Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.
Symbols
<% and %>, ASP commands, 125
{ } (curly brackets), in C language, 113–114
Numbers
2.4 GHz band
mobile devices, 624
WLAN topology, 190
2.5 GHz band, 802.11 standards, 189
3D printing, gap in, 607
3DES (Triple DES), 708
4G (fourth-generation) wireless, 624
5 GHz (ISM) band, 802.11 standards, 189–190
21st Century Cures Act, 2016, 418
45 CFR Part 160, HIPAA Enforcement Rule, 389–390
45 CFR Part 164
Subpart C, HIPAA Security Rule, 381–386
Subpart D, HIPAA Breach Notification Rule, 386–389
Subpart E, HIPAA Privacy Rule, 376–381
802.1Q protocol, VLANs, 195
802.11 (Wi-Fi) standard, IEEE, 189–190, 327
A
A (Addressable) code, HIPAA, 381
AAMC (Association of American Medical Colleges), physicians, 34
AARP (American Association of Retired Persons), 628
ABCs (Active Bacterial Core surveillance), CDC, 39
ABEO Smart Shoe, 627
ABMS (American Board of Medical Specialties), physicians, 34
ACA (Affordable Care Act)
efforts of President Trump to repeal, 10, 415–416, 420
as foundation of current health system, 442
individual privacy/security risks of, 640–641
IRS responsibilities for taxes/penalties in, 419–420
payment based on effectiveness of outcomes, 60, 640
Prevention and Public Health Fund, 73
provisions of, 36
testing bundled strategies, 62
academic health centers, healthcare delivery via, 24
acceptance of risk, 682
access control
802.11 standards, 189
accountability, 348–350
authentication, 345–348
balanced with audit control, 349–350
HIPAA Security Rule for facilities, 384
HIPAA Security Rule for technical controls, 385
languages, 365–366
medical records regulations, 352–353
multilevel data confidentiality, 352
other sources of rules for, 353
overview of, 341–342
personnel, 703
physical database, 148
physical safeguard standards, 650
physical safeguards for devices, 698–700
privacy consent/purpose of use and, 354–356
review Q & A, 366–372
roles and permissions, 350–351
security technology safeguards, 658, 660
summary of basic, 356–357
user identity, 342–345
access control, in HIEs
access control information, 360–362
enforcement of, 358–359
first rule of, 359
metadata, 362–363
push vs. pull, 358
second rule of, 359
user identity, 363–365
access control lists (ACLs), in threat isolation, 765
access points (APs), WLAN topology, 188–190
accordion model, of continuous learning, 603–604
accountability
access control across healthcare systems, 348–350
HIPAA Security Rule for device/media, 385
accounts, user. see user identity
accreditation, healthcare professional, 33–34
Accredited Standards Committee (ASC) X12, health data interchange, 326–327
ACGME (Accreditation Council for Graduate Medical Education), physicians, 34
ACI (Advancing Care Information), 81, 400
ACLs (access control lists), in threat isolation, 765
ACOs (accountable-care organizations)
alternative payment model, 399
continuum of care, 596
as cultural transformation in healthcare, 593
healthcare reform of, 471
linking payment to quality measures, 566
measuring outcomes based on, 640
operational safeguards for, 732
Pioneer ACO program, 64–65
action, create change via, 256
Active Bacterial Core surveillance (ABCs), CDC, 39
Active Server Pages (ASP), 124–126
acute care
chronic care vs., 32
EHR workflow development, 523
types of settings for, 27–28
ACWP (Actual Cost of Work Performed), earned-value analysis, 288
addiction, patient education for, 32
ADDIE (Analyze, Design, Develop, Implement, Evaluate) model, 540
address resolution, data networks, 178
Address Resolution Protocol (ARP), 178, 185–186
Addressable (A) code, HIPAA, 381
addressing, in data networks, 177–178
ADI (application data interchange), non-EHR HIT systems, 490, 504
ADL (Advanced Distributed Learning), and SCORM, 551
administration, database, 145–146
administrative (operational) security controls, 744
administrative governmental agencies. see legislative branch, U.S. government
administrative rights, managing privileges, 763–764
administrative safeguards, HIPAA Security Rule, 381–383
Administrative Simplification Provisions, HIPAA, 375–376
admissibility, vs. discovery of EHRs, 433
Adobe Flash, and HTML, 122
adult learners
designing educational training for, 543
principles of multimedia for, 546–547
Advanced Distributed Learning (ADL), and SCORM, 551
Advanced Encryption Standard (AES), 191, 707
advanced malware detection, 767
advanced persistent threats (APTs), 758
Advanced Primary Care Practice (APCP) Demonstration, FQHC, 63
Advancing Care Information (ACI), 81, 400
adverse events, FDA monitoring medical devices, 747
adverse reactions, patient harm from medical devices, 727
AES (Advanced Encryption Standard), 191, 707
Afectiva, IOD data filtering and analytics for continuous learning, 603
Affordable Care Act. see ACA (Affordable Care Act)
Agency for Healthcare Research and Quality (AHRQ). see AHRQ (Agency for Healthcare Research and Quality)
agenda, rules for effective governance, 469
Agile software development, 227–228
aging (senescence) research, 627
AHIMA (American Health Information Management Association)
awarding CHTS certification, 4
CHTS exam series, 13–15
role in HIT credentials/training/education, 12–13
AHRQ (Agency for Healthcare Research and Quality)
biomedical research funding via, 41
in evaluation of quality measurement, 564
funding Quality Data Model, 403–404
AI (artificial intelligence)
accelerating healthcare learning, 592
augmented empathy via physical transfer in, 591
buffers for staging information inbound/outbound, 604–605
as game-changing healthcare platform, 172
gap in, 607
questioning threat to human species, 597
technology closing gap in robotics and, 605
AICC (Aviation Industry CBT Committee), 551
alerts, public health, 78
Alexa, Amazon, 604
ALFs (assisted living facilities), long-term care via, 28–29
All of Us Research Program
innovations in genetics/genomics, 618
Precision Medicine Initiative, 7
support for mHealth technologies, 625
Allele Registry, ClinGen, 622
allied health personnel, training/licensing programs for, 35
Allred v. Saunders, 436
alternative medicine, 33
alternative payment models. see APMs (alternative payment models)
AMA (American Medical Association)
medical field firmly grounded in, 641–642
quality measurement organizations, 558
Amazon
Alexa, 604
Echo, 590
Amazon Web Services (AWS), medical record services in the cloud, 161
ambulatory services
EHR workflow development, 522
go-live impact on physician scheduling, 527
Medicare Part B covering, 55
venues of healthcare delivery, 26
American Association of Retired Persons (AARP), 628
American Health Information Management Association (AHIMA). see AHIMA (American Health Information Management Association)
American Medical Association. see AMA (American Medical Association)
American National Standards Institute (ANSI), 325–326
American Recovery and Reinvestment Act. see ARRA (American Recovery and Reinvestment Act)
American Telemedicine Association (ATA), 628–630
ANA (American Nurses Association)
certification/accreditation of RNs, 34
Code of Ethics, 641–642
Code of Ethics for Nurses, 649–650
quality measurement organizations, 558
standards, 328–329
Analysis method, requirements analysis report in SDLC, 215
analysis phase
life cycle of major HIT change, 235–236
SDLC, 212–220
analytics
assessing HIT in use, 313–314
big data and data. see big data and data analytics
OLAP as core component of DWs and, 152
OLTP vs. DW, 152
Analyze, Design, Develop, Implement, Evaluate (ADDIE) model, 540
Android, using Java language, 128
ANN (Artificial Neural Network) algorithm, 160
ANSI (American National Standards Institute), 325–326
antennas, WLAN topology, 189
Anthem, Inc., PHI breach at, 718
anticipatory guidance, 31
Antitrust Division, of DOJ, 421
antivirus solutions
conducting information correlation and analysis, 769–770
in cybersecurity, 766–767
APCP (Advanced Primary Care Practice) Demonstration, FQHC, 63
APEX (Oracle Application Express), implementing healthcare database, 140–145
APMs (alternative payment models)
accountable-care organizations (ACOs), 399
bundled payment system, 399
measuring healthcare quality for reimbursement, 9
Quality Payment Program, 400
appellate court, as highest state court, 423
Apple’s macOS, widely used in HIT, 113
application criticality analysis, risk analysis, 686
application data interchange (ADI), non-EHR HIT systems, 490, 504
application function level processes, 242
application layer (Layer 7), OSI model, 173–174
application server providers (ASPs), storing data over Internet, 97
application servers, 103
applications. see also mobile health applications
architecture for network, 180–181
HIPAA Security Rule contingency plan for, 383
wireless network healthcare, 188
APs (access points), WLAN topology, 188–190
APTs (advanced persistent threats), 758
architectural safeguards
high-reliability healthcare systems, 747–749
interoperability, 656
maintainability, 745
review Q & A, 750–751
simplicity, 657
architecture
building secure, 762
complexity of HIT, 5–6
computer hardware and. see computer hardware/architecture for HIT
Java object file format neutral to, 119
network, 180–181
ARP (Address Resolution Protocol), 178, 185–186
ARRA (American Recovery and Reinvestment Act)
developing nationwide health policy, 395
enforcing HIPAA Breach Notification rule, 419
as foundation of current health system, 442
Health IT Standards Committee, 331–332
HITECH enacted following, 716
impact on EHR, 509
meaningful use privacy and security measures, 733–734
overview of, 73
widespread adoption of EHRs, 465
artificial intelligence. see AI (artificial intelligence)
Artificial Neural Network (ANN) algorithm, 160
ASC (Accredited Standards Committee) X12, health data interchange, 326–327
ASP (Active Server Pages), 124–126
ASPs (application server providers), storing data over Internet, 97
assembly language, developed for computer systems, 112–113
assessment
assignment of risk likelihood and risk impact, 676–679
of basic skill level for training in HIT, 541–542
defined, 674–675
example, 673
of HIT in use, 313–314
prioritization of risks based on assigned values, 679
reduction of risk values based on existing safeguards, 679–681
in risk management, 676
assets
identifying, assessing and mitigating risk, 673
managing computer assets, 103
as risk management key term, 672
assisted living facilities (ALFs), long-term care via, 28–29
associated header files (.h), in C language, 113
association, pattern recognition in data mining, 158–159
Association of American Medical Colleges (AAMC), physicians, 34
asymmetric (public-key) encryption, 148, 661, 707
ATA (American Telemedicine Association), 628–630
attacks, medical device vulnerabilities and risks, 783–785
Attorney General, responsibilities of, 420–421
attributes, ERD in database application development, 138
attributes/fields (columns), relational database, 135
audience, training program delivery to, 548
audit control
accountability for, 349
balanced with access control, 349–350
HIE access control information, 362
HIPAA Security Rule for, 385
security technology safeguards, 658, 660
audit logs, 660
augmented empathy, via physical transfer of virtual reality, 591
augmented reality. see VR/AR (virtual reality/augmented reality)
authentication
of EHR data prior to submission in court of law, 432
HIE access control information, 360–362
HIPAA Security Rule for integrity, 383
HIPAA Security Rule for person/entity, 385
interoperability across healthcare systems, 345–348
levels of identity proofing, 343
multifactor, 720–721
person and entity, 660
physical safeguards for access-control devices, 698–700
security technology safeguards, 658
technical database security via, 147
user identity in HIE access control, 364–365
authenticity
of data, as nonrepudiation, 661
verifying individual medical records, 425
verifying medical records in court of law, 427
authority, rules for effective governance, 469
authorization. see also identity management/authorization
consent management, 654–655
HIE access control information, 355
HIPAA Privacy Rule for release without, 378
HIPAA Privacy Rule requirements, 377–378
HIPAA Security Rule for workforce security, 382
identity management and, 654
physical safeguards, 698–700
authorization forms, HIPAA Privacy Rule, 375
availability
architectural safeguards for, 657
as component of data security, 744–745
database security issues, 146
maintainability affecting, 745
avatars
buffers for staging information inbound/outbound, 604–605
optimizing design by eliciting empathy, 590–591
technology opportunities for innovation and, 589–590
Aviation Industry CBT Committee (AICC), 551
avoidance of risk, 682
awareness
in accessing PHI data, 703
as operational safeguard, 653, 721
AWS (Amazon Web Services), medical record services in the cloud, 161
B
BA (business associate)
HIPAA Breach Notification Rule, 389
HIPAA compliance requirement, 374
HIPAA Privacy Rule, 376–381
HIPAA Security Rule, 382
HIPAA state law preemption and, 376
operational safeguards for, 717–719
BA contracts
as operational safeguards, 726
overview of, 374
using for healthcare in cloud, 729–730
BAA (business associate agreement), 733
backdoors, security risk analysis of, 684–685
backup
data storage via types of, 96–97
electrical power, 702–703
security for, 697–698
bad debt, as uncompensated care, 58–59
badges, physical safeguards for, 698–700
bandwidth
defined, 175
wireless network issues, 187
Banner Health system
data migration, 522
go-live impact on physician scheduling, 526–527
governance at, 516
overview of, 510–511
partnering with Cerner Corporation, 519
provider go-live metrics, 532–533
strategic initiative, 511
barcode scanners, in hospitals/healthcare setting, 91
basic science (bench) research, for evidence-based medicine, 40
Baxter robotics, 591
BCWP (Budgeted Cost of Work Performed), earned-value analysis, 288
Beacon project, 622
behavioral health, closing gap in, 599–601
bench (basic science) research, for evidence-based medicine, 40
best-of-breed approach, systems development, 228
big data and data analytics
3D printing gap, 607
accordion model of continuous learning, 603–604
AI robotic/robotics gap, 605
chatbots/AI trust/health gap, 607
communities engaged in healthcare delivery, 593–597
drones/healthcare gap, 607
empathy gap, 598–599
environmental disruption gap, 601–602
evidence-based virtual care gap, 605
evidence/behavior gap for disorders of lifestyle, 599–601
harnessing exponential technology gap, 608–609
impact of innovations on future technologies, 597
innovation in HIT, 588–589
IOT data filtering/analytics for continuous learning, 602–603
learning/education/communication gap, 602
overview of, 587–588
Precision Medicine Initiative generating, 7
psychopharmacology research/previously refractory psychiatric states gap, 608
review Q & A, 610–613
science vs. application of –omics gap, 606–607
seamless human data entry gap, 605
simple taxonomy for innovation, 592–593
staging information between people/devices/analytics, 604–605
technology opportunities for innovation, 589–592
transcranial magnetic stimulation/health gap, 608
billing (BLG) segment, HL7 v2, 202
billing system
in delivery of patient care, 492
finance and operations systems, 501
binding agreement, privacy consent as, 354–355
biomedical research funding, 40
biometric devices, physical safeguards for, 698–700
birth defects registry, public health department, 77
birth registry, public health department, 76–77
BISDN (Broadband Integrated Services Digital Network), 170
bits per second (bps), throughput measured by, 176
Black Hat, security training, 760
black-box testing, 225
blade servers, vertical scaling of hardware, 102
BLG (billing) segment, HL7 v2, 202
blockchain technology, 606
blocks (compound statements), in C language, 114
blood culture system, in delivery of patient care, 492
blood pressure, standardizing value sets, 573
Blue Zones, 594
blueprint, as result of Design phase, 221
Bluetooth
intended for WPANs, 624
NIST handling security of, 624
wireless security and, 191
Blu-ray optical disks, 96
BMI as vital sign, 600
<body> tag, HTML, 120–121
bottom-up development, in SDLC, 224
BPM (business process management), 247–248
bps (bits per second), throughput measured by, 176
BRAIN initiative, Cures Act research into, 10
brain research, funding, 618
BRCA Challenge project, 622
Breach Notification Rule, HIPAA, 386–389
breaches, PHI data
as expensive, 733
HIPAA Breach Notification Rule, 386–387
impact of, 718–719
incident procedures as operational safeguard, 725
“bring your own device” (BYOD), in healthcare setting, 99, 729
BRM (business relationship manager), 489
Broadband Integrated Services Digital Network (BISDN), 170
broadcast mode, hub working in, 193–194
broadcasts, LAN, 182
Budgeted Cost of Work Scheduled (BCWS), earned-value analysis, 288
budgets, HIT planning process, 492
buffers, for staging information inbound/outbound, 604–605
Build, operational safeguards for software/system development, 722–723
bundled payment system, 399
Bureau of Labor Statistics, report on technicians/professionals preparation, 10–11
burn centers, acute care delivered via, 28
Burwell, Sylvia, 399
bus
connecting components on motherboard, 94
defined, 93
business
in database application development, 137–138
value of health data standards in, 333
business agreements, as operational safeguard, 653
business associate. see BA (business associate)
business associate agreement (BAA), 733
business continuity plan, HIPAA Security Rule contingency plan, 383
business process management (BPM), 247–248
business relationship manager (BRM), 489
business rules
database application development, 137–138
design ERD based on, 138–139
buy versus build, systems development, 228
BYOD (“bring your own device”), in healthcare setting, 99, 729
bytecodes, Java, 118
C
C language, 114–115
C++ language, 115–118
cabinet, United States
executive branch powers/functions, 413–414
Health Care Fraud Prevention and Enforcement Action Team, 421–422
cabling, network, 199
CAC (Common Access Card), DoD physical safeguards, 698–700
CAHIMS (Certified Associate in Healthcare Information and Management Systems)
defined, 4
healthcare information credentials/training/education, 12
project management training, 267
Calico (Google-owned), 627
cancer
BRCA Challenge project for breast, 622
genetic testing for susceptibility to, 619
precision medicine research on, 397, 618
cancer care hospitals, as specialty hospitals, 24
Cancer Moonshot program, 10
cancer registry, public health department, 76
CAPEX (capital expenditures), in budget planning process, 492
CAPM (Certified Associate in Project Management), 267
cardiology
acute care in emergency department for, 27–28
heart hospitals for, 24
CareGroup, 655
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), 189
Carrier Sense Multiple Access with Collision Detection (CSMA/CD), 182
CART (Classification And Regression Tree) algorithm, applying data mining, 160
case law
common law vs., 424
judiciary responsible for, 423–424
structure/function of U.S court system, 424
case scenarios, training evaluation via, 549
case sensitivity
C language, 116
C++ language, 116
HTML tags, 120
categories
health data standards, 326–331
Structured Query Language, 136
CD optical disks, 96
CDA (Clinical Document Architecture), using LOINC coding system, 77
CDC (Centers for Disease Control and Prevention), 72
CDHPs (Consumer-Directed Health Plans), 53–54
CDISC (Clinical Data Interchange Standards Consortium), 330
CDRH (Center for Devices and Radiological Health), 785
CDSSs (clinical decision support systems)
connection with quality measurement, 565–566
content and structure standards, 330
designing HIT for, 297
non-EHR HIT systems, 503
CEHRT (certified EHR technology)
for Cerner’s EHR product, 510
HITECH (Health Information Technology for Economic and Clinical Health) Act, 768
new models for healthcare payment, 400
percentage of hospitals/office-based physicians complying with, 402
cellular networks
overview of, 192
telecommunication via, 170
Center for Devices and Radiological Health (CDRH), 785
Center for Medicare and Medicaid Innovation. see CMMI (Center for Medicare and Medicaid Innovation)
Centers for Disease Control and Prevention (CDC), 72
Centers for Medicare and Medicaid Services. see CMS (Centers for Medicare and Medicaid Services)
centralized DW model, 154
CERT (Computer Emergency Readiness Team), 759
certificate authorities, identity proofing via, 343
certificate policy (CP), in user provisioning, 343
certification
CAHIMS and CHTS, 4
ERH Incentive Program and, 402–403
healthcare professional, 33
preparing HIT technicians/professionals for, 10–11
Project Management Institute, 265–267
Certified Associate in Healthcare Information and Management Systems. see CAHIMS (Certified Associate in Healthcare Information and Management Systems)
Certified Associate in Project Management (CAPM), 267
certified EHR technology. see CEHRT (certified EHR technology)
Certified Healthcare Technology Specialist. see CHTS (Certified Healthcare Technology Specialist)
Certified Professional in Healthcare Information and Management Systems (CPHIMS), 12
CEs (covered entities)
HIPAA Breach Notification Rule, 388
HIPAA governing use of PHI, 717–718
HIPAA Privacy Rule, 376–381
HIPAA Security Rule, 382
HIPAA state law preemption and, 376
HITECH Act for HIPAA, 444
reducing risk to reasonable levels, 721–722
required for HIPAA compliance, 374
CGT (Cancer Genome Trust), 606
change
HIT project management, 289–290
life cycle of major HIT, 234–237
management in EHRs, 517–518
principles/steps to management of, 255–256
success factors for clinical process, 252–255
Change Management in EHR Implementation, NLC, 473
charity care, as uncompensated care, 58–59
chatbots, gap in, 607
checklists, risk identification, 675
chief information officer (CIO), members of HIT teams, 488, 490
chief medical information officer. see CMIO (chief medical information officer)
chief medical officer (CMO), 516
childhood obesity, 600
children
birth defects registry, 77
insurance for low-income households. see CHIP (Children’s Health Insurance Program)
CHIP (Children’s Health Insurance Program)
for children in low-income households, 57
CMS administering, 417
HHS providing services of, 416
Medicaid merit-based incentive payment system, 37
CHTS (Certified Healthcare Technology Specialist)
defined, 4
exam series, 13–15
overview of, 12–13
CIA (confidentiality, integrity, and availability)
of data security, 744–745
security risk analysis, 683–686
CIMI (Clinical Information Modeling Initiative), 330
CIO (chief information officer), members of HIT teams, 488, 490
ciphers, use of encryption, 661
CISA (Cybersecurity Information Sharing Act), 759
CISOs (Computer information security officers), 759
Citrix XenServer, scaling out hardware, 102
civil penalties, HIPAA Enforcement Rule, 389
CLaaS™ (Continuous Learning as a Service), 602–603
class diagrams, OO systems analysis and design, 220
.class files, Java, 118
classes, HL7 v3, 202
classification, pattern recognition phase of data mining, 158–159
Classification And Regression Tree (CART) algorithm, applying data mining, 160
clearance, HIPAA Security Rule for workforce security, 382
client-server systems
network architecture, 180–181
storing EMR data via, 97
ClinGen (Clinical Genome Resource) project
Allele Registry, 622
defined, 621
clinical care, perspectives of public health vs., 72–73
clinical decision support systems. see CDSSs (clinical decision support systems)
Clinical Document Architecture (CDA), using LOINC coding system, 77
Clinical Genome Resource (ClinGen) project
Allele Registry, 622
defined, 621
Clinical Information Modeling Initiative (CIMI), 330
clinical information standards, 80
clinical laboratory. see also laboratory
clinical non-EHR systems, 490
non-EHR HIT systems, 498–499
Clinical Pharmacogenomics Implementation Consortium (CPIC) guidelines
challenges in IT transfer, 623
including in EHRs, 621
clinical practice improvement activity, MIPS program reimbursement, 400
Clinical Procedure Terminology (CPT), 574
Clinical Quality Language (CQL), 572
clinical research
for evidence-based medicine, 40
using healthcare databases for, 134
clinical stateholders. see stakeholders
clinical systems, non-EHR HIT systems, 490–491
Clinical Use Evaluation (CUE), 500
Clinton, President Bill, 413
closing phase, HIT project management, 290–292
cloud computing
addressing scalability issue with, 745
deployment models, 161
examples of, 161
explosion of HIT and, 4–6
healthcare implications on operational safeguards of, 728–729
models, 160–161
operational safeguards for, 729–731
overview of, 160
process isolation safeguards in, 657
pros and cons of, 159–162
Q & A, 162–165
risk challenges of, 648
scalability with, 655
scaling out hardware via, 102
storing data over Internet via, 97
when things go wrong in, 644–645
clustering, pattern recognition phase of data mining, 158–159
CMIO (chief medical information officer)
governance at Banner Health and Emory Healthcare, 516
members of HIT teams, 488, 490
CMMI (Center for Medicare and Medicaid Innovation)
payment/payment reform and, 60
Pioneer ACOs as pilot of, 65
testing bundled strategies, 62
testing PCMH model, 63
CMO (chief medical officer), 516
CMS (Centers for Medicare and Medicaid Services)
establishing EHR Incentive Program, 395
health regulatory body, 38
Innovation Center, 60
linking payment to quality measures, 566
policies impacting EHR workflows, 524–525
powers as administrative legislative agency, 417
President Trump’s appointment to lead, 416
provider incentive programs, 61
quality measures, 569
role in EHR implementation, 476
coaches, go-live, 529
CODA (Commission on Dental Accreditation), 35
code
program, Implementation phase in SDLC, 224–226
restricted data, 352–353
technological advances in data entry, 311
Code of Ethics for Nurses with Interpretive Statements, ANA
information assurance policy, 650
medical field firmly grounded in, 641–642
Code of Medical Ethics, AMA, 641
cognitive ergonomics, 305
cognitive load, reducing in HIT systems, 306
cognitive walk-through, usability inspection via, 302–303
collaboration, between HIT systems, 488–489
collaborative robotics, 591
columns (attributes/fields), relational database, 135
Commander in Chief, U.S. president as, 413
comments, in C++ language, 116
commercial (private) insurance, 53–54
commercial off-the-shelf (COTS) software, 786
Commission on Dental Accreditation (CODA), 35
Common Access Card (CAC), DoD physical safeguards, 698–700
common law
case law vs., 424
judiciary responsible for, 423–424
Common User Interface (CUI), 314
Common Vulnerabilities and Exposures (CVEs), maintaining security of current environment, 762–763
communication
closing gap in evidence-based virtual care, 605
closing gap via technology in, 601
components of plan for, 473–474
go-live, 530–531
metrics for, 474
mHealth wireless technologies/standards, 624
project management, 270
project success dependent on effective, 270–271
in roles to patient level processes, 241
communication initiatives, HIT
components of communications plan, 473–474
focus on customers and players, 470–473
importance of communications, 467–470
key industry considerations, 474–478
overview of, 465–466
review Q & A, 480–482
communities
engaging in healthcare reform, 470–471
healthcare delivery via person-centric, 593–594
communities of practice, created by PMI, 267
community (population) care, 29–30
Community Healthcare Centers, 29
competition in healthcare, FTC promoting, 418–419
compiled languages, 111–112
compilers
C, 113–114
C++, 117
vs. interpreters, 112
Java, 118–119
complementary medicine, 33
complexity, medical device security challenges, 782
compliance audits, HIPAA Enforcement Rule, 390
compound statements (or blocks), in C language, 114
Comprehensive Primary Care (CPC) initiative, 9, 63
CompTIA (Computing Technology Industry Association), security training, 760
computable privacy, 400–402
computed tomography (CT), 494
Computer Emergency Readiness Team (CERT), 759
computer hardware/architecture for HIT
central processing unit, 94
cloud computing/ASPs/client-server EMR systems, 97–98
computer asset management, 103–104
connectors, 93–94
desktop support technician role, 104–106
escalation of issues to HIT specialists, 106–107
hardware management, 98–102
input devices, 90–92
motherboards, 94–95
output devices, 92
overview of, 89–90
RAM, 95
review Q & A, 107–109
storage components, 95–97
system components, 92–97
Computer information security officers (CISOs), 759
computer science, data communications rooted in, 169
computer systems
development of languages for, 111–112
evolution of, 112–113
human-computer interaction. see HCI (human-computer interaction)
computer-generated information, hearsay rule exceptions, 434
computerized provider order entry. see CPOE (computerized provider order entry)
Computers on Wheels (COWs), 99
computer-stored information, hearsay rule exceptions, 434
Computing Technology Industry Association (CompTIA), security training, 760
confidentiality. see also privacy, security, and confidentiality framework
data treated at highest level of, 353–354
medical records regulations and, 352–353
multilevel data, 352
privacy linked to, 648
protecting patient, 78–79
security technology safeguards, 659, 661
confidentiality, integrity, and availability (CIA)
of data security, 744–745
security risk analysis, 683–686
configuration management, as operational safeguard, 653, 723
Conflicker virus, 645–646
Congress
executive branch and role of, 413–414
legislative process, 415–416
power to override presidential veto, 415
Connecting for Health collaboration, Markle Foundation, 642–643
connection-oriented communications, 184
connectivity, data communication and, 171–172
connectors, computer system components, 93–94
consent
HIPAA Privacy Rule, 377
privacy and, 354
consent forms, 401–402
consent management
as operational safeguard, 654–655
process, 723–724
Constitution, consistency of legislation with, 423
constraints, project management, 267–268
consumer protection laws, FTC enforcing, 418–419
Consumer-Directed Health Plans (CDHPs), 53–54
contagious disease, 607
content and structure standards
Clinical Data Interchange Standards Consortium (CDISC), 330
Health Level Seven International (HL7), 330
International Health Terminology Standards Development Organization (IHTSDO), 330
National Council for Prescription Drug Programs (NCPDP), 331
overview of, 329
context information
in basic access control, 357
in second rule of HIE access control, 359
contingency plan, HIPAA Security Rule for, 383, 384
continuity of operations, as operational safeguard, 651–652, 724–725
continuous learning
accordion model of, 603–604
buffers for staging information inbound/outbound, 604–605
IOD data filtering and analytics for, 602–603
Continuous Learning as a Service (CLaaS™), 602–603
continuum of care
expanding role of HIT in, 7–8
as foundation of ACOs, 596
influence of genetics and genomics across, 7
contracts, HIPAA Privacy Rule for BA, 377
contrary condition, HIPAA Privacy Rule state law preemption,, 376
controlling phase, HIT project management, 287–289
coordination and interoperability, health data standards, 331–333
copayment, structure of health insurance, 50–51
copper media, network cabling, 199
cost
assessment of risk impact, 678–679
biomedical research funding, 40
calculating health insurance premiums, 50
changing project plan, 289
in earned-value analysis, 288
estimating project time, resources and, 280–283
post-project review, 292
as project management constraint, 267–268
structure of health insurance, 50–51
US healthcare vs. other countries, 35–36
usability inspection vs. usability testing, 302–303
cost variance, earned-value analysis, 288
cost-shifting, funding uncompensated care, 59
COTS (commercial off-the-shelf) software, 786
court of appeals
federal court, 422
state appellate court, 423
court orders, access control due to, 353
covered entities. see CEs (covered entities)
COWs (Computers on Wheels), 99
CP (certificate policy), in user provisioning, 343
CPC (Comprehensive Primary Care) initiative, 9, 63
CPHIMS (Certified Professional in Healthcare Information and Management Systems), 12
CPIC (Clinical Pharmacogenomics Implementation Consortium) guidelines
challenges in IT transfer, 623
including in EHRs, 621
CPOE (computerized provider order entry)
Banner Health system, 510–511
Emory Healthcare, 511–512
orders catalog and order sets, 520–521
pharmacy systems, 496
policies impacting EHR workflows, 525
CPS (Composite Performance Score), 400
CPT (Clinical Procedure Terminology), 574
CPT (Current Procedural Terminology)
code sets, 328
Medicare Part B benefits, 55
CPUs (central processing units)
GPUs vs., 94
motherboards contain housing for, 94
CQL (Clinical Quality Language), 572
CRISPR/Cas9 genetic editing technology, 606–607
critical path method, project scheduling, 281–282
cryptography
data integrity with, 661
DES now deprecated for, 707
network protocols, 625
CSF (Cybersecurity Framework for Healthcare), 761
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 189
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 182
CT (computed tomography), 494
CUE (Clinical Use Evaluation), 500
CUI (Common User Interface), 314
cultural transformation, innovation through, 593
Cures Act (21st Century Cures Act) of 2016
advancing development of standards for EHR, 442
on electronic exchange/interoperability of EHR systems, 449
laying foundation for new era, 429
measuring value of healthcare, 10
new era in health information infrastructure, 450–451
curly brackets { }, in C language, 113–114
Current Procedural Terminology (CPT)
code sets, 328
Medicare Part B benefits, 55
cut-through switching, 195
CVEs (Common Vulnerabilities and Exposures), maintaining security of current environment, 762–763
cyber espionage, 757
Cyber Observable eXpression (CybOX), 759
cyberarmies, attacks on medical devices, 784
cybercrime, 757
cybersafety
impact of regulation of medical devices, 785–789
implementing on medical devices, 789
medical devices and, 781–783
shared responsibility for, 790–791
cybersecurity
addressing IoT threats, 767–768
building secure architecture, 762
changing nature of in cloud environments, 729
conducting information correlation and analysis, 769–770
cybercrime, cyber espionage, hacktivism, and advanced persistent threats, 757–759
detecting threats, 765–767
four tenants of, 790
frameworks and standards in systematic approach, 760–761
HITECH Act prioritizing PHI, 9
isolating threats, 764–765
maintaining current environment, 762–763
managing privileges, 763–764
monitoring activity, 768–769
penetration tests, 772–774
red teaming activities in testing readiness, 774–775
review Q & A, 775–778
staying abreast of threats, 759–760
testing for vulnerabilities, 770–772
thinking like a bad guy, 756
threats, 753–755
thwarting exploits, 764
Cybersecurity Framework for Healthcare (CSF), 761
Cybersecurity Information Sharing Act (CISA), 759
cyberterrorists, 784
CybOX (Cyber Observable eXpression), 759
D
daily (full) backups, 97
DAM (database activity monitoring), 768–769
DAST (dynamic application security testing), 766
data
analytics. see big data and data analytics
breaches, 146
communication rooted in telecommunications/computer science, 169
criticality analysis, 383, 686
explosion of HIT and, 4–6
filtering, 602–604
integrity issues, 146
interoperability and sharing, 6–7
maintaining permanently with storage components, 95
masking (obscuring), 148
migration in EHRs, 521–523
OLTP vs. DW, 151–152
precision medicine research, 396–397
privacy controls, 149
signals and, 175–176
standards. see data standards
status, categorizing DWs, 155
technological advances in entry of clinical, 311–312
technology for seamless data entry, 605
working with usability testing, 299
XML simplifying sharing of, 122
data centers
assessing security risks of your organization, 710
physical safeguards for access to, 697
data communication concepts
addressing in data networks, 177–178
connectivity, 171–172
data and signals, 175–176
digitization, 176
models, 172–174
protocols, 174–175
throughput, 176
World Wide Web as network application, 179–180
Data Control Language (DCL) statements, 136
Data Definition Language (DDL) statements, 136
Data Encryption Standard (DES), 707–708
data flow diagram (DFD), structured systems analysis, 216
data link layer (Layer 2)
network switches at, 194–195
OSI/internet communication models, 173
data loss prevention (DLP), thwarting cybersecurity exploits, 764
Data Manipulation Language (DML) statements, 136
data mining (DM)
applications of, 159–160
Q & A, 162–165
understanding, 157–159
data modeling, 572–573
data preprocessing phase, data mining, 157–158
data standards
access control languages, 365–366
additional study, 338–339
business value of, 333
C++ language with international, 117
challenges and future issues of HIT, 314–315
clinical information, 80
computable privacy, 400–402
content and structure standards, 329–331
coordination and interoperability standards, 331–333
design and implementation of healthcare IT UIs, 313
development process for, 324–325
expansion in HIT requiring new, 4–6
health data interchange and transport standards, 326–327
HIT network complexity requiring new, 6–7
interoperability safeguards, 656
introduction to, 323–326
lacking for PHRs, health social media, 425
medical ethics, 353
modeling workflows for professional practice, 243–246
overview of, 323–324
Project Management Institute, 265–267
Q & A, 334–337
role in EHR implementation, 183–184
security standards, 331
security technology safeguards, 657–659
vocabulary and terminology standards, 328
data types, HL7, 202–203
data warehouses. see DW (data warehouses)
database activity monitoring (DAM), 768–769
database management system (DBMS), 135
database models (schemas), 135
database servers, 103
databases, healthcare
administration, 145–146
application development process, 137–140
application implementation, 140–145
basics, 135–136
overview of, 133
permissions, 350
Q & A, 162–165
security, 146–149
useful applications for, 134
DaVinci system, technological advances in HIT, 312
DBMS (database management system), 135
DCL (Data Control Language) statements, 136
DDL (Data Definition Language) statements, 136
DDOS (distributed denial-of-service) attacks, 684, 767–768
death registry, public health department, 77
deductibles, in structure of health insurance, 50–51
deep learning on the fly, by care-delivery teams, 595
degaussing electronic media, 708–709
delimiters, PDU, 175
delivery, healthcare
communities engaged in, 593–597
coupling payment reform with innovation in, 62–63
incorporating pharmacogenomics/genomics in, 623
mechanisms used for telehealth, 629–630
organizations in U.S. for, 22–26
Public Health Service Act of 1944 leading to system of today, 450
types of settings for, 33–35
venues for, 26–29
via personal caregiver networks, 596–597
via person-centric communities, 593–594
via professional care-delivery teams, 594–596
delivery, HIT training program
methods of, 543–544
multimedia as method of, 546–547
denial-of-service (DOS), 684, 767–768
dentists, certification/accreditation, 35
department DW (or data mart) model, 153, 155
Department of Defense. see DoD (Department of Defense)
Department of Health and Human Services (HHS). see HHS (Department of Health and Human Services)
Department of Justice. see DOJ (Department of Justice)
Department of the Treasury, 419–420
Department of Veterans Affairs. see VA (Department of Veterans Affairs)
deprovisioning user accounts, 344–345
DES (Data Encryption Standard), 707–708
descriptive metadata, specific to HIEs, 362
design
OLTP vs. DW objectives of, 151
training program for HIT implementation, 542–545
desktop support technician
escalation of issues to HIT specialists, 106–107
role, 104
SDLC phase of, 104–105
troubleshooting by, 105–106
device configuration
checking information, 186–187
in end-to-end network, 184–186
overview of, 184
devices, standards for physical safeguards, 650
DFD (data flow diagram), structured systems analysis, 216
DHCP (Dynamic Host Configuration Protocol)
device configuration via, 184
IP address assignment, 177–178
diabetes
chronic care required for, 32
measures of, 562–563
patient education for, 32
diabetes apps, mobile devices, 594
diagnosis-related groups (DRGs), Medicare Part A, 55
diagrams
OO systems analysis and design, 217–220
process map or workflow, 252–255
workflow mapping tools, 248–252
diagrams, SDLC
data flow, 216
entity relationship, 216–217
requirements analysis report, 215–216
sequence, 222–223
structure chart, 221–222
diastolic value
in measuring blood pressure, 560
standardizing value sets, 573
DICOM (Digital Imaging and Communications in Medicine), 327, 494
diet and nutrition apps, mobile devices, 594
differential backups, 97
differentiation, adaptive learning via, 552
diffusion of innovations (Rogers’ theory), 517
digital certificates, for identity protection, 343
digital health footprints, care-delivery teams and, 595
Digital Imaging and Communications in Medicine (DICOM), 327, 494
digital input, to healthcare computer systems, 91
Digital Linear Tape (DLT), 96
digital nannies, remote monitoring via, 596
digital pad, 90–91
digital radiology (DR), 494
digital TVs, as output devices, 92
digitization, data communication and, 176
DIGITizE ( Displaying and Integrating Genetic Information Through the EHR) project, 622
Director of National Intelligence (DNI), 420
direct-sequence spread spectrum (DSSS), 189
disaster recovery plan, HIPAA, 383
disclosure
incidental, 716
protecting against impermissible, 722
discovery. see also e-discovery process
vs. admissibility, 433
data loss prevention and, 764
incident reports and, 436–437
paper-based vs. electronic medical records in, 431–432
scope and procedures of e-discovery process, 437–442
disease and treatment management apps, mobile devices, 594
disease screening/diagnosis, 619
disease susceptibility, 619
disorders, lifestyle-related, 599–601
Displaying and Integrating Genetic Information Through the EHR (DIGITizE) project, 622
displays. see monitors
disposal
determining level and type of destruction, 709
for devices/media, 384
secure electronic media, 708–711
distributed cognition, and HCI, 307–308
distributed denial-of-service (DDOS) attacks, 684, 767–768
distributed DW model, 154
distributed environments, Java, 119
distributed system management, 112–113
distributed WLAN controllers, 198
district judges, 424
DLP (data loss prevention), thwarting cybersecurity exploits, 764
DLT (Digital Linear Tape), 96
DM (data mining)
applications of, 159–160
Q & A, 162–165
understanding, 157–159
DML (Data Manipulation Language) statements, 136
DNI (Director of National Intelligence), 420
DNS (Domain Name System), 178
doctype declaration, HTML, 120–121
document imaging, for input to healthcare computer systems, 91–92
documentation
Banner Health system, 511
requirements analysis in SDLC, 215–220
risk-management process, 674–675, 682–683
standards for EHRs, 521
DoD (Department of Defense)
accelerated learning with virtual reality, 592
AI psychiatrist developed by, 607
information security workforce competency, 732
Million Veteran Program, 397
physical safeguards for badges, 698–700
DOJ (Department of Justice)
under authority of U.S. president, 413
powers as administrative legislative agency, 421–422
U.S. Attorney General as head of, 420
Domain Name System (DNS), 178
domains, metadata specific to HIEs, 362–363
domains, risk analysis
application and data criticality, 686
privacy, 686–687
safety, 687–688
security, 683–686
door locks, in facility security, 701
“door-to-balloon” time, Lean methodology decreasing, 247
DOS (denial-of-service) attacks, 684, 767–768
downtime
operational safeguards mitigating, 719
procedures in EHRs, 528
DR (digital radiology), 494
DRGs (diagnosis-related groups), Medicare Part A, 55
drivers, hardware, 98
drones, gap in healthcare and, 607
Drucker, Peter, 265
drugs. see medications
dry-chemical fire suppression systems, 702
DSSS (direct-sequence spread spectrum), 189
due care
defined, 716
operational safeguards related to, 715–716
risk assessment and, 721
due diligence
business agreements, 653
defined, 716
operational safeguards related to, 715–716
physical protection and data isolation, 651
protection for healthcare in cloud, 730
risk assessment and, 721
DVD optical disks, 96
DW (data warehouses)
life cycle, 156–157
models, 152–155
OLTP vs., 150–152
Q & A, 162–165
understanding data warehouses, 149–150
dyadarity, buffers for staging information inbound/outbound, 604–605
dynamic application security testing (DAST), 766
dynamic digital handshakes, 590
dynamic DW model, 155
Dynamic Host Configuration Protocol (DHCP)
device configuration via, 184
IP address assignment, 177–178
dynamic IP addressing, 177–178
E
earned-value analysis, in project evaluation, 287–289
ECC (error-correcting code) RAM, 101
Echo open source platform, Amazon, 590
ecosystem, securing medical device, 790–791
eCQI (Electronic Clinical Quality Improvement), 569
eCQMs (electronic clinical quality measures)
enabling, 571–572
quality measures, 569
EDI (electronic data interchange) standards, 326–327
e-discovery process
concept of relevancy in rules of, 447
relationship between ROI process and, 444–446
scope and procedures of, 437–442
standards lacking for, 429
EDRM (Electronic Discovery Reference Model), 441
EDs (emergency departments)
acute care delivered via, 27–28
EHR workflow development, 524
maintaining statewide trauma registry, 77
uncompensated care in, 59
education. see also learning
closing gap via technology in, 601
of healthcare professionals, 33–35
patient, 32
telehealth providing medical, 629
using healthcare databases for, 134
EDW (enterprise DW) model, 153, 155
eFMAP (enhanced federal medical assistance percentage), 57–58
eHealth Exchange (“Exchange”), 332–333
EHR Incentive Program
for Eligible Professionals, 400
established by CMS, 395–396
further regulatory modifications to, 402–403
implementation of. see communication initiatives, HIT
MACRA implementing interoperability, 398
role of federal agencies in, 476–477
widespread adoption of EHRs via, 465
EHRs (electronic health records)
availability critical to, 744–745
Banner Health system, 510–511
barriers to mobile devices, 626
benefits of, 487
challenges in enabling quality measures, 571–572
change management, 517–518
data migration, 521–523
data modeling methods, 572–573
defining quality measures, 558–559
desktop technician and, 104–105
as difficult witness in court of law, 427
documentation standards, 521
downtime procedures, 528
Emory Healthcare, 511–514
go-live impact on physician scheduling, 526–527
go-live metrics, 531–533
go-live support, 528–531
governance, 514–517
healthcare IT beginning with adoption of, 465
HIT support for reform in use of, 8
HITECH Act and, 753
implementation of. see communication initiatives, HIT
implementing in cloud, 161
increasing volume of, 9
IT volume challenge of genetics/genomics in, 620–621
life cycle of HIT implementation/organizational change, 234–237
meaningful use incentive program, 73, 640
meaningful use privacy/security measures, 733–734
meaningful use standards, 36
measuring blood pressure, 561
measuring diabetes, 562–563
monitoring activity, 768
necessary components in, 622–623
non-EHR HIT systems. see HIT, in non EHR systems
ONC regulations for, 38
orders catalog and order sets, 520–521
for organization transformation, 510
outbound communication, 204
overview of, 509–510
payment based on effectiveness of outcomes, 640
product and team selection, 519
project management, 518–519
quality measurement expectations, 567–570
quality measures, 403–404
references, 536–537
retooling vs., creating quality measures de Novo, 574–575
review Q & A, 534–536
storing data in client-server systems, 98
testing, 525
training, 526
trends/what to expect in future, 80–81
using healthcare databases for, 134
workflow development, 522–524
workflow policies, 524–525
EHRs (electronic health records), as evidence
coming together of laws, rules, and regulations, 442–449
Federal Rules of Evidence (FRE), 433–436
incident report privilege, 436–437
medical records, 424–430
medical records in litigation/regulatory investigations, 431–433
new era in health information infrastructure, 450–452
overview of, 411–412
as patient’s legal medical record, 424
review Q & A, 452–458
scope and procedures of e-discovery process, 437–442
sources and structures of U.S. law. see U.S. government branches
standards for records management/evidentiary support, 430–431
E-iatrogenesis, patient harm from healthcare IT, 726–727
EICU (electronic intensive care unit)
clinical non-EHR systems, 490
patient monitoring, 499–500
EIP (Emerging Infections Program), CDC, 39
e-learning course management systems, 551
electrical power backup, 702, 703
electromagnetic spectrum (radio waves), 187, 188–190
Electronic Clinical Quality Improvement (eCQI), 569
electronic clinical quality measures (eCQMs)
enabling, 571–572
quality measures, 569
electronic data interchange (EDI) standards, 326–327
Electronic Discovery Reference Model (EDRM), 441
electronic health records. see EHRs (electronic health records)
electronic intensive care unit (EICU)
clinical non-EHR systems, 490
patient monitoring, 499–500
electronic media
EHR implementation via expanding world of, 475–476
mobile device end of life challenges, 782
physically securing/preserving, 703–706
secure disposal of, 708–709
electronic medical records. see EMRs (electronic medical records)
Electronic Medical Records and Genomics (eMERGE) network, 622
e-mail, securing e-mail gateways, 767
eMERGE (Electronic Medical Records and Genomics) network, 622
emergency. see also EDs (emergency departments)
care, 31
gap in drones and healthcare, 607
HIPAA Security Rule contingency plan, 383
HIPAA Security Rule for access procedures, 385
medical emergencies, 607
preparedness. see public health/emergency preparedness/surveillance
Emergency Medical Treatment and Labor Act, 59
Emerging Infections Program (EIP), CDC, 39
Emory Healthcare
go-live coaches, 529
go-live impact on physician scheduling, 527
governance at, 516–517
overview of, 511–514
partnering with Cerner Corporation, 519
provider go-live metrics, 531–532
strategic initiative, 514
empathy
gap in evidence-based virtual care and, 605
optimizing human-machine interface via, 591
using technology to close gap in, 598–599
employer-sponsored health insurance, 53–54
EMRs (electronic medical records)
desktop technician and, 104–105
as digital version of patient’s paper chart, 424
vs. paper-based records in discovery, 431–432
storing data in client-server systems, 98
encryption
implementing, 707–708
interoperability safeguards, 656
as physical safeguard, 706–708
security technology safeguards, 659, 661
technical database security via, 147–148
end-of-life (EOL) challenges, mobile devices, 782
endpoint protections, data loss prevention (DLP), 764
end-to-end network, device configuration, 184–187
Enforcement Interim Final Rule, HIPAA, 389
Enforcement Rule, HIPAA: 45 CFR Part 160, 389–390
engineering
medical device regulations for, 785–786
usability, 298–303
enhanced federal medical assistance percentage (eFMAP), 57–58
enterprise DW (EDW) model, 153, 155
enterprise resource planning (ERP), 490, 501
enterprise systems, non-EHR HIT systems, 491–492
enterprise to enterprise level processes, 238–239
entity relationship diagrams (ERDs), 138–139, 216–217
entity relationship model (ERM), 138–139
environmental controls, securing facility, 701–703
environmental disruption gap, closing via technology, 601–602
EOL (end-of-life) challenges, mobile devices, 782
EOP (Executive Office of the President), 413
episode-based payment, 55, 61–65
ERDs (entity relationship diagrams), 138–139, 216–217
ERM (entity relationship model), 138–139
ERP (enterprise resource planning), 490, 501
error-correcting code (ECC) RAM, 101
errors, technology-induced, 303
espionage, cyber espionage, 757
Ethernet (IEEE 802.3)
hubs, 193–194
ethics
access control due to medical, 353
incorporating into policies, 360
medical field firmly grounded in, 641–642
ETL (extracts, transforms, and loads) data, data warehouses, 150
evaluation
HIPAA Security Rule for, 383–384
as operational safeguard, 652, 725
program, 550
training, 549
evaluation reviews, project management, 287
evidence
disorders of lifestyle and gap between behavior and, 599–600
EHR as. see EHRs (electronic health records), as evidence
evidence-based clinical practice, 564–565
evidence-based medicine, 40–41
evidence-based virtual care, 605
Federal Rules of Evidence. see FRE (Federal Rules of Evidence)
standards for medical records supporting, 430–431
execution phase, project management, 285–286
executive branch, U.S. government, 413–414
executive leadership, governance of EHRs, 514–515
Executive Office of the President (EOP), 413
executive orders, of U.S. president, 414
exploits, thwarting cybersecurity exploits, 764
exponential technology, harnessing, 608
Extensible Access Control Markup Language (XACML), 365–366
Extensible Markup Language. see XML (Extensible Markup Language)
external communications, in project management, 270
external directories, user accounts, 345
external drives, physically securing/preserving, 705
extracts, transforms, and loads (ETL) data, data warehouses, 150
F
face-to-face learning, designing educational HIT training, 543
facilities
access control devices, 698–700
access to servers, offices and data closets, 674–676
assessing security risks, 709–710
building secure systems, 700–704
environmental controls, 701–703
HIPAA access control rule, 384
monitor placement, 695–696
securing/preserving electronic media, 703–706
facility directory, uses/disclosures of PHI, 377
failover, high-reliability systems, 748
failure modes and effects analysis (FMEA), 687–688, 746
failure modes, effects, and criticality analysis (FMECA), 746
false-positive results, medical screening, 30
family history, in EHRs, 622–623
FAQs, Office for Civil Rights, 444
Fast Healthcare Interoperability Resources. see FHIR (Fast Healthcare Interoperability Resources)
fault tolerance
high-reliability healthcare systems, 748
of server, 101
fax machines, safeguards for placing, 695
FBI (Federal Bureau of Investigation), 420–421
FCC (Federal Communications Commission), 624
FDA (Food and Drug Administration)
on cybersecurity risks of medical devices, 646
description of unit dose, 496
health regulatory body, 38–39
legislative branch of U.S. government, 419
medical devices, regulatory background, 785–787
medical devices, regulatory changes, 787–789
precision medicine research of, 397
regulating medical devices, 746–747
feasibility study, planning phase of SDLC, 211
Federal Bureau of Investigation (FBI), 420–421
federal commissions, U.S. president appointing heads of, 413
Federal Communications Commission (FCC), 624
federal court system, structure/function of, 422–423
federal healthcare agencies, role in EHR implementation, 476–477
federal medical assistance percentage (FMAP), 56–58
Federal Policy for the Protection of Human Subjects (aka the Common Rule), 654
federal poverty level (FPL), 56, 57–58
Federal Rules of Evidence. see FRE (Federal Rules of Evidence)
Federal Trade Commission (FTC), powers of, 418–419
Federally Qualified Health Center (FQHC), 29, 63
federated identity, HIE access control via, 363–365
feedback, program evaluation via, 550
FFS (open access/fee-for-service)
as insurance product, 52
Medicaid reimbursement via, 54–56
FHIR (Fast Healthcare Interoperability Resources)
challenges in enabling quality measures, 572
RIS interface with EHR system, 495
FHIR (Fast Healthcare Interoperability Resources) standard
aligning to Quality Data Model, 403–404
content/structure for healthcare data, 6–7, 330
identity proofing, 344
interoperability safeguards, 656
working with HL7 v3, 204
FHSS (frequency-hopping spread spectrum), Bluetooth, 191
fields (columns), relational database, 135
fields, PDU, 175
file servers, 103
File Transfer Protocol (FTP), mobile devices, 625
finance systems, non-EHR HIT systems, 501–502
fingerprinting, data loss prevention and, 764
fire suppression system, 702
firewalls
configuring, 199
isolating threats, 765
maintaining current environment, 763
purposes of, 198
technical database security via, 148
types of, 198
fitness apps, mobile devices, 594
fixed-priced “episode-based” payment, Medicare Part A, 55
FK (foreign key) column(s), relational databases, 135
flash drives, securing/preserving, 704
float activities, project scheduling, 281–282
FMAP (federal medical assistance percentage), 56–58
FMEA (failure modes and effects analysis), 687–688, 746
FMECA (failure modes, effects, and criticality analysis), 746
Food and Drug Administration. see FDA (Food and Drug Administration)
FoodNet surveillance, CDC, 39
for profit hospitals, 24
foreign key (FK) column(s), relational databases, 135
formal communications, project management, 270
formats, scanned images, 92
foundational interoperability, 398
fourth-generation (4G) wireless, 624
FPL (federal poverty level), 56, 57–58
FQHC (Federally Qualified Health Center), 29, 63
frames, as data link PDU, 174
frameworks
privacy, security, and confidentiality. see privacy, security, and confidentiality framework
security frameworks and standards, 760–761
trust. see trust framework, HIT
fraud
database security issues, 146
FBI combatting healthcare, 420–421
Health Care Fraud and Abuse Control Program, 421
Health Care Fraud Prevention and Enforcement Action Team, 421–422
Office of Inspector General combatting healthcare, 420
FRE (Federal Rules of Evidence)
hearsay rule, 434
hearsay rule exceptions, 434–435
overview of, 433–434
physician-patient privilege, 435–436
frequency-hopping spread spectrum (FHSS), Bluetooth, 191
FTC (Federal Trade Commission), powers of, 418–419
FTP (File Transfer Protocol), mobile devices, 625
functional requirements, analysis phase of SDLC, 212
G
GA4GH (Global Alliance for Genomic Health), 606
Gagne’s nine events for learning, 542–543
game-based learning
multimedia as method of delivery in HIT training, 546–547
for teen and adult learners, 545
gateway routers, 184
gateways, securing e-mail and web gateways, 767
GDP (Gross Domestic Product), 35–36
Geisinger Health System, 62
Gemba, understanding workflow processes, 243
generators, backup, 702
genetics
challenge of monitoring, 621–622
defined, 618
influence across continuum of care, 7
innovations impacting HIT, 618–619
necessary components in EHRs, 622–623
throughout healthcare continuum, 619
Genome.gov toolkit, 622
genomics
defined, 618
explosion of HIT and, 4
gap in science vs. application of, 606–607
innovations impacting HIT, 618–619
institutions pushing advances in, 627
IT volume challenge of monitoring, 621–622
mobile devices and, 627
necessary components in EHRs, 622–623
need to store large amounts of data, 101
potential of unauthorized disclosure in, 645
struggle to define HIPAA record set/relevance in, 449
throughout healthcare continuum, 619
geolocation data, healthcare IT for public health, 79–80
Gibson, William, 599
GIF (Graphics Interchange Format), scanned images, 92
Global Alliance for Genomic Health (GA4GH), 606
Global Alliance for Genomics and Health projects, 622
global network
Internet as, 170
voice network as first, 170
global warming, health effects of, 598–599
GNU Privacy Guard (GPG), 625
gold standard testing, 30
go-live
coaches, 529–530
communications, 530–531
impact on physician scheduling, 526–527
metrics, 531–533
support, 528–529
Good Manufacturing Practices, FDA, 786
Google Glass, wearable computers, 100
governance
at Banner Health, 516
clinical stateholders, 516
EHR implementation and oversight of, 467–469
in EHRs, 514
at Emory Healthcare, 516–517
executive leadership, 514–515
information management council as operational safeguard, 720
leveraging existing structures, 515
multidisciplinary participation, 515–516
rules for effective, 469–470
government functions, HIPAA Privacy Rule for, 379
GPG (GNU Privacy Guard), 625
GPUs (graphical processing unit), 94
Grand Theft Auto, desensitization of players, 599
graphic representation, mapping workflow via, 248–249
graphical processing unit (GPUs), 94
graphical user interfaces (GUIs), 309
Graphics Interchange Format (GIF), scanned images, 92
Gross Domestic Product (GDP), 35–36
group practices
increased overhead of operating, 22
U.S. healthcare delivery via, 22
using healthcare databases for, 134
groups, user roles within EHR, 351
guest access, via wireless networks, 188
Guide for Conducting Risk Assessments: Information Security (NIST), 672
GUIs (graphical user interfaces), 309
H
.h (associated header files), in C language, 113
hacktivism, 757
HAIC (Healthcare Associated Infections-Community Interface) projects, CDC, 39
Hammond v. Saini, 436
HAN (Health Alert Network), 78
handwriting recognition, input devices with, 91
hard disk devices (HDDs), as storage components, 95
hardening, maintaining current environment, 762–763
hardware
HIPAA Security Rule for, 384
HIT computer. see computer hardware/architecture for HIT
horizontal and vertical scaling of, 102
mHealth wireless technologies/standards, 624
securing facility, 700
securing network, 694–695
HCFA (Health Care Financing Administration), 417
HCI (human-computer interaction). see also human-machine interface
in healthcare, 305–306
UI design and human cognition, 306–309
usability engineering to improve, 298
HDDs (hard disk devices), as storage components, 95
HDHPs (High-Deductible Health Plans), as insurance product, 53–54
HDMI (High-Definition Multimedia Interface) ports, 94
HDMI (High-Definition Multimedia Interface) ports, transferring uncompressed data, 94
<head> tag, HTML, 120–121
Health Alert Network (HAN), 78
health alerts, 78
Health and Human Services (HHS). see HHS (Department of Health and Human Services)
Health Care Financing Administration (HCFA), 417
Health Care for the Homeless Centers, 29
Health Care Fraud and Abuse Control Program, HIPAA, 421
Health Care Fraud Prevention and Enforcement Action Team (HEAT), 421
health data interchange and transport standards, 326–327
health data standards. see data standards
health information exchanges. see HIEs (health information exchanges)
health information infrastructure, 450–452
Health Information Management and Systems Society. see HIMSS (Healthcare Information Management Systems Society)
Health Information Management (HIM)
documentation and notes hierarchy, 521
role of federal agencies in EHR implementation, 446–447
health information technology. see HIT (health information technology)
Health Information Technology for Economic and Clinical Health Act. see HITECH (Health Information Technology for Economic and Clinical Health) Act
health insurance
ACA. see ACA (Affordable Care Act)
Centers for Medicare and Medicaid Services, 417
commercial (private), 53–54
Department of Health and Human Services, 416
effects of uncompensated care on, 59
marketplace, 416–417
Medicaid, 56–58
Medicare, 54–56
nature of, 50
paying for healthcare, 49
products, 52–53
structure of, 50–51
trends/reforms in, 60
in U.S., 51–52
Health Insurance Portability and Accountability Act. see HIPAA (Health Insurance Portability and Accountability Act)
Health IT Workforce Development Program, subsidizing adoption of HIT in U.S., 10–11
Health Level Seven International standard. see HL7 (Health Level Seven International) standard
Health Maintenance Organizations. see HMOs (Health Maintenance Organizations)
health mentor (provider) avatars
optimizing design by eliciting empathy, 590–591
technology opportunities for innovation and, 589–590
health policy
computable privacy, 400–402
EHR incentive and certification programs, 402–403
interoperability, 398
linkage between, 395–396
new payment models, 398–400
Precision Medicine Initiative, 396–398
quality measures, 403–404
review Q & A, 404–407
Health Quality Measure Format (HQMF), 569–570
Health Savings Accounts (HSAs), 53–54
health services research, for evidence-based medicine, 40
health social media. see social media
healthcare
accelerating learning, 592
access control across systems, 348–350
adoption of EHRs, 465
architectural safeguards, 746
authentication for system interoperability, 345–348
combatting fraud, 420–421
content/structure for healthcare data, 6–7, 330
credentials/training/education in managing information, 12
databases. see databases, healthcare
delivery. see delivery, healthcare
developing user interfaces, 312–313
emerging trends, 729–734
high-reliability systems, 747–749
HIT measuring value of, 9–10
HIT role in continuum of, 7–8
human factors in, 305–306
implementing IT in, 473
information management. see HIMSS (Healthcare Information Management Systems Society)
innovations impacting HIT. see innovations in healthcare, impacting HIT
input options, 90–92
legal environment, 373
major structural changes in healthcare industry, 639–640
networks/networking. see networks/networking
operational safeguards, 726–729
outcomes. see outcomes, healthcare
participants in reforming, 470–472
paying for. see paying for healthcare
privacy and safety of data, 341–342, 641
promoting competition in, 418–419
quality measurement, 403–404
refrain policies applies to healthcare information, 360
regulatory changes, 415–416
risk management, 673
terminal emulation in healthcare enterprises, 366
usability testing, 298–300
value-based, 593
visualizing healthcare data, 310–312
Healthcare Associated Infections-Community Interface (HAIC) projects, CDC, 39
Healthcare Effectiveness Data and Information Set (HEDIS) metrics, 60–61
healthcare professionals
care-delivery teams, 594–596
preparing critical mass of HIT, 10–11
use of mobile devices, 594
healthcare providers, medical device risk management, 792–794
healthcare systems, U.S.
delivery organizations and management structures, 22–26
overview of, 21
reform and quality, 35–37
regulatory and research organizations, 37–41
review, Q & A, 41–44
types of healthcare, 30–33
types of healthcare professionals, 33–35
venues, 26–29
HealthVault, Microsoft, 102, 161
Healthy People 2020, 73
hearsay rule
exceptions to, 434–435
Federal Rules of Evidence for medical records, 434
incident reports may be inadmissible as evidence under, 437
heart and circulatory apps, mobile devices, 594
heart hospitals, as specialty hospitals, 24
HEAT (Health Care Fraud Prevention and Enforcement Action Team), 421
heating, ventilation, and air conditioning (HVAC), 701
HEDIS (Healthcare Effectiveness Data and Information Set) metrics, 60–61
heuristic evaluation, for usability inspection, 300–303
HHS (Department of Health and Human Services)
under authority of U.S. president, 413
CMS operating as part of, 417
implementing EHR systems in cloud, 161
Office for Civil Rights, 417
Office of Inspector General as part of, 420
overseeing PHI breaches, 718
powers as administrative legislative agency, 416–417
quality measurement, 567
role in EHR implementation, 476
HIEs (health information exchanges)
access control for, 342
access control information, 360–362
ARRA and ACA promoting, 73
enforcement of access controls in, 358–359
first rule of access control in, 359
Integrating the Healthcare Enterprise (HIE) for, 332
metadata, 362–363
operational safeguards in emerging healthcare trends, 731
overview of, 357–358
policy negotiation, 360
push vs. pull in, 358
second rule of access control in, 359–360
SNOMED CT supporting, 330
user identity in, 363–365
via eHealth Exchange, 332–333
High-Deductible Health Plans (HDHPs), as insurance product, 53–54
High-Definition Multimedia Interface (HDMI) ports, 94
HIM (Health Information Management)
documentation and notes hierarchy, 521
role of federal agencies in EHR implementation, 446–447
HIMSS (Health Information Management and Systems Society)
on information security as business priority, 651–652
Risk Assessment Toolkit, 722
HIMSS (Healthcare Information Management Systems Society)
awarding CAHIMS certification, 4
HIT project management, 267
role in HIT credentials/training/education, 12
survey of compensation for nursing informatics certifications, 11
survey on use of HIT, 11
HIPAA (Health Insurance Portability and Accountability Act)
21st Century Cures Act of 2016 and, 418
basic definitions of, 717
Breach Notification Rule, 386–389
concept of legal health record, 446–449
Enforcement Rule, 389–390
federal scheme for privacy/security of PHI, 443–444
Health Care Fraud and Abuse Control Program, 421
healthcare legal environment and, 373
HITECH amendments to Privacy/Security Rules, 640
meaningful use privacy and security measures, 733–734
medical records used as evidence under, 429
Office for Civil Rights oversight of, 417
operational safeguards and, 716
overview of, 374–376
precision medicine research and, 397
privacy consent and, 355
Privacy Rule. see HIPAA Privacy Rule
protected health information legislation, 400
public health departments, 78–79
rules/policies for expanding world of media, 475–476
security frameworks and standards, 760–761
Security Rule. see HIPAA Security Rule
X12N standards in, 327
HIPAA Breach Notification Rule, 386–389, 419
HIPAA Omnibus Final Rule
defined, 717
determining risk of exposure, 725
protection for healthcare in cloud, 730
HIPAA Privacy Rule
authorization requirements, 377–378
avert serious threat to safety, 378
BA contracts, 377
consent, 377
covered entities. see CEs (covered entities)
defined, 717
disclosure for specialized government functions, 379
HITECH amendments, 640
minimum/necessary, 377
notice of privacy practices, 380
operational safeguards, 651–655
overview of, 376
patient privacy rights, 380
privacy and security policies and procedures, 380
privacy official and security official, 380
release without consent or authorization, 378
sanction, 380
standard safeguards, 380
use of limited data set, 379
uses/disclosures, 377
workforce training, 380
HIPAA Security Rule
administrative safeguards, 381–383
Automated Toolkit for, 722
codes for implementation specification, 381
cybersecurity and, 754–755
defined, 717
HITECH amendments, 640
NIST CSF as basis of, 761
operational safeguards, 651–655
physical safeguards, 384–385
technical safeguards, 385–386
HIS (hospital information systems), 520–521
HIT (health information technology)
data sharing standards/interoperability, 6–7
department goals, 488
education/credentials/training, 12–15
evolution of, 3–4
explosion of, 4–6
increasing volume of EHRs, 9
IT departments engaging in healthcare reform, 472
life cycle of major implementation/organizational change, 234–237
measuring value of healthcare, 9–10
in organization transformation, 510
project management. see project management
review Q & A, 16–18
role in continuum of healthcare, 7–8
team members, 488–489
testing new clinical processes via simulation, 246–247
trust framework. see trust framework, HIT
workforce for, 10–11
HIT, in non EHR systems
application data interchange systems, 504
challenges, structures, and roles, 488–490
clinical and nonclinical systems, 490–491
clinical decision support systems, 503
enterprise resource planning systems, 501
enterprise systems, 491–492
finance and operations systems, 501–502
lab systems, 498–499
overview of, 487
patient monitoring systems, 499–500
patient relationship management systems, 503
pharmacy systems, 496–498
radiology systems, 494–495
references, 507–508
review Q & A, 504–507
speech recognition systems, 495
supply chain systems, 500
vendor systems for acquisition, installation, and maintenance of HIT, 492–493
working with enterprise systems, 491–492
HIT Policy and Standards Committees, 184
HITECH (Health Information Technology for Economic and Clinical Health) Act
amendments to HIPAA Privacy/Security Rules, 640
ARRA advancing meaningful use for EHRs, 73
Certified Electronic Health Record Technology (CEHRT), 768
cybersecurity and, 753
defined, 717
EHR certification/“meaningful use” incentive, 640
enforcing HIPAA compliance, 716
expanding HIPAA Privacy Rule, 443
HIPAA Enforcement Rule, 389–390
impact on EHR, 509
increasing volume of EHRs, 8–9
major structural changes in healthcare industry, 639–640
meaningful use standards, 36, 297
measuring value of healthcare, 9–10
Office of the National Coordinator for Health IT mandated by, 417–418
overview of, 374–376
prioritizing cybersecurity, 9
subsidizing adoption of HIT in U.S., 10
widespread adoption of EHRs, 465
HITSC (Health IT Standards Committee), 331–332
HL7 (Health Level Seven International) standard
challenges in enabling quality measures, 572
content and structure for healthcare data, 330
detecting intrusions, 766
EHR outbound communication, 204
FHIR standard for interoperability, 6, 204
identity proofing, 344
interoperability safeguards, 656
quality measures, 569
RIS interface with EHR system, 495
standards development organization for EHR, 430–431
transmission of healthcare data, 201
version 2, 201–202
version 3, 202–204
HLI (Human Longevity, Inc.), 627
HMO Act, 1973, 22–23
HMOs (Health Maintenance Organizations)
as insurance product, 52
percentage of workers enrolled in, 54
U.S. healthcare delivery via, 22–23
home care agencies, 29
hospital information systems (HIS), 520–521
hospitals
acute care settings in, 27–28
ambulatory care centers at, 26
healthcare delivery via, 23–24
Medicare Part A covering, 54–55
patient education department in, 32
uncompensated care losses for, 59
hostname addresses
data networks, 178
in device configuration, 184
hotspots, mobile devices exchanging data via, 624
hotspotting, innovation by identifying, 593
House of Representatives, 414–415
HQMF (Health Quality Measure Format), 569–570
HSAs (Health Savings Accounts), 53–54
HTML (HyperText Markup Language)
ASP files can contain, 125
HTML5, 191
overview of, 120–122
WWW, 179
XML vs., 122
<html> element, 120–121
HTTP (Hypertext Transfer Protocol)
device configuration in end-to-end network, 185
mobile devices connected to Internet, 625
REST enabling communication via, 327
WWW, 179
HTTPS (HTTP Secure) protocol, 625
hubs
in sample network, 193–194
USB, 93–94
human data entry, 605
human factors
in healthcare, 305–306
as key component or dimension of HCI, 309
Human Longevity, Inc. (HLI), 627
human-computer interaction. see HCI (human-computer interaction)
human-machine interface
optimizing design by eliciting empathy, 590–591
technology opportunities for innovation and, 589
HVAC (heating, ventilation, and air conditioning), 701
hybrid cloud, 161
hypertension, measuring, 560–561
HyperText Markup Language. see HTML (HyperText Markup Language)
Hypertext Preprocessor (PHP), 126–127
Hypertext Transfer Protocol. see HTTP (Hypertext Transfer Protocol)
Hyper-V, Microsoft, 102
I
IaaS (Infrastructure as a Service)
cloud computing model in healthcare, 161
scaling out hardware via, 102
IAM (identity and access management). see access control
ICANN (Internet Corporation for Assigned Names and Numbers), 177
ICD (International Classification of Disease)
classifying mortality and morbidity, 328
healthcare IT for public health, 80
“Planning Organizational Transition to ICD-10-CM/PCS,” 474
WHO, 80
ICS-CERT medical device-specific warnings, 783
ICU (intensive care units), 499
ID (instructional design), 540
IDE (Integrated Drive Electronics) connectors, 95–96
ideation to innovation, in HIT, 588–589
identification, risk-management process
checklist example, 676
defined, 674–675
example, 673
overview of, 675
identity and access management (IAM). see access control
identity federation, as usability feature, 662–663
identity management/authorization
identity proofing, 343–344, 654
as operational safeguard, 720–721
overview of, 653–654
person and entity authentication, 660
identity theft, putting patient safety at risk, 645
IDF (intermediate distribution frame), safeguarding access to, 697
IDS (intrusion detection system)
conducting information correlation and analysis, 769–770
in database security, 148
detecting intrusions, 765–766
IDs, managing privileges, 763–764
IEEE (Institute of Electrical and Electronics Engineers) standards
802.3 standard. see Ethernet (IEEE 802.3)
1394 (FireWire) standard, 93
health data interchange, 327
IETF (Internet Engineering Task Force), 624–625
IGNITE (Implementing Genomics in Practice), 622
IHA (Integrated Healthcare Association), bundled payment system, 62
IHE (Integrating the Healthcare Enterprise), 332
IHS (Indian Health Service), 25
IHTSDO (International Health Terminology Standards Development Organization), 330, 572–573
IIS (Internet Information Services) server, ASP running inside, 124–126
IM (instant messaging), as peer-to-peer application, 180–181
imaging devices, use in healthcare organizations, 741–742
immunization registry, public health department, 76
implantable medical devices, vulnerabilities of, 783
implementation phase, SDLC
life cycle of major HIT change, 235–236
overview of, 224–226
success factors for clinical process change, 252–255
usability testing in, 300
Implementing Genomics in Practice (IGNITE), 622
implicit bias, closing empathy gap, 598–599
implicit deny rule, configuring firewalls, 199
IMT-Advanced (Advanced) technology, 624
IN1 (insurance) segment, HL7 v2, 202
in-basket workload, of care-delivery teams, 594–596
inbound data buffers, staging information, 604–605
incidental use, HIPAA, 716
incidents
HIPAA Security Rule for incident response plan, 383
medical device risk management, 790, 795
procedures for operational safeguards, 652, 725
protecting reports from discovery, 436–437
#include <stdio.h>, in C language, 113
incremental backups, 97
Independent Practice Associations (IPAs), 23
Indian Health Service (IHS), 25
individualization, adaptive learning via, 551
industry considerations, in EHR implementation, 474–478
infection prevention, keyboards/mice, 90
information
access control, 356–357, 360–362
buffers for staging information inbound/outbound, 604–605
clinical information standards, 80
communicating healthcare information, 180
correlation and analysis, 769–770
effective communications in projects, 270–271
exchanges. see HIEs (health information exchanges)
health information infrastructure, 450–452
health information technology. see HIT (health information technology)
Health Information Technology for Economic and Clinical Health Act. see HITECH (Health Information Technology for Economic and Clinical Health) Act
Healthcare Information Management Systems Society. see HIMSS (Healthcare Information Management Systems Society)
HIM (Health Information Management), 446–447, 521
HIPAA Security Rules, 382
HIS (hospital information systems), 520–521
LIS (laboratory information system), 498
mapping workflow processes via hierarchy, 237–242
other uses of medical record, 426
project execution and, 285
protected health information. see PHI (Protected health information)
radiology information system. see RIS (radiology information system)
regulatory standards/health information exchange, 183–184
ROI (release of information) process, 444–446
telehealth providing consumer medical/health, 629
verifying individual medical record, 425
information assurance policy, 649–650
information management council, as operational safeguard, 720
information security. see also operational safeguards; physical safeguards
awareness and training, 703
as business priority, 651–652
computer technology occupations, 11
cybersecurity and, 756
HIPAA regulations, 381–382
HIT trust framework, 647
HITECH, 754
NIST definitions, 672
ONC address risks, 640
operational safeguards, 651
operational safeguards as component of, 715–718
operational safeguards as integral to, 719
standards, 331
workforce competency, 731–732
Information Services (IS) departments, SLAs and, 183
Information Sharing Analysis Organization (ISAO):, 788
Information Systems Audit and Control Association (ISACA), 760
infrared tracking devices, 91
Infrastructure as a Service (IaaS)
cloud computing model in healthcare, 161
scaling out hardware via, 102
infusion system, pharmacy systems, 497
initiation phase, project
developing objectives via SMART, 275–276
overview of, 272
problem/vision/mission statements, 273–275
project charter and scope, 272–273
innovations in healthcare, impacting HIT
diffusion of innovations (Rogers’ theory), 517
genetics/genomics/pharmacogenomics, 618–623
mobile devices, 623–628
overview of, 617
review Q & A, 630–631
telehealth, 628–630
input devices
computer hardware, 90–92
connectors, 93–94
using technology to close gap in human data entry, 605
visualizing healthcare data using, 310–312
input/output (I/O) capabilities, of human experience and technology, 589–590
instance, XML documents, 122–123
instant messaging (IM), as peer-to-peer application, 180–181
Institute of Electrical and Electronics Engineers. see IEEE (Institute of Electrical and Electronics Engineers) standards
instructional design (ID), 540
instructional systems design (ISD), 540
instrument, scientific, and medical (ISM) band, 802.11 standards, 189
insurance. see health insurance
Integrated Drive Electronics (IDE) connectors, 95–96
Integrated Healthcare Association (IHA), bundled payment system, 62
Integrated Services Digital Network (ISDN), 170
integrated voice response (IVR), in pharmacy management, 496–498
Integrating the Healthcare Enterprise (IHE), 332
integration, of different networks into one, 170
integration testing, system design, 225
integrative medicine, 32–33
integrity
HIPAA Security Rule for PHI, 385
technical database security via integrity controls, 146–147
verifying individual medical records, 425
intensive care units (ICU), 499
interchange standards, health data, 326
intermediate distribution frame (IDF), safeguarding access to, 697
internal communications, project management, 270
internal directories, user account support, 345
Internal Revenue Code, powers of IRS, 419–420
Internal Revenue Service (IRS), 419–420
International Classification of Disease. see ICD (International Classification of Disease)
International Health Terminology Standards Development Organization (IHTSDO), 330, 572–573
International Organization for Standardization (ISO), 117, 332
international privacy and security, operational safeguards for, 731
International Telecommunications Union Radio communication Sector (ITU-R), 624
Internet
current technologies for HIT training, 547
emergence as global network, 170
explosion of HIT and complexity of, 4–6
five-layer communication model, 172–173
IPv4/IPv6 addresses on global, 177
mobile devices connected to, 624–625
modems, 187
server computers connected to, 101
Internet Engineering Task Force (IETF), 624–625
Internet Information Services (IIS) server, ASP running inside, 124–126
Internet of Things (IOT)
addressing threats, 767–768
closing learning/education/communication gap, 601
Internet Protocol Security (IPsec) suite, 662
interoperability
across healthcare systems. see access control
architectural safeguards for, 656
data standards required, 4–6
health policy and HIT, 398
of HIT systems, 113–114
network complexity requiring new standards for, 6–7
interpreted languages, 111–112
interviews, requirements analysis in SDLC, 214–215
intrusion detection system. see IDS (intrusion detection system)
intrusion protection system. see IPS (intrusion protection system)
I/O (input/output) capabilities, of human experience and technology, 589–590
IOD data filtering and analytics, for continuous learning, 602–603
iOS, Swift language for mobile apps on, 128
IOT (Internet of Things)
addressing threats, 767–768
closing learning/education/communication gap, 601
IP addresses
address resolution, 178
building secure architecture, 762
data networks, 177
in device configuration, 184–187
mapping via NAT, 196
IPAs (Independent Practice Associations), 23
IPCONFIG /ALL command, checking configuration information, 186–187
IPS (intrusion protection system)
conducting information correlation and analysis, 769–770
detecting intrusions, 765–766
securing current environment, 763
IPsec (Internet Protocol Security) suite, 662
IRS (Internal Revenue Service), 419–420
IS (Information Services) departments, SLAs and, 183
ISACA (Information Systems Audit and Control Association), 760
ISAO (Information Sharing Analysis Organization):, 788
ISD (instructional systems design), 540
ISDN (Integrated Services Digital Network), 170
ISM (instrument, scientific, and medical) band, 802.11 standards, 189
ISO (International Organization for Standardization), 117, 332
isolation, architectural safeguards for process, 657
IT (information technology). see HIT (health information technology)
ITaaS (IT as a service), 728
iterative approach, to HIS design, 221
ITU-R (The International Telecommunications Union Radio communication Sector), 624
IV pumps, pharmacy systems, 497
IVR (integrated voice response), in pharmacy management, 496–498
J
Java Development Kit (JDK) SE, 118–119
Java language
mobile apps on Android, 128
overview of, 118–119
Javac (Java programming language compiler), 118–119
JC (Joint Commission)
healthcare facility accreditation via, 39
provider incentive programs, 60–61
quality measurement organizations, 558
JCNDE (Joint Commission on National Dental Examinations), 35
JDK (Java Development Kit) SE, 118–119
job roles, as lesson plan focus in HIT training, 545
Johnson, President Lyndon B., 417
Joint Commission. see JC (Joint Commission)
Joint Commission on National Dental Examinations (JCNDE), 35
Joint Photographic Experts Group (JPEG), scanned images, 92
JPEG (Joint Photographic Experts Group), scanned images, 92
judges
federal, 422–423
state, 423
judicial branch
case law, 424
case law in, 423–424
federal court system, 422–423
judiciary, 423–424
medical records as vital evidence in court of law, 426
powers/functions of, 413
state court system, 423
structure/function of U.S court system, 422
Judiciary Act of 1789, 421
JVM (Java Virtual Machine), 118
K
Kaiser Permanente (KP), 473, 599
Kali Linus, 772–774
KDD (knowledge discovery in database), 157
key fobs, physical safeguards for, 698–700
keyboards
entering healthcare data, 310
infection prevention, 90
Kinect, Microsoft, 91
knowledge discovery in database (KDD), 157
Kotter, John, 255–256
KP (Kaiser Permanente), 473, 599
L
L2TP (Layer 2 Tunneling Protocol), used by VPNs, 366
laboratory
clinical non-EHR systems, 490
non-EHR HIT systems, 498–499
laboratory information system (LIS), 498
laboratory test results
for anatomic and clinical pathology, 498
clinical information standards, 80
health alerts, 78
population health registries for, 76–77
privacy and security, 78–79
public health reporting, 73–74
scope of data, 79–80
trends/what to expect in future, 81
LANs (local area networks)
communicating healthcare information, 180
device configuration in end-to-end network, 185–186
implementing, 182–183
overview of, 179
routers connect multiple, 196
wireless. see WLANs (wireless LANs)
laptops, physically securing/preserving, 705
latency, throughput and, 176
law. see legal environment
Layer 1 (physical layer), OSI, 173
Layer 2 Tunneling Protocol (L2TP), used by VPNs, 366
Layer 3 (network layer)
OSI/Internet communication models, 173
routers working at, 195–196
3.145.175.243