Background Information
When attempting to collect information on individual perceptions, the interview is a viable data collection method (Robinson, 2013). By identifying an individual within a specific population who has knowledge of the area in which you are attempting to gather data, the interview can allow a more in depth look at a given topic (Robinson, 2013). Thus, in order to explore the use of electronic health records (EHR) within a clinical setting, the completion of an interview with an individual working in the field of health informatics was the ideal candidate to provide additional insight into the questions of IT security, EHR, and upcoming governmental regulations.
Use your promo and get a custom paper on
"Privacy And Security With Electronic Health Records".
The individual interviewed for the purposes of this assignment was a 27 year old male working as a health informatics technician for a small clinic. His job duties include ensuring the functionality of the network, maintaining patient records, keeping the server up to date, dealing with HIPPA requests, and the provision of EHR as necessary. He is also responsible for updating the privacy policy for patients and maintaining all computer and server hardware associated with the clinic network. Approximately 10 people, including the interviewee, work within the clinic setting. The interviewee was the only individual responsible for the computer technology and the maintenance of security within the office setting.
Interview Summary
Following the provision of screening questions to the interviewee to confirm that the individual did meet the criteria set forth in the assignment, a series of informal interview questions were asked of the participant after he got off work. The participant was already aware that the informal interview would be conducted for the purposes of a school assignment and he did sign an informed consent form in order to confirm that he was willing to participate and was aware of what the information would be used for. The informal interview took place at a local coffee shop. Questions asked of the participant included those identified in the previous discussion post as well as certain additional questions that allowed for a greater exploration of the topic at hand.
The participant indicated that the clinical setting in which he worked utilized an on site server for the storing of medical records, as opposed to the use of a co-lo (co-location) server. He stated that while this did have the potential to pose certain issues in the event of a power outage or the like, the security afforded by his being the only one to access the server and to have access to the server, locked in a separate storage closet to which only he had the key, made the owner feel more secure regarding patient information security and privacy. He explained that he was responsible for correcting any issues with computer hardware or software in the event of an issue in addition to dealing with the EHR and EHR requests that came through the office. The EHR system is a proprietary software, coded in-house, and serves as the primary software solution employed by the organization. In addition to the EHR system, there is also a scheduling software, also coded in-house, and a patient information portal, likewise coded in-house. The update schedule is set by him, and he makes sure that the code stays up to date based on federal requirements for data privacy. Risk assessments are conducted monthly, including a complete review of the code and system scans are completed nightly as several new staff members have recently been hired and he stated that he was unsure as of yet whether they were following all computer policies.
Even though the EHR software was coded in-house, by the participant, he stated that he wanted to reduce the potential for compatibility issues; as such, all requests for EHR are, if judged valid based on HIPPA requirements, provided with an electronically delivered PDF of patient medical records, by section, based on the items requested on the HIPPA form. Patients are able to request a copy of their medical records at any time and are asked only to pay a 5 cent per page copying fee to cover the cost of printer ink and paper. They are able to request a free electronic copy of their record, with subsequent electronic requests being $5 each. While such a setup would not work in a larger office, the participant indicated, because of the small clinic setting, the hands off approach, wherein he is the only person responsible for these requests and the maintenance of all technology in the office, works to ensure that he is able to keep everything up to date and legally compliant without having to worry about whether or not someone else is performing their job duties or creating vulnerabilities.
The last series of questions posed to the participant were regarding the EHR-2020 Task Force (Payne, Corley, Cullen, Gandhi, Harrington, & Kuperman et al., 2015). The EHR-2020 Task Force is meant to explore the current status of EHR use and the future directions to take the technology (Payne et al., 2015). The participant stated that he was aware of the group and their recommendations, and that should any of those recommendations become mandatory, he would implement well before the cut off date. Furthermore, he stated that if he saw any recommendations that seemed pertinent to implementation, even if they were not mandatory but would instead either increase the ease of EHR record keeping and dissemination or would benefit the patients, he would implement those recommendations anyway.
- Payne, T., Corley, S., Cullen, T., Gandhi, T., Harrington, L., & Kuperman, G. et al. (2015). Report of the AMIA EHR-2020 Task Force on the status and future direction of EHRs. Journal of the American Medical Informatics Association, 22(5), 1102-1110. http://dx.doi.org/10.1093/jamia/ocv066
- Robinson, O. (2013). Sampling in interview-based qualitative research: A theoretical and practical guide. Qualitative Research in Psychology, 11(1), 25-41. http://dx.doi.org/10.1080/14780887.2013.801543
