publichealth functions. It is

broader in definitionthan tele-medicine asit includes computer-assistedtelecommunicationsto support

management,surveillance, literatureand access to medicalknowledge.

Tele-medicine

is the use oftelecommunicationsto diagnose and treat

disease and ill-health.

Telematics for health

is a WHO compositeterm for both tele-medicine and tele-

health, or any health-related activitiescarried out overdistance by means ofinformationcommunication

technologies.


17/59

Nursing Informatics

Planning care Delivering careNursing

informaticsrefers to:

informaticswithin all areas of

nursing practice

informaticsdesigned for and

relevant tonurses

informationmanagement,

knowledge fromsciences otherthan nursing


18/59

E-health

Barely in use before 1999

Actually, this term now seems to serve as a general"buzzword"

It characterizes everything related to computers andmedicine.

The term was apparently first used by industry leadersand marketing people rather than academics.


19/59

e-health in the academic environment

the term has already entered

the scientific literature (today,76 Medline-indexed articlescontain the term "e-health" inthe title or abstract).


20/59

E-health :More than a technological developement

"stamping a definition onsomething like e-health is

somewhat like stamping adefinition on 'the Internet': It isdefined how it is used - thedefinition cannot be pinned

down, as it is a dynamicenvironment, constantly

moving."


21/59

E-health by the academics

e-health is:

an emerging field in the intersection of medical informatics, publichealth and business,

referring to health services and information delivered or enhancedthrough the Internet and related technologies.

It characterizes:

a technical development

a state-of-mind a way of thinking

an attitude

a commitment for networked, global thinking, to improve health carelocally, regionally, and worldwide by using information and

communication technology.


22/59


23/59

Defining E- Health

- public healthwhich is the responsibility of States (preventingand responding to disease in populations)and healthcare-which is the responsibility of professional and hospitals towardindividual patients and the treatment of disease.

- products, such as instruments to ensure the constantmonitoring of blood pressure in ambulatory patients,

- systems, such as computer-assisted surgery systems, andservices, such as:

- operating surgical and intensive care units, with interconnectedinstruments and surveillance services ensuring continuouspatient monitoring;

- computer-assisted prescription services, where the softwarechecks for incompatible drugs, contraindications and dosagelevels;

- information services for patients and consumers, includingindividual electronic health records.

The

scope ofe-health

extremelygeneric :


24/59

10 e's in "e-health"

Efficiency

Enhancing quality

Encouragement

Education

Enabling

Extending

Ethics Evidence based

Empowerment

Equity


25/59

The goals

increasing efficiency in health care

Improving quality of care

increasing commitment to evidence-based medicine

empowering patients and consumers

developing new relationships between patients and health professionals


26/59

Some applications

system making patient information accessible for allhealthcare units at a district, county, or even national level.

patient portal, a system for patient Internet access tomedical record.

use of Internet as a source of medical information, ameans for medical consultation and for marketing of drugs.


27/59


28/59

e-Business

includes onlineprocurement

processingbetween healthcare providersand suppliers,onlineelectronic

claimsprocessing,eligibilityauthorizationfrom insurancecompanies, and

consumerpurchase ofprescriptiondrugs andhealthinsurance.

Consumermarketing

includes theuse of Web sites

to showcaseorganizationalinformation toattract newpatients andprovide

wellnessinformation anddisease-specificinformation toexistingpatients.

Organizationalmanagement

includes patientaccess to

medicalinformation viaelectronichealth recordsallowing themto conduct risk

assessments oftheir ownhealth andinclude patient-physicianinteraction

using e-mail.

Clinical customerservices

includes patientaccess to

medicalinformation viaelectronichealth recordsallowing themto conduct risk

assessments oftheir ownhealth andinclude patient-physicianinteraction

using e-mail.


29/59

Going digital

- datasharing

- mail andelectronicmessagesarchiving

- accesslogs data

and audittrails

- tracingaccess and

time ofaccess


30/59

Implications in practice

The standards and regulations that have hitherto servedto protect individuals in such a vitally important area oflife can no longer be guaranteed when healthcare moves

into the public arena.

At a more local level, the introduction of computer-

mediated healthcare changes the processes andpractices of the care professionalsnot least in learningto operate and manage ICTs, individually and as part of ateam.


31/59

Multi-layers stakeholders

Patients:individuals, family,

carersManagement,

owners,shareholders

Health

professionals:doctors, nurses,

Governmentdepartments: local,

state, federal

professions allied tohealth:

Researchers,academics and

students Vendorsand consultants

Professional bodies:colleges and

Community andmedia associations

Staff and unions:scientific, technical,

administrative

Th i l i h fi ld


32/59

The main players in the field :

new players

Varieties of cultures, objectives and traditions

- United Nations agencies

- other international bodies dealing with health telecommunications and Trade

- Government authorities, health and telecommunication decision-makers at the

national and regional levels, as well as the regional bodies to which they belong - Academic and research institutions

- Local health professionals and their associations

- Consumers, patients and their associations

- The Donors

- Non-governmental organizations

- The private sector, including foundations and industries related to health and ICTs

- The media


33/59

Multidisciplinary

computer science

information science

medicine

law

philosophy

social sciences

El t i M di l R d d El t i H lth


34/59

Electronic Medical Records and Electronic Health

Records

Electronic Medical Records (EMR)

Contain the standardmedical and clinical data

gathered in one providersoffice.

Electronic health records (EHRs)

1- go beyond the data collected inthe providers office and include amore comprehensive patient history.

ex: EHRs are designed to contain and shareinformation from all providers involved in a

patients care.

2- EHR data can be created,managed, and consulted by

authorized providers and staff fromacross more than one health care

organization.

Unlike EMRs, EHRs also allow apatients health record to movewith themto other health careproviders, specialists, hospitals,nursing homes, and even across

states.


35/59

EMRlegal aspects

- legal document (but what about the Proof)

- the hospital owns the Record

- the patient owns the infos

- confidential


36/59

Legal Challenges

The critical, legal challenge for

MEdical informatics is how tomaximize the opportunities andbenefits afforded whilst minimizingthe risks and liabilities arising fromnew technology and practices.


37/59

Health information networks

Risks samples

Unethical practices due to unregulated IM&T use, e.g. Internet prescribing withoutconsultation

Privacy, confidentiality breaches due to poor security monitoring of data storage ortransmission

Privacy issues surrounding electronic health records

Incomplete data conversion from paper-based records

Medical errors due to failed or unavailable technology

Unethical use of healthcare information by insurance and other commercial companies


38/59

Main Legal issues in MI

Evolving and complex legal principles raised by the use of ICTsin health related fields

Main issues:

- privacy, security, operational, Ethical, consumerprotection, unethical use, equity


39/59

What is Medical Data?

Personal data

Sensitive Data

Technical and legal Protection

Norms & Standards

Private Application


40/59

Sensitive data

Personal health data: Sensitive patient

health data can include insurance-

related data, actual medical information,and personal data about patients, suchas social security numbers, addresses,and other sensitive information, whichshould not be publicly available.


41/59

Risks

- The storing and exchange of medical images is crucial to providing a knowledge base forpractitioners, and clearly it is also crucial that the images from which judgments are made arereliable.Reliability

Data Leakage

The movement of a data asset from an intended state to an unintended, inappropriate, or

unauthorized state, representing a risk or a potentially negative impact to the company.Locate all sensitive information

A key challenge is being able to accurately identify relevant data at all key locations (storeddata, laptops, network, message server).

Control and protect all sensitive information

There are many ways to misuse and lose sensitive data. Hospitals/physicians and companiesmust control and protect sensitive data in order to meet legal, regulatory and company policycompliance obligations.

Data Loss


42/59

Obligations & Liabilities

medical, employer ID, mothers maiden name, signature or biometric data

reasonable security measures

Encrypted data

secure destruction

businesses may not transfer covered data without encryption unlessinternally or by fax

credit card companies

Variations:

several legislations

may hold liability forcosts associated withbreaches of pd data


43/59

Increasing risks

According to a 2012

Department of HomelandSecurity bulletin, attacks againsthealthcare organizations are

expected to increase.


44/59


45/59

Contractual Agreements

Data Management with Third Parties

Data transfer across geographic borders

Vendors or Partners may expose sensitive data to their

third parties agents and contractors Granting vendors access to a hospital/ Companys

sensitive data and processing environments

Existing contracts may contain risk data leakage andmisuse by third parties

Inconsistent implementation of privacy practices

among independent organizations Who has responsibility and associated liability for data

protection?

Contract language and internal auditing of thosecontracts

Data protectionthrough contractswith outsourcing,

marketingagreements, and

vendorrelationships that

involve datatransfer acrossorganizational,

geographic, and

system boundaries


46/59

Nursing informatics Legal issues

Two areas of the lawthat most involve

healthcare leadersand managers are :

employmentlaw

mal practice


47/59

Cyber Security: Must for E-health

As healthcare moves from prescription pads to iPads

new digital landscape requires a cyber security partnerto guard against the bugs, viruses and bad actors

Ponemon Institute estimated the cost of MedicalIdentity Theft to consumers at $12 billion for 2013


48/59

Health cyber Threats

15% of respondents experienced a misdiagnosis

13% of respondents experienced a mistreatment

14% of respondents experienced a delay in treatment

11% of respondents were prescribed the wrong pharmaceutical

50% of respondents have done nothing to resolve the incident


49/59

issues of cyber security: Crimes and assaults

Cyber crime

online fraud

identity theft,

child pornography

intellectual property

Money laundering

Cyber Terrorism

Spamming, phishing, spyware, malware.

Mi i i i Ri k


50/59

Minimizing Risks

Openly discuss with their medical liabilitycarriers the advantages and pitfalls in using ICTs

Reach out to professionals within their

organizations, networks, or communities forsupport in

Ensure that their systems meet their legal,business, and records management needs

Ask in-depth questions of potential vendors to

ensure that their products address medico-legalissues

demand the functionality that supports boththeir clinical and business needs.

With thechanging

legallandscapeand the areasof potential

risk,physicians

can :


51/59

Lebanon


52/59

Lebanon

We are on the net!

The citizen at the heart of theGovernment concern!?

What about the Legal Frame work?


53/59

HIPPA and HITECH in the USA setnational standard for the privacy

Convention on PDP in Europe Varieties of legislations in Europe

Observation of technical standards ofsecure data communication, or to

provisions ensuring high quality ofhandling, collecting, storing,transmitting and manipulating, etc. ofhealth care data

Protectionlegal

framework

Administrative, legislative and regulatory


54/59


frameworks

Appropriate administrative, legislative and regulatoryframeworks are essential to the implementation of anational or regional e-health project.

This wide-ranging subject has a bearing on the

fundamental rights of the citizen, e-commerce, healthand a large number of international regulationsgoverning the technical and economic spheres.



55/59


frameworks

On the general level

- rules governing security

- respect for human rights

- protection of the citizen

- protection of personal data

- intellectual property

- regulations on the legal status of electronic documents and signatures

- instruments relating to the implementation of directives and

international standards, particularly in the field of security and dataconfidentiality and e-commerce

- rules on environmental protection and waste management and onequal opportunities for citizens.



56/59


frameworks

On the technical level, this includes:

- liberalization of the telecommunication sector

- absence of monopoly in this sphere

- transparent bidding procedures

- reasonable taxation policy

- independent arbitration and regulation systems for telecommunications - respect for international norms and standards, and related regulations.

On the medical level, this includes:

- codes of ethics for health professionals

- protocols for the certification and type approval of medical equipment

- rules for the protection of health professionals in the exercise of their duties (radiologicalprotection, contamination, etc.)

- rules governing hygiene and safety in regard to hospital wastes

- sound rules governing the production, distribution and management of medicines

- rules governing the status of medical records.



57/59


frameworks

- basic legislative and legal documents

- supervising by administrative machinery

- Regional cooperation

- The exchange of medical records can legitimately take place where a similarlevel of personal data protection prevails in each of the countries

- conducting clinical trials

- Regional cooperation can be facilitated by partnerships with international

bodies to guarantee codes of good conduct and credibility


58/59

Protection of electronic patienthealthcare data and informationFOCUS

Global All industriesSCOPE

Civil and criminal for exposureof data or fraudulent behaviorPENALTIES


59/59

Thanks for yourquestions

Documents

Health Informatics & Legal Issues