Question 1: Consider IT standards (protocols, OSI model, etc.) and health data standards (i.e., ISO OSI, HL7 and TC215), and data being exchanged. Identify which category or categories of standards ap
NTC/425 r3
Yates Community HIT and HIE Network Upgrade Project
Yates Community Hospital BackgroundYates Community Hospital (Yates Community) is a small, rural, independent hospital.
Yates Community’s IT infrastructure is stable but dated. The IT Director has worked to maintain compliance with the standards necessary to ensure the hospital maintains its accreditation. Currently, with limited funding, the network and its components only meet the bare-minimum accreditation requirements.
Yates Community recently received a grant to upgrade its health information technology (HIT) network and health information exchange (HIE) system. Yates Community has been operating as a Private HIE system for years. However, Yates Community has outgrown this design and must upgrade to meet modern HIE standards. The primary goal of the transition is to enable the hospital to upgrade to the National HIE Architecture Model; which will allow it to communicate with the Regional Health Information Organization (RHIO) and Nationwide Healthcare Information Systems (NHIS). This will involve upgrading the outdated Electronic Health Records (EHR) system to enable the interface with the RHIO. The secondary goal is to support Yates Community in providing state-of-the-art care to its community by maximizing the quality and speed of communication within the Yates Community network components.
Project DescriptionYou are part of the team assigned to use the grant to design and implement the National HIE system and upgrade the HIT network to support the updated HIE architecture. This project is named the Yates Community HIT and HIE Network Upgrade Project.
Over the next five weeks, you will complete milestone assignments to meet the final objective of an implemented, optimized HIE network.
Yates Community Network OverviewYates Community is currently operating within a private HIE architecture that includes internal databases. (See Figure 1). The only external interfaces that are rudimentary to the system are between the referring physicians (primary care doctors), e-prescribing, billing clearance house, and reference labs.
Patient Care Procedure BackgroundA referring physician sends a patient to another doctor for specialty care or services at Yates Community.
The specialist completes these services and sends specimens to the reference laboratory.
A reference laboratory performs various tests on patient specimens for hospitals. Most hospitals do not have their own reference laboratories.
Since Yates Community is a small and private governing organization, it initially operated with a private HIE architecture based on the interoperability of its internal HIT systems with very few external interfaces. Thus far, it has successfully operated as a Private HIE organization operating its own HIT systems. It also has not relied on external or remote databases. A new architecture is needed to enable the required upgrade.
Figure 1. Current High-level Private Architecture
StandardsYates Community has not implemented the full suite of Health Level 7 (HL7) protocols. It has met the Meaningful Use Stage 1 requirements but has not yet met the Meaningful Use Stage 2 requirements.
SoftwareThe EHR system is not certified to the Office of the National Coordinator (ONC) for Health Information Technology standards. Therefore, obtaining certification is a critical task of this project.
Hardware ConfigurationThe Picture Archiving and Communication System (PACS) is operating on a Windows 2003 Server and includes Windows® XP clients throughout the facility (unsupported software).
All other HIT system client workstations operate on Windows 10; these workstations access the HIT applications.
The nurses use iPads for mobility between patient rooms. The iPads access the EHR. The iPads do not allow for unique password; iPad passwords are 6 digits.
Yates Community has not met all the Health Insurance Portability and Accountability Act (HIPAA) security standards, including issues related to the following:
Yates internal and external e-mail traffic does not have a means to be encrypted. Encryption is required for exchange of Patient Health Information (PHI).
Yates Community’s only password requirement is to contain six characters. Password need to be more complex to add security to information within computers and applications.
Yates Community allows for shared network accounts. This is in violation of the HIPAA Security Rule requiring unique accounts.
The primary goal of the project is to migrate the current Yates Community architecture to a National HIE architecture through the Northeast RHIO. The Northeast RHIO has five hospitals from five different states with five distinct HIE networks.
Figure 2. National HIE and RHIO Architectures
Interoperability and External CommunicationsWith the upgrade, the location of the Yates Community patient medical records will be hosted at the National level under purview of the NHIN. The Yates Community network infrastructure upgrade must enable interoperability with the RHIO and NHIO. The following requirements need to be included in the upgraded HIE architecture:
EHR Certification: The Yates Community EHR must be certified to enable a smooth integration to the Northeast RHIO.
Secure, Interoperable Data Exchange:
Transmission Control Protocol/Internet Protocol (TCP/IP) over Virtual Private Network (VPN): Currently Yates Community uses a business-to-business (B2B) VPN with its current external interfaces (Billing Clearing House, e-Prescribing, and Reference Lab). This will need to be extended to the RHIO to protect data while in transit (i.e., between Yates and the RHIO). The VPN will allow data exchange over a secure private network. Specifically, it provides end-to-end encrypted connectivity. The B2B VPN capability is an efficient method to ensure interoperability with the RHIO.
Secure Web Services: There is a web interface from the hospitals to the RHIO. Accessing the RHIO website must be a secured transmission via industry standard Secure Socket Layer (SSL). SSL allows HIE members to send and receive PHI through secure communications over the Internet. In addition, this data can be updated in real time via this method.
Secure File Transfer Protocol (SFTP): SFTP will be required to exchange files between Yates Community and the RHIO. This method is used when data is sent and received; either in batches or a document at a time. These are usually done based on set schedules. Data backups typically use SFTP.
Secure E-Mail: E-mail that contains PHI must be secured via encryption during transmission. E-mail is allowed for exchanging PHI but is not a preferred practice. If PHI is exchanged via email, it must be encrypted.
HL7 Standards: Yates Community must become HL7 compliant to participate in the Northeast RHIO.
The process of transmitting clinical data between internal HIT applications, the Yates Community EHR, and the RHIO must be upgraded to comply with HL7 standards.
Third party vendor HIT systems which operate within the Yates Community network environment will also be required to adhere to the HL7 standards.
Meaningful Use Stage 2 Compliance: Yates Community must become compliant with Meaningful Use Stage 2 to be an HIE member of the Northeast RHIO.
Copyright 2019 by University of Phoenix. All rights reserved.