DEPENDABLE SYSTEM FOR

QUALITY CARE

Dixie B. Baker

OBJECTIVES To explain the relationship between

dependability and health care quality and

safety.

To identify and explain five guidelines for

dependability systems.

To present an informal assessment of the

healthcare industry with respect to those

guidelines.

INTRODUCTION The healthcare industry is undergoing a

dramatic transformation from today’s inefficient, costly, manually intensive, crisis-driven model of care delivery to a more efficient, consumer-centric, science-based model that proactively focuses on health management.

This transformation is driven by several factors:

The skyrocketing cost of healthcare delivery The exposure of patient-safety problems And an aging ‘’baby boom’’ population that

recognizes the potential for information technology (IT) to dramatically reduce the cost and improve the quality of care.

The Electronic Health Record (EHR) will form the foundation for pervasive, personalized, and scientific-based care.

Other key application are: Clinical information system (CIS) with

integrated Outcomes-based decision support Clinical knowledge bases Computerized physical order entry (CPOE) Electronic prescribing Consumer knowledge bases and decision

support And supply chain automation

The technologies that enable the transformation are largely state of the art and include enterprise application integration (EAI);

Wireless communication hand-held and tablet computers Continues speech recognition Integration Interpretation Electronic sensor technology Radio frequency identification (RFID) tagging And robotics The functional capabilities of these

application and technologies can provide are indeed impressive and can vastly improve quality of healthcare delivery

The International Council of Nurses (ICN) Code of Ethics for Nurses affirms that the nurse “holds in confidence personal information” and “insures that use of technology is compatible with the safety, dignity, and rights of people” (ICN, 2000)

As IT assumes a greater role in healthcare decision-making and in the provision of care, the nurse increasingly must rely on IT to help protect the patients personal information and safety.

Thus, ethical obligations drive requirements for: System reliability Availability Confidentiality Data integrity Responsiveness Safety attributes collectively referred to as

dependability

DEPENDABILITY Is a measure of the extent to which a system

can justifiability be relied on the deliver the services expected from it.

Dependability comprises six attributes:

1. System reliability: the system consistently behaves in the same way.2. Service availability: required services are present and usable when they are needed.3. Confidentiality: sensitive information is disclosed only to those authorized to see it.

4. Data integrity: data are not corrupted or

destroyed.

5. Responsiveness: the system responds to

users improve within an expected and

acceptable time period.

6. Safety: the system does not cause harm.

GUIDELINES FOR DEPENDABILITY SYSTEM All computer system are vulnerable to both human-

created threat, such as malicious code attack, and

software bugs, and natural threats, such as

hardware aging and earthquakes.

Removing all system vulnerable is not practical

particularly given complex, heterogeneous

environments where software and hardware

changes are a part of routine operations

A more practical approach to attaining

dependability is to build tolerant system.

TOLERANT SYSTEM Is a system that anticipate problems; that

detect faults, software glitches and

intrusions; and that take action so that

services can continue and data are protected

from corruption, destruction, and authorized

disclosure.

FIVE FUNDAMENTALS

THAT CAN HELP INCREASE

THE DEPENDABILITY OF

HEALTHCARE SYSTEM

GUIDELINE 1: ARCHITECT FOR DEPENDABILITY

Physical and logical networks that support the

enterprise and provide the “pipes” that carry data

from system to system.

One or more computers are connected to this

network, and the software foundation of each

computer is an operating system that is responsible

for managing all of the resources in the computer

system.

Distributed architecture can tolerate failures more

easily than large, centralized system.

GUIDELINE 2: ANTICIPATE FAILURES As computers are getting faster systems are

getting more and more complex, and design flaws are becoming an increasingly catastrophic problem.

The infrastructure level features that transparent to software application should be implemented to detect faults, to fail over to redundant components when faults are detected, and recover from failures before they become catastrophic.

Security features to detect, disable, and recover from malicious attacks, while preserving system stability and security, should be implemented.

GUIDELINE 3: ANTICIPATE SUCCESS

The system planning process should anticipate

business-success and the consequential need for

larger networks, more systems, new applications,

and additional integration.

Modeling of use-case scenarios that anticipate

hospital and clinic mergers, acquisitions, and a

growing patient/consumers base will enable the

system designer to visualize the data flows,

system loading, and network impact resulting

from business growth and success.

GUIDELINE 4: HIRE METICULOUS MANAGERS

Good system administrators meticulous

monitor and manage system network

performance, using out of band tools that do

not themselves affect performance.

They take emergency and disaster planning

very seriously; develop, maintain; and

judiciously exercise plans and procedures for

managing emergencies and recovering from

disasters.

GUIDELINE 5: DON’T BE ADVENTUROUS

Cute Chutes a small start-up company has

announced the availability of a new

parachute unit that promises to revolutionize

the sport of sky diving.

for dependability, one should use only

proven methods, tools, technologies, and

products that have been production, under

conditions, and at a scale similar to the

intended environment.

ASSESSING THE HEALTHCARE INDUSTRY

Healthcare clearly has a need for dependable

system both now and after transformation, as

the industry becomes increasingly dependent

on IT in the delivery of patient care

HEALTHCARE ARCHITECTURES The Health Insurance Portability and

Accountability Act (HIPAA) security

regulation prescribes administrative, physical,

and technical safeguards for protecting the

confidentiality and integrity o health

information and the availability to critical

system services.

HPAA requirement for emergency access that

is the ability to override security in an

emergency situation is unique to healthcare

HPAA security requirement for “information

system activity review” is an important

safeguard to counterbalance the necessity of

authorizing many people access to patient’s

records.

HPAA security standard is a tremendous

contribution toward achieving dependable

system in healthcare ,the current standards

lacks fundamental system assurance

requirements that are so important to system

dependability.

Eight required administrative safeguards

represent important operational practices

that clearly will contribute system

dependability:

1.Security management, including security

analysis and risk management.

2.Assigned security responsibility.

3.Information access management, including

the isolation of clearinghouse functions from

other clinical functions.

4.Security awareness and training

5.) Security incident procedures, including

response and reporting.

6.) Contingency planning, including data

backup planning, disaster recovery planning,

and planning for emergency mode

operations.

7.) Evaluation.

8.) Business associate contracts that looks in

the obligations of business partners in

protecting health information to which they

may have access.

Five specified physical safeguards also contribute to system dependability to requiring that facilities, work stations, devices, and media be protected.

1. Access control, including unique user identification and an emergency access procedure

2. Audit controls3. Data integrity protection4. Person or entity authentication5. Transmission security

ANTICIPATING FAILURES Medical applications that hosted on PC’s and

personal data assistants (PDAs) have a higher

likelihood of failure than application hosted on server

machines that are physically protected, managed by

trained system administrators, and continuously

monitored.

Computers are increasingly being used in safety

critical clinical applications, and without careful and

appropriate attention to software safety, we can

reasonably expect that failures will contribute to the

loss of human life.

ANTICIPATING SUCCESS Healthcare organizations definitely expect their

software applications, computer systems, and networks to work.

Providers assume their systems will work as well as any other medical equipment despite the fact that many of the software applications they use are running on the same kind of PC’s that have failed them at home.

Healthcare organizations do not foresee tat their business success may increase their need for processing power and network capability.

IT MANAGEMENT Organizations have hired IT managers who

appreciate the important role of IT in a healthcare environment and who recognize the need for dependable systems that can anticipate and recover from failures.

IT managers who recognize the strong relationship between system dependability and the quality and safety of patient care implement fault-tolerant systems with strong security protection, middleware to manage workload, and tools to continuously monitor the health and performance of their applications, system and network.

ADVENTUROUS TECHNOLOGIES IN HEALTHCARE

The fifth and final guideline “don’t be adventurous” is the most difficult to assess for healthcare.

On the one hand, healthcare givers typically are not early adopters, but on the other hand, they seem to catch their collective fancy.

Healthcare clinicians, including nurses, historically and typically are very resistant to change, largely because they are taught to be circumspect in considering new approaches, treatment protocols, and drug regimens.

Before adopting new idea, they investigate it,

they talk about it among their colleagues,

they watch someone else to try it, and then

perhaps, they may try it themselves.

Wireless networking and handheld computers

can serve as a good example for

technologies that are not yet nature enough

for safety-critical applications.

yet, wireless information system are one of

the most frequently used technologies in

healthcare