Health Informatics & Legal Issues 26 March 2014 NDU

Dr. Mona Al-Achkar Jabbour Maj_aj@hotmail.com Professor of Law President of the Lebanese Information Technology Association (LITA) Nancy Abi Karam LITA member

 Thank you

Added value
For:

citizens governments business sctor Online prescribing, information patients portals interactive communication Extended service times Decision support systems Order clinicians entry online training Clinical databases communication Workflow planning systems budgetary systems

Directory of eHealth policies

In September 2010 Ban Ki Moon, launched the Global Strategy for Womens and Childrens Health, with the aim of saving the lives of 16 million mothers and children worldwide by 2015 in 75 target countries, including the worlds 49 poorest nations. CoIAs recommendations to improve accountability and transparency emphasize the essential role of information and communication technologies (ICT) in achieving the goals set out by the Global Strategy. by 2015, all target countries should have integrated the use of ICT in their national health information systems and health infrastructure.

"Medical Informatics
"Medical Informatics studies:
the organization of medical information the effective management of information using computer technology and the impact of such technology on medical research, education, and patient care.

The field explores techniques for:

assessing current information practices, determining the information needs of health care providers and patients, developing interventions using computer technology, and evaluating the impact of those interventions.

Objectives
optimize the use of information in order to improve: the quality of health care, reduce cost, provide better education for providers and patients, and to conduct medical research more effectively."

This research seeks to:

Health informatics
the study of: resources and methods for the management of health information.

 health information technology medical practice medical research

systems such as electronic health records (EHR) electronic medical records (EMR) health information exchange standards medical terminologies Clinical Terms and portable medical devices for the collection of data.

This area of study supports:

It involves:

health informatics
The first use in the 1950s with dental data collected by the National Bureau of Standards, now known as the National Institute of Standards and Technology (NIST). Accelerated usage with development of the Massachusetts General Hospital Utility Multi-Programming System (MUMPS), which provided a standard programming language for clinical applications. Today,International Medical Informatics Association (IMIA) oversees member organizations involved in health informatics worldwide.

Scope - 1
It deals with:
- the resources -devices - required methods to optimize: - the acquisition, storage, retrieval, and use of information in health and biomedicine.

Scope -2

Health informatics tools:

Computers clinical guidelines formal medical terminologies information and communication systems

Scope -3

It is applied to the areas of:

nursing clinical care dentistry pharmacy public health occupational therapy physical therapy (bio)medical research alternative medicine

The term "medical informatics", refered to the processing of medical data by computers.

the importance of "information processing" wrapidly superseded by that of "information communication

Health applications then became known as "health telematics" or "telemedicine", and now "e health". the value of these applications lies not in the technology itself or even in the exchange of data but in the ability to develop human networks of competence and expertise in the field of health.

Tele-health surveillance, health promotion and public health functions. It is broader in definition than tele-medicine as it includes computerassisted telecommunications to support management, surveillance, literature and access to medical knowledge.

Tele-medicine is the use of telecommunications to diagnose and treat disease and ill-health.

Telematics for health is a WHO composite term for both telemedicine and telehealth, or any healthrelated activities carried out over distance by means of information communication technologies.

Nursing Informatics
Planning care Delivering care Nursing informatics refers to:
informatics within all areas of nursing practice informatics designed for and relevant to nurses

information management,

knowledge from sciences other than nursing

E-health
Barely in use before 1999

Actually, this term now seems to serve as a general "buzzword"

It characterizes everything related to computers and medicine. The term was apparently first used by industry leaders and marketing people rather than academics.

e-health in the academic environment

the term has already entered the scientific literature (today, 76 Medline-indexed articles contain the term "e-health" in the title or abstract).

E-health :
More than a technological developement

"stamping a definition on something like e-health is somewhat like stamping a definition on 'the Internet': It is defined how it is used - the definition cannot be pinned down, as it is a dynamic environment, constantly moving."

E-health by the academics

e-health is:
an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered or enhanced through the Internet and related technologies.

It characterizes:
a technical development a state-of-mind a way of thinking an attitude a commitment for networked, global thinking, to improve health care locally, regionally, and worldwide by using information and communication technology.

E-Health
E-health is the transfer of health resources and health care by electronic means. It encompasses three main areas:
The delivery of health information, for health professionals and health consumers, through the Internet and telecommunications. Using the power of IT and e-commerce to improve public health services, e.g. through the education and training of health workers. The use of e-commerce and e-business practices in health systems management.

Defining E- Health

The scope of e-health extremely generic :

- public health which is the responsibility of States (preventing and responding to disease in populations) and healthcarewhich is the responsibility of professional and hospitals toward individual patients and the treatment of disease. - products, such as instruments to ensure the constant monitoring of blood pressure in ambulatory patients, - systems, such as computer-assisted surgery systems, and services, such as: - operating surgical and intensive care units, with interconnected instruments and surveillance services ensuring continuous patient monitoring; - computer-assisted prescription services, where the software checks for incompatible drugs, contraindications and dosage levels; - information services for patients and consumers, including individual electronic health records.

10 e's in "e-health" Efficiency Enhancing quality Encouragement Education Enabling Extending Ethics Evidence based Empowerment Equity

The goals
increasing efficiency in health care Improving quality of care increasing commitment to evidence-based medicine empowering patients and consumers developing new relationships between patients and health professionals

Some applications
system making patient information accessible for all healthcare units at a district, county, or even national level. patient portal, a system for patient Internet access to medical record. use of Internet as a source of medical information, a means for medical consultation and for marketing of drugs.

e-Business
includes online procurement processing between health care providers and suppliers, online electronic claims processing, eligibility authorization from insurance companies, and consumer purchase of prescription drugs and health insurance.

Consumer marketing
includes the use of Web sites to showcase organizational information to attract new patients and provide wellness information and disease-specific information to existing patients.

Organizational management
includes patient access to medical information via electronic health records allowing them to conduct risk assessments of their own health and include patientphysician interaction using e-mail.

Clinical customer services

includes patient access to medical information via electronic health records allowing them to conduct risk assessments of their own health and include patientphysician interaction using e-mail.

Going digital

- data sharing

- mail and electronic messages archiving

- access logs data and audit trails

- tracing access and time of access

Implications in practice
The standards and regulations that have hitherto served to protect individuals in such a vitally important area of life can no longer be guaranteed when healthcare moves into the public arena.

At a more local level, the introduction of computermediated healthcare changes the processes and practices of the care professionals not least in learning to operate and manage ICTs, individually and as part of a team.

Multi-layers stakeholders
Patients: individuals, family, carers Management, owners, shareholders

Staff and unions: scientific, technical, administrative

Health professionals: doctors, nurses, Government departments: local, state, federal

Professional bodies: colleges and Community and media associations

professions allied to health: Researchers, academics and students Vendors and consultants

The main players in the field :

new players
Varieties of cultures, objectives and traditions
- United Nations agencies - other international bodies dealing with health telecommunications and Trade - Government authorities, health and telecommunication decision-makers at the national and regional levels, as well as the regional bodies to which they belong - Academic and research institutions - Local health professionals and their associations - Consumers, patients and their associations - The Donors - Non-governmental organizations - The private sector, including foundations and industries related to health and ICTs - The media

Multidisciplinary
computer science information science medicine

law
philosophy social sciences

Electronic Medical Records and Electronic Health Records

Unlike EMRs, EHRs also allow a patients health record to move with themto other health care providers, specialists, hospitals, nursing homes, and even across states.

Electronic Medical Records (EMR)

Electronic health records (EHRs)

Contain the standard medical and clinical data gathered in one providers office.

1- go beyond the data collected in the providers office and include a more comprehensive patient history.
ex: EHRs are designed to contain and share information from all providers involved in a patients care.

2- EHR data can be created, managed, and consulted by authorized providers and staff from across more than one health care organization.

EMR legal aspects

- legal document (but what about the Proof) - the hospital owns the Record

- the patient owns the infos

- confidential

Legal Challenges

The critical, legal challenge for MEdical informatics is how to maximize the opportunities and benefits afforded whilst minimizing the risks and liabilities arising from new technology and practices.

Health information networks Risks samples

Unethical practices due to unregulated IM&T use, e.g. Internet prescribing without consultation Privacy, confidentiality breaches due to poor security monitoring of data storage or transmission Privacy issues surrounding electronic health records Incomplete data conversion from paper-based records Medical errors due to failed or unavailable technology Unethical use of healthcare information by insurance and other commercial companies

Main Legal issues in MI

Evolving and complex legal principles raised by the use of ICTs in health related fields Main issues:

- privacy, security, operational, Ethical, consumer protection, unethical use, equity

What is Medical Data?

Personal data

Sensitive Data
Technical and legal Protection Norms & Standards Private Application

Sensitive data
Personal health data: Sensitive patient health data can include insurancerelated data, actual medical information, and personal data about patients, such as social security numbers, addresses, and other sensitive information, which should not be publicly available.

Risks

Reliability

- The storing and exchange of medical images is crucial to providing a knowledge base for practitioners, and clearly it is also crucial that the images from which judgments are made are reliable.

Data Loss

Data Leakage The movement of a data asset from an intended state to an unintended, inappropriate, or unauthorized state, representing a risk or a potentially negative impact to the company. Locate all sensitive information A key challenge is being able to accurately identify relevant data at all key locations (stored data, laptops, network, message server). Control and protect all sensitive information There are many ways to misuse and lose sensitive data. Hospitals/physicians and companies must control and protect sensitive data in order to meet legal, regulatory and company policy compliance obligations.

Obligations & Liabilities

medical, employer ID, mothers maiden name, signature or biometric data reasonable security measures Encrypted data secure destruction businesses may not transfer covered data without encryption unless internally or by fax credit card companies

Variations:

several legislations may hold liability for costs associated with breaches of pd data

Increasing risks

According to a 2012 Department of Homeland Security bulletin, attacks against healthcare organizations are expected to increase.

Standards: ISO 27799

information security standard developed by the International Organization for Standardization (ISO). Its title is Health informatics -- Information security management in health using ISO/IEC 27002 The purpose of ISO 27799 is to provide guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002. The content sections are: 1: Scope 2: References 3: Terminology 4: Symbols 5: Health information security 6: Practical Action Plan for Implementing ISO 17799/27002 7: Healthcare Implications if ISO 17799/27002 8: Annex A: Threats 9: Annex B: Tasks and documentation of the ISMS 10: Annex C: Potential benefits and tool attributes 11: Annex D: Related standards

Contractual Agreements Data Management with Third Parties

Data protection through contracts with outsourcing, marketing agreements, and vendor relationships that involve data transfer across organizational, geographic, and system boundaries
Data transfer across geographic borders Vendors or Partners may expose sensitive data to their third parties agents and contractors Granting vendors access to a hospital/ Companys sensitive data and processing environments Existing contracts may contain risk data leakage and misuse by third parties Inconsistent implementation of privacy practices among independent organizations Who has responsibility and associated liability for data protection? Contract language and internal auditing of those contracts

Nursing informatics Legal issues

Two areas of the law that most involve healthcare leaders and managers are :

employment law

mal practice

Cyber Security: Must for E-health

As healthcare moves from prescription pads to iPads new digital landscape requires a cyber security partner to guard against the bugs, viruses and bad actors Ponemon Institute estimated the cost of Medical Identity Theft to consumers at $12 billion for 2013

Health cyber Threats

15% of respondents experienced a misdiagnosis 13% of respondents experienced a mistreatment 14% of respondents experienced a delay in treatment

11% of respondents were prescribed the wrong pharmaceutical

50% of respondents have done nothing to resolve the incident

issues of cyber security: Crimes and assaults Cyber crime

online fraud identity theft, child pornography intellectual property Money laundering Cyber Terrorism Spamming, phishing, spyware, malware.

Minimizing Risks
With the changing legal landscape and the areas of potential risk, physicians can :

Openly discuss with their medical liability carriers the advantages and pitfalls in using ICTs Reach out to professionals within their organizations, networks, or communities for support in Ensure that their systems meet their legal, business, and records management needs Ask in-depth questions of potential vendors to ensure that their products address medico-legal issues demand the functionality that supports both their clinical and business needs.

Lebanon

Lebanon
We are on the net! The citizen at the heart of the Government concern!?

What about the Legal Frame work?

Protection legal framework

HIPPA and HITECH in the USA set national standard for the privacy Convention on PDP in Europe Varieties of legislations in Europe Observation of technical standards of secure data communication, or to provisions ensuring high quality of handling, collecting, storing, transmitting and manipulating, etc. of health care data

Administrative, legislative and regulatory frameworks

Appropriate administrative, legislative and regulatory frameworks are essential to the implementation of a national or regional e-health project. This wide-ranging subject has a bearing on the fundamental rights of the citizen, e-commerce, health and a large number of international regulations governing the technical and economic spheres.

Administrative, legislative and regulatory frameworks

On the general level
- rules governing security - respect for human rights - protection of the citizen - protection of personal data - intellectual property - regulations on the legal status of electronic documents and signatures - instruments relating to the implementation of directives and international standards, particularly in the field of security and data confidentiality and e-commerce - rules on environmental protection and waste management and on equal opportunities for citizens.

Administrative, legislative and regulatory frameworks

On the technical level, this includes:
- liberalization of the telecommunication sector - absence of monopoly in this sphere - transparent bidding procedures - reasonable taxation policy - independent arbitration and regulation systems for telecommunications - respect for international norms and standards, and related regulations.

On the medical level, this includes:

- codes of ethics for health professionals - protocols for the certification and type approval of medical equipment - rules for the protection of health professionals in the exercise of their duties (radiological protection, contamination, etc.) - rules governing hygiene and safety in regard to hospital wastes - sound rules governing the production, distribution and management of medicines - rules governing the status of medical records.

Administrative, legislative and regulatory frameworks

- basic legislative and legal documents

- supervising by administrative machinery

- Regional cooperation

- The exchange of medical records can legitimately take place where a similar level of personal data protection prevails in each of the countries
- conducting clinical trials - Regional cooperation can be facilitated by partnerships with international bodies to guarantee codes of good conduct and credibility

FOCUS SCOPE

Protection of electronic patient healthcare data and information

Global All industries

PENALTIES

Civil and criminal for exposure of data or fraudulent behavior

Thanks for your questions