Ajit Appari

Information security and privacy in healthcare: current state of research

Information security and privacy in the healthcare sector is an issue of growing importance. The adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. We critically survey the literature on information security and privacy in healthcare, published in information systems journals as well as many other related disciplines including health informatics, public health, law, medicine, the trade press and industry reports. In this paper, we provide a holistic view of the recent research and suggest new areas of interest to the information systems community.

Medication administration quality and health information technology: a national study of US hospitals

OBJECTIVE To determine whether the use of computerized physician order entry (CPOE) and electronic medication administration records (eMAR) is associated with better quality of medication administration at medium-to-large acute-care hospitals. DATA/STUDY SETTING: A retrospective cross-sectional analysis of data from three sources: CPOE/eMAR usage from HIMSS Analytics (2010), medication quality scores from CMS Hospital Compare (2010), and hospital characteristics from CMS Acute Inpatient Prospective Payment System (2009). The analysis focused on 11 quality indicators (January-December 2009) at 2603 medium-to-large (≥ 100 beds), non-federal acute-care hospitals measuring proportion of eligible patients given (or prescribed) recommended medications for conditions, including acute myocardial infarction, heart failure, and pneumonia, and surgical care improvement. Using technology adoption by 2008 as reference, hospitals were coded: (1) eMAR-only adopters (n=986); (2) CPOE-only adopters (n=115); and (3) adopters of both technologies (n=804); with non-adopters of both technologies as reference group (n=698). Hospitals were also coded for duration of use in 2-year increments since technology adoption. Hospital characteristics, historical measure-specific patient volume, and propensity scores for technology adoption were used to control for confounding factors. The analysis was performed using a generalized linear model (logit link and binomial family). PRINCIPAL FINDINGS Relative to non-adopters of both eMAR and CPOE, the odds of adherence to all measures (except one) were higher by 14-29% for eMAR-only hospitals and by 13-38% for hospitals with both technologies, translating to a marginal increase of 0.4-2.0 percentage points. Further, each additional 2 years of technology use was associated with 6-15% higher odds of compliance on all medication measures for eMAR-only hospitals and users of both technologies. CONCLUSIONS Implementation and duration of use of health information technologies are associated with improved adherence to medication guidelines at US hospitals. The benefits are evident for adoption of eMAR systems alone and in combination with CPOE.

Institutionalizing HIPAA Compliance Organizations and Competing Logics in U.S. Health Care

Health care in the United States is highly regulated, yet compliance with regulations is variable. For example, compliance with two rules for securing electronic health information in the 1996 Health Insurance Portability and Accountability Act took longer than expected and was highly uneven across U.S. hospitals. We analyzed 3,321 medium and large hospitals using data from the 2003 Health Information and Management Systems Society Analytics Database. We find that organizational strategies and institutional environments influence hospital compliance, and further that institutional logics moderate the effect of some strategies, indicating the interplay of regulation, institutions, and organizations that contribute to the extensive variation that characterizes the U.S. health care system. Understanding whether and how health care organizations like hospitals respond to new regulation has important implications both for creating desired health care reform and for medical sociologists interested in the changing organizational structure of health care.

HIPAA compliance in home health: a neo-institutional theoretic perspective

As the baby boomers age and the focus of healthcare shifts from acute care to chronic care, home healthcare will become increasingly important in controlling cost and improving quality. Health IT will undoubtedly play critical role toward these goals. Yet, growing adoption of Health IT raises important questions related to privacy and security of protected health information, necessitating a better understanding of compliance to HIPAA regulation, which mandates privacy and security safeguards by care providers. In this research we investigate the prevalence of HIPAA compliance in home healthcare to identify drivers influencing HIPAA compliance in home health agencies. The research design involves a model of regulatory compliance comprising institutional and market forces that may have a bearing on home healthcare. We develop hypotheses guided by neo-institutional theory, and conduct quantitative analysis with the goal of generating insights on the primary drivers and barriers of HIPAA compliance.

IN-HOSPITAL USE OF POTENTIALLY HARMFUL DRUGS IN HEART FAILURE: IMPACT ON LENGTH OF STAY AND MORTALITY

To evaluate prevalence of in-hospital use of potentially harmful drugs (PHD) in heart failure (HF) patients and analyze their impact on length of stay and in-hospital mortality. The University HealthSystem Consortium Database was queried for admissions with the primary diagnosis of HF during 2011-