Thomas Agresta

Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

In the next 10 years there will be rapid adoption of health information technology - electronic medical records by providers and personal health records by patients - linked via health information exchange. There is an emergent need to provide secure access to information spread across multiple repositories for health care providers (e.g., physicians, nurses, home health aides, etc.) who collaborate with one another across cyberspace to deliver patient care. Are available security models capable of supporting collaborative access where providers are simultaneously modifying a patients medical record? To address this question, this paper details collaborative security extensions to NIST RBAC.

Analysis of medication therapy discontinuation orders in new electronic prescriptions and opportunities for implementing CancelRx

Abstract Objective To illustrate the need for wider implementation of the CancelRx message by quantifying and characterizing the inappropriate usage of new electronic prescription (NewRx) messages for communicating discontinuation instructions to pharmacies. Materials and Methods A retrospective analysis on a nationally representative random sample of 1 400 000 NewRx messages transmitted over 7 days to identify e-prescriptions containing medication discontinuation instructions in NewRx text fields. A vocabulary of search terms signifying cancellation instructions was formulated and then iteratively refined. True-positives were subsequently identified programmatically and through manual reviews. Two independent reviewers identified incidences in which these instructions were associated with high-alert or look-alike-sound-like (LASA) medications. Results We identified 9735 (0.7% of the total) NewRx messages containing prescription cancellation instructions with 78.5% observed in the Notes field; 35.3% of identified NewRxs were associated with high-alert or LASA medications. The most prevalent cancellation instruction types were medication strength or dosage changes (39.3%) and alternative therapy replacement orders (39.0%). Discussion While the incidence of prescribers using the NewRx to transmit cancellation instructions was low, their transmission in NewRx fields not intended to accommodate such information can produce significant potential patient safety concerns, such as duplicate or inaccurate therapies. These findings reveal the need for wider industry adoption of the CancelRx message by electronic health record (EHR) and pharmacy systems, along with clearer guidance and improved end-user training, particularly as states increasingly mandate electronic prescribing of controlled substances. Conclusion Encouraging the use of CancelRx and reducing the misuse of NewRx fields would reduce workflow disruptions and unnecessary risks to patient safety.

An Architectural Solution for Health Information Exchange

Health information technology HIT systems including electronic health records EHRs have a market saturation nearing 92% at individual institutions but are still unsuited for cross-institutional collaboration of stakeholders e.g., medical providers such as physicians, hospitals, clinics, labs, etc. in support of health information exchange HIE of different HIT systems in geographically separate locations. In the computer science field, software architectures such as service-oriented architecture, grid computing, publish/subscribe paradigm, and data warehousing are well-established approaches for interoperation. However, the application of these software architectures to support HIE has not been significantly explored. To address this issue, this paper proposes an architectural solution for HIE that leverages established software architectural styles in conjunction with the emergent HL7 standard Fast Healthcare Interoperability Resources FHIR. FHIR models healthcare data with XML or JSON schemas using a set of 93 resources to track a patients clinical findings, problems, allergies, adverse events, history, suggested physician orders, care planning, etc. For each resource, a FHIR CRUD RESTful Application Program Interface API is defined to share data in a common format for each of the HITs that can then be easily accessible by mobile applications. This paper details an architectural solution for HIE using software architectural styles in conjunction with FHIR to allow HIT systems of stakeholders to be integrated to facilitate collaboration among medical providers. To demonstrate the feasibility and utility of HHIEA, a realistic regional healthcare scenario is introduced that illustrates the interactions of stakeholders across an integrated collection of HIT systems.