Clinical Informatics

American Standard Code for Information Interchange ASCII ISO standard, every character is an 8-bit binary
Unicode Each character is 16-bits (most of world's language)
Hexadecimal HEX compact way of relaying binary information (8-bit binary ASCII -> 2-digit HEX)
Bit single binary digit, also convenient for logical and algebraic information
Byte 8 bits
Digital Logic Gate (transistors) Digital circuits can mimic Boolean algebra
Boolean operators AND, OR, NOT, XOR (exclusive OR: true if either A or B is true, but not both), NAND (NOT AND: true unless both A and B are true), NOR (NOT OR: returns true only when both A and B are FALSE)
Half adder simple digital circuit, most basic boolean algebra example using logic gates: A XOR B -> S (20) A AND B -> C(21). So CS is sum.
Transistors fundamental building block for electronics (replaced vacuum tubes); silicon semiconductor that makes a switch with no moving parts that can be controlled with a small current. By combining them, resistors, diodes, capacitors, you can build logic gates. Usually prepackaged on integrated circuits (ICs) eg smartphone 100M, PC 1B, each is 22 nm wide
Floating-point Operations Per Second FLOP gigaFlop (GFLOP) is billion floating point operations per second (costs 69 trillion times less than 50 yrs ago)
Machine Code Unique to the CPU, not intended to be human interpretable
Assembly language Shortcut mnemonics for machine language routines; still tedious to use, not readable
High level programming languages English-like phrases; must be compiled before execution (souce code -> object code, usually assembly language or machine code) eg C/C++, Java, VisualBasic.
Fourth-generation languages Further abstract complex tasks (Mathematica, SPSS, MatLab, other task or domain-specific languages)
CPU Time Performance (seconds/program) = instructions/program * cycles/instruction * seconds/cycle
Reduced Instruction Set Computer RISC Reduces clock cycles per instruction (shorter instructions, but more of them); instructions are fixed in length
Complex Instruction Set Computer CISC Reduces # of instructions per program (longer instructions, variable length, but less of them)
RISC vs CISC RISC programs are longer and so more RAM needed to store assembly language instructions; compiler has to do more work to convert higher level languages into shorter RISC insturctions; hardware optimization: fewer transistors, performance enhancements like pipelining, hardwiring for maximum speed. These days the difference are blurred. Low-end / mobile systems tend to have RISC processors (ARM) because of better battery life but here are high-end examples (MIPS, SPARC, IBM Power PC); original X86 Pentium processors were CISC but modern X86 processors eg Intel Core i7 have features of both RISC and CISC)

Programming paradigms Distinct styles of programming that influence performance, maintainability, length of code, memory requirements etc. Features of various programming languages determine which paradigm(s) they belong to
Imperative programming allows side effects; state the order in which operations take place, with constructs that explicity control that order. (lots of GOTOs for example)
Structured programming Units of work broken down, et for loop, if ... And piece of code (function) can be reused
Procedural programming Groups code into functions. Structured programming that is not object-oriented
Imperative or procedural languages eg COBAL, FORTRAN, BASIC, Pascal, C, C++: programs are a list of tasks, subroutines; like a recipe each step is a sequenced instruction; allow programmer to define functions, subroutines and reuse throughout the program. Most imperative programming is structured.
Declarative paradigm does not state the order in which operations execute; supply a number of operations that are available in the system, along with the conditions under which each is allowed to execute. Implementation of the language's execution model tracks which operations are free to execute and chooses the order
Declarative languages non-imperative style in which programs describe their desired results without explicity listing commands or steps that must be performed (eg SQL)
Object-Oriented paradigm A form of structured programming, groups code together with state the code modifies; most object-oriented languages are also imperative languages
Object-oriented program languages OOP Java, Objective-C, C++, C#, Ruby, VisualBasic.NET: imperative in style, but added feature to support objects; objects can have independent functions, characteristics, and states; Class is a 'blueprint' for an object: describes the functions and characteristics that all objects in that class share in common; specific member of a class is an instance
OOP terminology Attributes (adjectives), Methods (verbs); Instantiation (creating a new object and set initial parameters for the attibutes and methods); Encapsulation (objects keep their atributes and method private; control access to other parts of the program; either allow or restrict external invocation / modifiaction); Composition (objects can be composed from smaller objects); Inheritance (objects can inherit their structure from parent objects and extend their functionality); Polymorphism (objects can override their parents attributes/methods); Accessors ('getters': methods used to retrieve variable state); Mutators ('setters': methods used to change variable state)
Functional paradigm does not allow side effects
Logic paradigm patricular style of execution model coupled to a particular style of syntax and grammar
Interface group of related methods with empty bodies; form a contract between the class and the outside world
Hash functions Algorithm that maps data of arbitrary length to data of fixed length, an example of 'binning'; returned value is 'hash value', 'hash code', 'hash sum', 'checksum'; uses in data integrity (check that a file was not tampered with or downloaded incompletely 'MD5 Hash"), check that a keystroke error did not occur (NPI and Luhn algorith where last digit is a checksum); uses in crytography (website stores encrypted or hashed password ideally); uses in indexing (takes text strings and via a hash places them into buckets so no need for full table scan when retrieving)

Qualitative data Nominal (categorical: mutually exclusive, unordered, discrete categories of data; mode is only measure of central tendency) vs Ordinal (categorical data with natural ordering eg Likert scale; can measure median and mode)
Quantitative data Interval (data where the intervals between values represent the same distance eg year temp; arithmetic mean, median, mode) Ratio (allows for additional comparison because zero means something and is not arbitrarily chosen; eg area, distance, Kelvin; geometric mean, arithmentic mean, median, mode)
Data transformation Interval -> Ratio (year diagnosed with cancer --> year since diagnosis); Interval --> Interval or Ratio --> Ratio; Interval --> Ordinal ("Binning" smooths effects of minor observation errors)
Data structures Primtiives (Boolean, Char, Float/Double, Int), Array & Composite structures, Strings, Date, Time
Control structures way for programs to control flow of data, assignment of variables, etc: Primitive (line labels, GOTO statements, subroutines), Choice (If - Then - Else; Case statments), Loop (count controlled loop with iterator, ie FOR - NEXT; condition-controlled loop, ie WHILE; Collection-controlled loops (FOR EACH IN...)

Software Development Life Cycle SDLC Planning (gather/analyze requirements, determine scope and priority of work); Designing & Implementing (actual development process); Testing (verification/validation); Documentation (critical for future enhancements, debugging, maintainability); Deployment (install, customize, train, evaluate); Maintenance (process to collect new defects or enhancements, support user in ongoing fashion)
Verification vs validation Verification: are you building the software right, does it meet design specifications? Validation: are you building the right software? Does it meet needs of user? Verification find bugs in the software; validation finds problems in design or requirements gathering
Waterfall Traiditional method: move to next phase only when prior phase is done; option to revisit decision, but usually go through a formal change control process; highly structured, relatively inflexible; defects are found sooner when they're less costly; late-breaking requirements can be expensive or prohibitive; good for small project where requirements are complete and unlikely to change
Iterative antithesis of Waterfall; minimal planning; develop in short cycles of planning/development/testing; good fo shifting user needs and changing enviroments; end up focusing on immediate rather than long-term goals
Spiral combines Waterfall and Iterative methodlogies. 'risk driven software development; highest risk is tackled early on when change is less expensive; eg risk = poorly understood requirements; development broken into smaller efforts (analysis, evaluation, development, planning)
Agile a variety of rapid cycling sofware development in which development, testing, and requirements gathering are closely fused; similar to Spiral but with more flexibility and less preplanning of cycles. Flexible methodology focused on iterative small steps ('sprints'); extreme program (XP) and Scrum are two variations; feedback provides regular testing and release of software; good for larger projects where requirements are loosely defined
Scrum an agile methodology: need owner, development team, scrum master (enforcer of rules and remover of impediments), sprint (basic unit of development, predefined in duration and scope (typically <30d), chosen from list of backlog); daily scrum (what happened yesterday? what will happen today? obstacles?) Extremely flexible; assumes clients will change requirements and is equipped to adapt to unpredicted challenges

System integration process of linking subsystems; requires a combination of software, hardware, and interface skills. Facilitated by strong understanding of standards and organizational structure
Vertical Integration integrating subsystems according to functionality; group systems by function into silos; integrate wihin a silo but not necessarily between
Star Integration unique connection to each system that requires it; high overhead for complex systems
Common Data Format application-indepenent data format to convert application specific data into common formats and vv
Enterprise Service Bus ESB software architecture model used for designing and implementing communication between interacting software apps in a SOA; a variant of the client-server model and promotes agility/flexibility. HL7 standards beneficial
Horizontal Integration via ESB : one connection per system to ESB; ESB handles downstream connections; replacing a single system is much easier
THERAC-25 radiation therapy (1980s); 6 accidents/3 deaths due to overdoses. Failure to detect 'race condition' in software (when specific segment of software receives 2 simultaneous and conflicting instructions = failure to test adequately); poor design of error messages; personnel didn't believe patients complaints

Quality reliability (ability to function under stated conditions for a specified period of time), efficiency (high performance), security (low potential for breaches), mantainability (transferable, portable to other developers; clean code), size (lines of code or value delivered), identifying critical errors
Static testing reviewing code itself
Dynamic testing apply test cases to code
Test case development approaches White Box (tests inner workings of a program with full access/awareness of the internal state of the program, eg code coverage: programmer develop a set of test conditions for all scenarios, all variables, all possible inputs with awarenss of the internal design of the system); Black Box (test functionality from end-user standpoint eg specification testing: which may be insufficient to capture all defects)
Levels of testing Unit testing (an individual function of the software, white box, code coverage, developer driven, can be semi-automated); Integration testing (white box, Interfaces/APIs, developer-driven); System testing (black box, test against documented requirements (verification)); Acceptance testing (black box, request for user sign-off ie validation, eg beta testing)
Regression testing Regression is a new defect revealed with the addition of a new functionality; regression testing: add new functionality, go back and repeat all prior tests (unit tests) and retest all previously reported and fixed defects

Information systems design and analysis (eg logical schema, normalization/denormalization, process modeling) abstraction, refinement, modularity, archictecture, control hierarchy, partitioning, data structure, software procedure, information hiding, compatiiblity, extensibility, fault-tolerance, reusability, robustness, performance, portability, scalability

Architecture methodologic development of models, specs, and guidelines of IT systems; focuses on the system as a whole; requires governance, innovation, IT strategy, technology standards, defined data and information flows
Systems architecture conceptual model that defines the structure, behavior and views of a system. Has three design types: Conceptual (high-level, how components and pieces fit together); Logical (conceptual + all major components and relationships and data flows); Physical.
Multi-tier architecture data-management, application processing, presentation processes are logically separated into different tiers, eg MVC
Unified Modeling Lanaguage UML standard toolset for describing aspects of databases, software, and business processes. Includes graphic notation techniques to help visualize models for object-oriented software-intensive systems
UML diagrams Class (describe object-oriented classes, attributes, methods, inheritance); Activity (show process flowchart, stepwise description of decisions, consequences); Use Case (show actors, goals dependencies); Entity-relationship (ER, describe objects and their relationships; can be used to define RDBMS logical schema)
Service-Oriented Architecture SOA paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains; provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations. Has a service consumer, a service provider, and a service directory.
Universal Description, Discovery and Integration UDDI XML-based standard for describing, publishing, and finding web services; defines specifications for a web service registry
Web Services Description Language WSDL describes a web service's functionality using an XML interface-based language
Simple Object Access Langugage SOAP lightweight protocol for the exchange of information in a decentralized, distributed environment. Defines envelope, encoding rules, communication styles

Distributed systems contain components on networked computers that coordinate and communicate; harness the power of many computers working together to solve complicated problems requiring computing power
Centralized systems terminals attached to a central computer where computing is done; program through which users acess centralized resources is a thin client; vs thick client (eg MS word) programs provide functionality independent of a central server
Relational systems built using data and information on the relationships between data, eg RDBMS
Object-oriented systems built with objects, classes, etc; determines how to break elements of software into discrete pieces and how these pieces integrate with each other
Data warehouses store DBs (via ETL) into a format that is optimal for reporting / analysis / queries (eg Epic EHR runs on Intersystems Cach_ Object DB for transactional processing); has a nightly process to push data into an RDBMS
Extract/Transform/Load ETL Staging layer (stores raw data extracted from data source); integration layer (transforms staging layer and stores it in an operational data store DB); data warehouse DB (where data is loaded and arranged into hierarchical groups)
Data Mart access layer of the data warehouse ie how users can pull data (ETL) from a data warehouse; smaller collection of related tables and data derived from the warehouse for a specific purpose, usually for analysis, report generation, spreadsheet, performance dashboards etc.

Features of network protocols handshake'; acknowledgement; payload; multiple protocols exist for multiple purposes; distinguish the network protocol from the data or encoding standard
Open Systems Interconnection OSI ISO effort (1977) to standardize computer networking
Four-layer TCP/IP Model Link, Internetwork, Transport, Application. An implementation model: provides guidance for those who build TCP/IP compatible network hardware or software.
OSI Seven Layer Model Abstract model that can be used to understand a wide range of network architectures. 1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
Physical Layer (1) Transmission of bits via copper wire, coaxial, fiberoptic, cables, wireless; transport of data across a single link. Defines the shapes of the connectors and types of media which can be used, how to encode bits
Data Link Layer (2) Transmission of frames within network via Ethernet or PPP; LLC. How systems using a physical link cooperate with one another. Framing (datagram encapsulated in link layer frame (data field and header fields); Link access (MAC protocol coordinates frame transmission of many nodes); Reliable delivery (guarantees to move each datagram across the link without error, eg wireless (prone to error), wired may not be reliable for low bit-error links); Error detection (error-detection bits sent, error check by receiver - can correct). Implemented at the host's network interface card
Media Access Control address MAC link layer address, aka physical address (6 bytes long (pairs of hexadecimal numbers)) for each host and router network adapter; Does not change
Logical Link Control LLC upper data link layer protocol that acts as interface between MAC sublayer and the network layer
Point-to-Point Protocol PPP establishes direct connection between two nodes; provides connection authentication, link encryption and compression
Address Resolution Protocol ARP maps IP addresses into MAC addresses
Network Layer (3) Transmission between hosts on different networks of packets via IP, DNS server, through routers; deals with global assignment of routable addresses; governs how routers forward packets across multiple hops to get from source to destination. Does not attempt to be error free as lost data will be detected and retransmitted at the transport layer
Internet Protocol IP IPv4 (32-bit), IPv6 (128-bit written in hexadecimal)
Domain Name System DNS matches IP addresses to domain names
Dynamic Host Control Protocol DHCP Network layer protocol used to assign IP address to hosts eg when you connect to a wireless hotspot
Network Address Translation NAT method of remapping one IP address space into another by modifying network address information in IP datagram
Internet Control Message Protocol ICMP used by network devices like routers to send error messages indicating, eg that a requested services is not available or that a host or router could not be reached
Transport Layer (4) Transmission of data between end users and ensures successful transfer via TCP, UDP; manages packet loss and retransmission as well as flow control and window size
Transmission Control Protocol TCP reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a LAN, intranet or the Internet
User Datagram Protocol UDP does not require acknowledgement (eg video streaming); allows apps to send datagrams to other IP hosts without prior communication
Session Layer (5) handles establishing connections between applications; deals with ports so that connecting client application can find the correct server application on a particular system; eg Web Conference
Lightweight Directory Access Protocol LDAP session layer protocol, for authenticating users against X.500 directories; Commonly used to provide a 'single sign-on' where one password for a user is shared between many services
Presentation Layer (6) how data is represented and encoded for transmission across the network eg character encoding in ASCII and data encryption/decryption
Secure Sockets Layer SSL provides security over the Internet using cryptography. Session and presentation layer in OSI model; between Transport and Application in TCP/IP model
Application Layer (7) client and server applications; data transmission of messages vis HTTP, SMTP, FTP
Hypertext Transfer Protocol HTTP foundation for communication of the Internet
Post Office Protocol & Internet Message Access Protocol POP3/IMAP standards for email retrieval
Simple Mail Transfer Protocol SMTP standard for email transmission
File Transfer Protocol FTP

Object-Relational Mapping ORM Object-oriented class <--> DB relation; Instance <--> Tuple (row); Attribute <--> Attribute (column); Method (accessors, mutators) <--> CRUD functions
Hierarchical DB optimized for rapid transaction of hierarchical data; makes it easy to know 'every attribute about one thing' (vs relational: every thing about one attribute); computationally easy to traverse the tree: can only traverse tree from parent node; child nodes can only have 1 parent
States of data Data at rest, Data in motion, Data in use
Database DB Any collection of related data
Database Management System DBMS Allows users to interact with DB and maintaing structure, integrity: define data types, structures, constraints; construct data tables, store data in tables on a storage medium ; manipulate data (CRUD); share data via permissions, user access control; controls concurrency; protect against inappropriate access, hardware/software failure; maintain & optimize data structures
Create, Retrieve, Update, Delete CRUD
Atomicity, Consistency, Isolation, Durability ACID defines reliable transactions: atomicity (transaction is indivisible; either happens or it doesn't), consistency (transaction meets all constraint rules ie data must be valid), isolation (must be able to sequence simultaneous transactions), durability (system must be tolerant to failure in memory, power fails ie committed transactions will not be lost)
Data definition language DDL Creates and describes structure/constraints; contains metadata (data about the data)
Data dictionary not just FK/PK, constraints, but also definitions of each field and its intended use
Schema description of the relation, its attributes, and the data types associated with the relation; a specific table that uses that schema is an instance of that schema; adding new relations as easy as adding a table, add an attribute by adding a column
Relational DBMS RDBMS Defines association within and between relations (tables, singular names); Each attribute (column) corresponds to a domain in the relation; each tuple (row) describes an ordered list of elements; data elements (cells) have data type that is consistent across that attribute; attributes can have constraints (eg non NULL, auto-incrementing, cascading delete, primary key, foreign key) beyond the type constraint; MySQL, Oracle, SQL Server, PostregreSQL
Nonrelational DBMS NoSQL eg MongoDB, Cassandra, CouchDB, Redis, Druid
Flat file DB eg Excel, SQLite; may require redundant data, cant represent 1-to-many relationships; limited ability to enforce data integrity, incomplete data represented as blank cells
Object-Oriented DBMS OODBMS data are represented as objects; support for more data types (graphics, photo, video, websites); usually integrated into the programming language so accessing data doesnt require complex driver configuration; increased use recently with development of web applications, most web app frameworks support interaction with OODBMS; eg Intersystems Cach_ the OODBMS behind the Epic EHR
Object-Relational DBMS Hybrid between RDBMS and OODBMS
MGH Utility Multi-Programming System MUMPS imperative programming language also comprises most commonly used hierarchical DB; 1969; flexible interface (eg lab systems, notes, variable output format); variable length text-handling; hierarchical design to support complexity of clinical data and update/retrieval methods; multi-user access capability (fault-tolerant: ACID transactions); large storage capacity, low CPU usage, high-level programming language to make interface design less time-consuming more efficient. Renamed "M" in 1993 and recognised by ANSI in 1995; derivatives like Intersystems Cach_ are among most widely used (Epic); design anticipated NoSQL and schema-less DB movement. Global variables are designated by_ or ^
Structured Query Language SQL family of related languages with different dialects specific to RDBMS (eg MS-SQL, Oracle SQL, MySQL); English-like with key words that allow for all functions common to DBMS; ANSI and ISO standard.
Primary Key PK table column (or cominbation of columns) designated to uniquely identify all table records; must contain a unique value for each row of data; cannot contain null values
Foreign Key FK a field (or collection of fields) in one table that uniquely identifies a row of another table, ie it refers to the primary key in another table
Superkey combination of columns that uniquely identifies any row with a table
Candidate Key a column or set of columns in a table that can uniquely identify an record , eg the PK. The superkey reduced to the minimum number of columns required to uniquely identify each row
Non-Prime Attribute An attribute that does not occur in any candidate key
Normalization techniques to reduce redundancy and dependency between tables; goals are: to free the collection of relations from undesirable insertion, update, and deletion dependencies; reduce the need for restructuring the collection of relations as new types of data are indtroduced, thus increasing the lifespan of apps; make the relational model more informative to users; make the collection of relations neutral to the query statistics where these statistics are liable to change as time goes by. A database is normalized if it is in 3NF
First Normal Form 1NF Each cell contains a single value; each row is unique
Second Normal Form 2NF table meet all criteria for 1NF and every non-key attribute is dependent on the primary key
Third Normal Form 3NF 1NF+2NF and no non-key column determines another non-key column
Boyce-Codd Normal Form BCNF Higher from of normalization
Denormalization Requires PK/FK join logic, to generate a report; a high performance RDBMS denormalized schema may be preferable to allow single-table lookup functions with an index (increased performance). To aggregate data into meaningful groups; This is why you have reporting tools, analytics, data marts
Database controls Access (limit who can access and control DB), Integrity (maintain accuracy of data and ensure proper use), Security (encrypt and protect in case of breach), Audit (unique timestamp on every transaction), Physical (physical copies or virtual backups)

Networks series of nodes connected by communication paths (links)

Topologies Patterns of links between elements of a computer network; logical (how data flows) and physical (how components are arranged) topologies; determines fault tolerance, redundancy, and scalability; either centralized (eg star, tree) or decentralized (mesh)
Point-to-Point topology simplest topology, link between two endpoints (eg phone call)
Bus topology nodes connected in linear sequence of buses; information goes down backbone until it finds its destination. Network shut down if line severed so best for small networks
Ring toplogy transmits data around a ring utnil it reaches destination; every node acts as a repeater; every node is a critical link
Star topology centralized topology where each node is connected to central hub, ie every node acts as a repeater and every node is a critical link; easy to add new device, simple.
Tree toplogy centralized topology uses a hierarchical structure to connect nodes using point-to-point links; easily scalable
Mesh toplogy each node relays data and cooperates in distributing data in the network. Usually in wireless networks (physical connections impractical); value = n(n-1)/2
Metcalfe's Law The value of a network is proportional to the square of the number of connected users of the system.

Telecommunications networks contain: transmitter, transition medium, receiver, analog or digital network, channels, switches, repeaters, modulators
Personal Area Network PAN located on your person, usually connect through Bluetooth
IEEE 802.15 Wireless PAN and derviatives (Bluetooth, Infrared data association (IrDA)
Local Area Network LAN interconnected computer networks that are distinct, generally small, cost-effective, and efficient
Widel Area Network WAN interconnected computer networks that are generally large
Medium-range wireless local area network WLAN
802.11b Max 11Mbps, interferes with other 2.4Ghz devices like microwaves, Bluetooth, cordless phones. Popularized WiFi
802.11g Max 54 Mbps, same band as 802.11b, same interference concern
802.11n uses both 2.4Ghz and 5 Ghz spectrum for max speeds of 54 Mbps/600 Mbps. Speed enhanced by MIMO.
802.11ac gigabit wifi - 1 Gpbs
Multiple Input, Multiple Output MIMO to parallelize the transmission of data
Radiofrequency Identification RFID One way; uses radio waves to broadcast data from an electronic tag mounted on an object to a scanner/reader; some can be read from several meters away and beyond the line of sight of the reader; bulk reading is possible; US passports and many other items now have RFIDs. Passive RFID: does not use battery. Active RFID: has on-board battery always broadcasts its signal. Battery-assisted passive (BAP) RFID small battery on board activated when in the presence of a RFID reader will retain signal for about 10s after it gets pinged
Near-Field Communication NFC Two way; eg Apple Pay
Long-range wireless standards WiMax, CDMA, 3G, 4G, LTE
Wireless applications IP Telephony ('vocera'), SMS text messaging, RFID/NFC tagging of medical devices, patients

Security Threat assessment, asset list, policy, education, technical measures
Security Layers Physical (intrusion, fire, power, seismic protection); Network (Firewalls, WEP); Social (phishing, malware, spoofing); Software (design, updates, authentication); Data (backup, restore, redundancy)
Administrative controls Polices and procedures designed to clearly show how the entity will comply with the act, eg Acceptable internet use policy, Password mgmt policy, Use & protection of SSN in clinical research data, BAA, Privacy procedures plan, Internal audits
Physical controls Physical measures, policies, procedures to protect a CE's electronic information systems from natural and environmental hazzards as well as unauthorized intrusion. Badge based entry, Cameras, Dual lock systems
Technical controls Firewalls, Encryption, IDPS, NAC, VPN, DLP, Authentication, Authorization, Audit logs, Patching, Up-to-date rules in antivirus
Authentication any process of verifying the identiy of an entity that is the source of a request or response for information in a computing environment. Can be something you have (eg key, card), something you know (eg password, PIN), something related to who you are (eg fingerprint, voiceprint), something indicating where you are located
Authorization What you can do (vs authentication: who you are)
Intrusion detection and prevention systems IDPS a network level security technical control
Network access control NAC a network level security technical control
Data leakage protection DLP a network level security technical control
Hacks Eavesdropping/sniffing/snooping (intercepts communication between two points); Data modification; Identity / IP address spoofing; Password-based attacks; Denial of Service (DoS) / Distributed Denial of Service (DDoS) flood site with traffic so valid users cannot access); Man-in-the-middle attack (middleman captures data between two communicators, can reroute and change); Sniffer attack (software installed to read network packets and data exchanges)

The HIPAA Security Rule and other government regulations CEs must ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit (does not apply to paper/oral PHI); identify and protect against reasonably anticipated threats to the security or integrity of the information; protect against reasonably anticipated impermissable uses or disclosures; ensure compliance by the workforce
Confidentiality ePHI is not available or disclosed to unauthorized persons; should only be used by authorized persons
Integrity ePHI is not altered or destroyed in an unauthorized manner; should not be changed inappropriately
Availability ePHI is accessible and usable on demand by an authorized person; should be available when it is needed
Breach unauthorized acquisition, access, use or disclosure of unsecured PHI which compromises the privacy, security, or integrity of the PHI
Breach Notification Notification of individuals within 60d. If > 500 records, must notify public media, HHS; provide secretary HHS with an annual report of breaches; enforced by OCR.
Security Risk Assessment Added by ARRA: conduct or review a security risk analysis and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Methods: self-assessment of asset owners, assessed by internal group or external group (eg ethical hackers, auditors); Measurement (qualitative or quantitative); Management (risk acceptance, risk mitigation, risk transference); 45 CFR 164.308 (a)(1)

Firewalls A set of hardware components (router, hosts, and combinations) and networks with appropriate software to restrict network traffic to conform to the security policy of the site

Virtual private networks VPN virtual network built on existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between networks; can facilitate the secure transfer of sensitive data across public networks

Encryption A method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm. If info is encrypted there is low probability that anyone other than the receiving party who has the key would be able to decrypt the text
Data Encryption Standard DES original, can be hacked
Triple DES 3DES being slowly phased out
Rivest, Shamir, Adleman RSA public and private keys; asymmetric: the standard for data sent over the internet
Advanced Encryption Standard AES encryption method used by US government
Secure Hash Algorithm SHA encryption method
Message-Digest Algorithm MD5 encryption method
Hash Message Authenication Code HMAC encryption method
Internet Protocol Security IPSec protocol suite for secure IP (authenticates and encrypts each IP packet)
Wired Equivalent Privacy WEP encryption method
Wi-Fi Protected Access WPA encryption method
Public Key Encryption information encrypted with a public key (widely distributed) can be decrypted by a second private key (avoids needing to send key to sender)
Private (symmetric) Key Encryption Same key used to encrypt and decrypt message
Kerberos network security system based on secret key cryptography
Secure Shell SSH is encrypted (vs Telnet)

Data basis of historical record, support communication among providers, anticipate future health problems, record standard preventive measures, coding and billing, provide a legal record, support clinical research
Aspects of data circumstances of observation, uncertainty, time, imprecision (normal variance) vs inaccuracy (bias)
Coding of clinical data historically by a Clinical Coding Specialist (CCS); major purpose is reimbursement. Tradeoffs: stadardization of language vs freedom of expression; time to narrate vs code. Other difficulties: creating and maintaining coding systems; structuring coding systems to capture meaning
Data entry free-form (writing/dictation/typing); structured (menu-driven); speech recognition/scribes
Structured / menu-driven data entry via mouse, pen, typing. Benefits: data codified for easier retrieval and analysis; reduces ambiguity if language used consistent. Drawbacks: more time-consuming; requires exhaustive vocabulary; requires dedication to use by clinicians
Speech recognition narration most commonly; many established systems are on the market that operate on front end (used by clinician, instant availability) or back end (process dictations, editing transferred from clinician to transcriptionist). Challenges : output lags behind user input; require area with minimum of background noise and where patient privacy protected; enunciation errors from mispronunciation, dictionary errors from missing terms, suffix errors from misrecognition of appropriate tenses of a word, added or deleted words, homonym errors. Recent review: report turnaround faster, human transcription more accurate slightly; macros and templates improve turnaround time, accuracy, and completeness
Data Flow Diagram DFD graphical respresentation of the flow of data through an information system, modeling its process aspects

Integrity Data provenance (where does data come from), Data completeness & correctness
Physical Integrity ensures data can be written to or read from disk
Logical Integrity ensures transactions are complete and data is correct and rational (sometimes a problem with copy & paste)

Mapping The process of associating concepts or terms from one coding system to concepts or terms in another coding system and defining their equivalence in accordance with a documented rationale and a given purpose
Source data model original data model from which you're mapping
Target data model data model you're trying to find the relationships and equvalence in
Forward mapping maps an older data model to a newer data mdoel
Reverse or backward mapping maps newer data model to an older data model
Equivalence degree to which data models map to one another

Data Control Language DCL GRANT, REVOKE
SQL joins Inner (only includes rows that match both tables) vs Left Outer (inclues all rows in the left table, displays blanks from right) vs Right Outer (includes all rows in the right table, displays blanks from left) vs Full Outer (includes all rows in both tables, blanks in both) vs Cartesian (rare, gives you cross product of both tables, usually a mistake)
Nested subquery mimic an inner join; substitute results of a subquery for 'where [column] in' clause in place of a list
Data reporting formatted results of a query that are useful for making decision and analyzing data

Representation and types Narrative, Numerical Measurements, Coded, Textual, Recorded Signals, Pictures, Metadata

Warehousing Data flows into EHR; some then flows into data warehouses (with admin data) which may then flow to an HIE
Registries Limited form of EHR; can be separate from EHR or an extract of data from it. Typically oriented to one or a small number of diseases, most often chronic diseases. Usual functions: patient reports, exception reports (outliers, overdue for care), aggregate reports (how is care team delivering care)

Data mining and knowledge discovery (Knowledge Discovery in Databases) KDD process of discovering patterns (knowledge) in large databases
Data mining process Determine the problem; Select data; Pre-processing/transformation/evaluation (simple stats); Model building; Mining (anomaly detection, associations, clustering, classfication, regression, summarization); Intepretation, Evaluation, Validation; Update models
Data mining algorithms C4.5 (decision trees); k-means algorithm, Support Vector Machines (SVM); Apriori algorithm; EM algorithm; PageRank; AdaBoost; k-nearest neighbor classifcation (KNN); Naive Bayes; Classification and Regression Trees (CART)
Mining model stores information derived from data processing such as results from data analysis using mining algorithms; has two properties: algorithm property (which algorithm will be used) and usage property (how each column of data is used by the model)
Accuracy how well the model correlates an outcome with the attributes in the data that has been provided
Reliability the way the model performs on different data sets; does it generate the same predictions regardless of the test data?
Usefulness does the model provide useful information?
Data analytics the extensive use of data, statistical and quantitative analysis, explanatory and predictive models, and fact-based management to drive decisions and actions
Levels of analytics Descriptive (what our data shows, eg alerts, query/drill-down, reporting), Predictive (what might happen based on past trends, eg simulation, forecasting, preditive modeling), Prescriptive (using data to optimize systems and achieve the best outcome)
Challenges of analytics volume of information can be challenging; forecasting always difficult in healthcare; quality and completeness of data, especially in any one organization's clinical systems is incomplete and can lead to biases in data

Integration vs interfacing Integration: merge data from multiple sources into integrated whole; Interfacing: how data must be transformed to allow real or virtual integration
Integration merging data from multiple sources (IT systems) into integrated whole
Interfacing creating a shared boundary where systems can exchange information (logically separate)
interchange format translates each source schema into the target schema using scripts
eXtensible Markup Language XML a set of rules for encoding documents in a format that is human and computer readable
JavaScript Object Notation JSON a lightweight, pouplar web-based data exchange format
Resource Description Framework RDF a framework for conceptual description or information modeling in web resources
Web Ontology Language OWL formal semantics; builds on RDF but adds semantics; expressed in triples
Gellish A controlled natural language that uses numeric unique identifiers to general natural expressions; can be used with SQL, RDF, XML

Dealing with multiple identifiers Identifier errors compromise quality of care (correct, duplicate, overlaid); high cost more likely to be associated with missed abnormal test results; adding DOB helps; variable policies for preventing, detecting, removing duplicate records

Anonymization of data 87% of US population uniquely identified by 5-digit zip code, gender, and DOB! Genomic data can aid re-identification in clinical research studies; SSNs can be predicted from public data; dates and results in lab data facilitate re-identification
Mitigating re-identification Data suppression (certain features of the data are removed); Data generalization (data is abstracted to more generalized data); Data pertubation (values are replaced by different but equally specific values)

Human Factors Engineering HFE seeks to identify and promote the best fit between people and the world within which they live and work, especially in relation to the technology and physical design features in their work environment
Usability the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use

Models, theories, and practices of human computer (machine) interaction (HCI) Explanatory theories (explain behaviors through models); Predictive theories (allow system designers to predict how users will interact with the system); Generative theories (provide useful guidelines/principles to system designers)
Human Computer Interaction HCI The study of people and computers; combines computer science, behavioral science, psychology, design, human factors analysis, and more. Increasing awareness that HCI limitations are responsible for medical errors; cognitive overload, 'alert fatigue' is one of the 'grand challenges' facing CDS
HCI / Usability-Related Errors Wrong Patient (user has 2 charts open, enters orders on the wrong one); Wrong Mode For Action (user tries to enter 100mg but accidentally enters 100 mg/kg); Inaccurate Data Display (lab value is truncated in a report causing user to come to incorrect conclusion); Incomplete Data Display (summary view of vital signs only shows last value per shift, user overlooks the max value within that shift); Non-Standard Measurement, Convention Or Term (weight-based medications calculated using metric units but order entry screen shows weight in English units); Reliance on User Recall (vaccine administration documentation screen requires a lot number; lot number is visible on previous screen but not on this one; users mis-type info or type in nonsense data as a result); Inadequate Feedback (user attempts to order med requiring 0.1cc precision and submits incorrect dose becuase system silently rounds dose to nearest 0.5cc; calculation not transparent to user); Corrupted Data Storage (user enters orders in discharge workflow then clicks 'next' but orders are not submitted because user did not click 'sign before proceeding to next step)
Fitt's Law Predictive Model. Describes how much time it will take to move a mouse to a target area depending on the distance and size of target : T = a + b log2(1 + D/W)
Hick-Hyman Law / Hick's Law Predictive Model. Predicts user response to hierarchical menus, response to finding correct option among an unfamiliar list (like a non-QWERTY keyboard); expresses user response time as a function of the number of possible responses. T = b*log2(n+1)
Goals, Operators, Methods, Selectors model GOMS Predictive model for observing HCI; breaks down a user's ineraction into four main components. Allows observers to measure interactions with litte effort, cost and time; does not account for user unpreditability; tasks requiring problem solving cannot be predicted by GOMS
Keystroke-Level Model KLM Predictive Model; a simplified version of GOMS that track time it takes to complete actions. The time to task completion is the sum of the time spent key-stroking, pointing, homing, drawing, mental operator (thinking), system response operator (waiting). Used to anticipate which functions are most amenable to shortcuts and 'hotkeys'; estimates how much time it takes to complete data input using a keyboard and mouse
Buxton's Three-State Model of Graphical Input Descriptive Model. Exhaustive description of the states and transitions involved in using a mouse. Three stages: 1. Out of range 2. Tracking 3. Dragging
Guiard's Model of Bimanual Skill Descriptive Model. Hands are not used equally. Each hand, because of single hand dominance, has distinct roles. The model describes, eg why left handed users are ill-served by modern 101-key keyboards. 'Acknowledge' buttons on modal dialogues are on the bottom right
Activity Theory analysis and design for a particular work practice with concern for qualifications, work environment, division of work; analysis and design with focus on actual use and the complexity of multiuser activity; focus on development of expertise and of use in general; active user participation in design, focus on use as part of design
Information processing theory humans dont respond to stimuli they process and analyze information they receive; ie mind is like computer
Rehabilitation Act of 1974, Section 508 ammendment requires all electronic and information technology to be accessible to those with disabilities; applies only to public facing federal sites

Usability Evaluation Testing (coaching, thinking-aloud, eye-tracking/click-tracking, performance); Inspection (cognitive walkthrough, heuristic evaluation); Inquiry (field observation, focus groups/interviews, surveys, usage logs)
Usability testing How usable the software is by testing it on users. Coaching method (user asked to perform a task, allowed to ask any questions); Thinking-aloud (user attemps to complete a task and speaks aloud each step he is doing); A/B Testing; Expert Review; In-Person or 'Hallway' Testing; Remote Testing; Heat-Mapping / Eye/click-Tracking; Performance measurement (5-8 user attempts to complete a specified set of takss; evaluator measures performance statistics eg how long, how often, failure rate, recovery rate)
Mental models explanations of a person's thought process regarding how something in the real world works; a basic way for us to understand the world around us and develop approaches to problem solving and work.
Cognitive Walkthrough low-fidelity paper models or wireframe (incomplete mockup); will the users try to achieve the right effect eg will use know to enter weight; will user notice correct action is available; will user associate correct action with the effect to be achieved; if correct action performed will the user see progress is being made

Nielsen's Heuristics View visibility of system status; match between a system and the real world; offer user control and freedom (undo redo exit); maintain consistency and standards; prevent errors (built-in); rely on recognition rather than recall; demonstrate flexibility and efficiency of use; have an aesthetic and minimalist design; help users recognize and recover from errors; offer help and documentation
User-centered Design UCD an iterative, multidisciplinary process of product design and evaluation that considers and designs to support people's tasks, skills, abilities, limitations, creativity, needs, and preferences; based on a clear understanding of users and actively involves them or their representatives in the evaluation of products (user testing) and sometimes in their design (participatory design)
Value Sensitive Design VSD takes into account the values of the end-users of the product, as well as those who are directly or indirectly affected by the product
NIST 2012 Recommendations provide standards for testing and validation of EHR usability: 1. EHR application analysis (who are users, what is their work environment? what do they do? what does the interface look like? what mistakes? what evaluation has been done?) 2. EHR user interface expert review (two-person heuristic review); 3. User Interface Validation Test (performance measurement, post-testing interview)

Usability engineering combines concepts from HCI, usability testing and standards, psychology, human factors, to create, assess, and make recommendations to improve usability
Usability components (Nielsen) Learnability, Efficiency (speed), Memorability ('get back on the bike'), Errors, Satisfaction
Discount usability engineering (Nielsen) Method of HCI eval that does not require large number of personnel or budget; minimum of 5 testers perform a modified verison of testing and inspection; modified think-aloud; heuristic evaluation; low-fidelity prototypes to test one process at a time, rapid iterations
Object-Action Interface OAI user first selects object then action; vs Action-Object Interface (AOI) the other way

Bidrectional Interface information flows in both directions; can be symmetrical (information exchanged in both directions is the same eg ADT message) or asymmetrical (information flows in both directions, but type of information is different eg orders/results)
Foundational Systems ADT, MPI, Registration, Materials mgmt, Workforce mgmt
Admission/Discharge/Transfer ADT
Master Patient Index MPI ensures 1 record for every 1 patient
Departmental Systems Laboratory (clinical/anatomic path, blood bank), Radiology (PACS, RIS), Pharmacy (Unit dose, Retail), Cardiology (ECG, echo, cath, PACS), Dietary, Neurology (EMG, NCV), Pulmonary (PFT), GI endoscopy
Laboratory Information System LIS One of the largest contributors of objective data into an EHR; larger laboratories are highly automated; all laboratories are highly regulated by federal law; interface with EHR via HL7 messages.
Picture Archiving and Communication Systems PACS Can accept an association from a fluoroscopic unit with PACS hostname, application entity title, and TCP
Radiology Information System RIS handles departmental workflow and the lifecyle of an interpretation of an image
Financial Systems Facility Billing, Professional Fee, Financial and Strategic Decision Support
Layers of Infrastructure Power, HVAC; Network, fixed and wireless; Point-of-care devices; EMR with interfaces; Results review, documentation, CPOE; Care delivery, clinical mission, quality
Heating, Ventilating, and Air Conditioning HVAC
Data Center dedicated and protected facility with specific requirements of electricity, humidity, and air conditioning. Usually one per campus per institution; houses hundreds of servers, appliances, and disk storage; placed on racks and physically measured in 'rack units'; physically protected, electrically fed
Data Center Classes tiers reflect differences in protection against loss of services: Tier I (Basic): single path for power and cooling distribution without redundancy (99.671%); Tier II (Redundancy): single path for power and cooling distribution (99.741%); Tier III (Concurrently maintainable): multiple active power and cooling paths, but only one path active; has redundancy (99.982%); Tier IV (Fault tolerant): multiple active power and cooling distribution paths; has redundancy (99.995%)
Data Center Issues UPS provide 30 minute of backup power; fully loaded rack may weight 2000 lbs: 100 racks require ensuring proper structural integrity; too many physical servers and other equipment --> virtualization (share hardware resources between processes); Expensive to build, hence often outsourced where space and electricity are cheaper; Redundancy in air conditioning, power, networking; Heat - fully loaded rack may consume 20 kW and require 6 tons of cooling. 100 racks require 2MW electricity and water-cooled air conditioning (chillers)
Uninterruptible Power Supply UPS
Network Design network switches distribute network serving a workstation at bedside <-- dual-homed (2 network interfaces) switch-routers <-- redundant backbone core switch-routers <-- WAN or server farm (may be far away).
Data closet room where cabling ends are connected to switches and other pathways; smaller space, typically on each floor which houses networking equipment and cable ends (needs UPS)
Cable plant topographical layout of physical cables connecting desktops to the equipment in the closets and cables interconnecting closets and the data center
Institute of Electrical and Electronics Engineers IEEE example of an SDO
Cabling issues Closets may not have adequate HVAC; cables are laid, old ones are almost never taken out - a weight issue; fire codes must be followed going floors and buildings; new cables in ICU and OR require utmost caution; cables can be outdated, unable to support higher bandwidth; labor costs of cabling outweighs other hardware and software purchases; security of closets and cables are suspect; closets may be shared
Client Server desktop client is focused on handling user interaction but server handles data requests
Thin Client simple user device that runs application software which is connected to powerful server
Application Service Provider model ASP Business that provides computer services over the internet
Integrated Systems Patient data exists in the same database used by all clinical applications (eg VistA) eg LIS as an integrated module/component of the EHR (shares tables); internal LIS is one in which LIS and EHR are both owned and managed by the same health care entity
Interfaced Systems Data are communicated between separate applications, usually by means of an interface using HL7 protocol.
Interface Engines aka message broker, application-level router; is a middleware application used to transform, route, clone and translate messages. A HL7 interface engine is an interface or integration engine built specifically for the healthcare industry. Can 'play back' messages when unavailable receiving system comes back online.
Point-to-Point Interfaces number of connections when every node connected: n(n-1)/2 but with interface engine only need n connections (each to the engine)
Unidrectional interfaces information flows in one direction only: drive workflow (eg specimen labels); faxes and printed jobs; movement of specimens down a line; can be problematic when broken
Laboratory automation HL7 interfaces, used to communicate information between two databases; real-time for clinical care activities. For billing and datawarehousing, can send nightly
LIS interfaces 1:M EHRs, 1:M outside LIS (reference lab, outreach lab), 1:M middleware servers (automation line, point of care device, blood typing, autoverification); many lab instruments, billing systems
Automation line Robotically operated specimen track which moves specimens from point of entry to the instrument that will perform the test: scans specimen label barcode, uses accession # from barcode to query LIS for pending orders, sends the sample to the appropriate instrument for testing
Autoverification Process whereby computer-based algorithms automatically perform actions on a defined subset of lab results without the need for manual intervention by a medical technologist, laboratorian or pathologist. Results that fall within certain reference ranges may be automatically verified by the middleware; can do 10x as many lab tests with the same number of employees; when it isn't working, volume may quickly outpace staff's ability to keep up
Barcodes Code used to represent alphanumeric characters, like an accession number or encounter number; can be 'read' by a barcode scanner and deocded into the original data. Advantages: reduces manual typing errors, improves speed of data entry. Strong recommendations supported by guidlines: ensure that the human-readable version of the encoded data is always printed next to the barcode. Linear barcodes are 1D (Code 39, Code 128A, 128B, 128C(double data density - numbers only)), space intensive for the amount of data encoded; damage and misprints can result in substitution errors (data decoded is not what was intended for printing) at an alarmingly high rate (1/88K); no way to know what piece of data was encoded into the barcode (MRN? MPI?). 2D barcodes represented in 2D (stacked 1D eg PDF417; Matrix eg QR code, DataMatrix, Aztec), can encode redudancy and error correction algorithms, data integrity check (128 does too but only 100 possible checksums)
Errors in Barcodes Unrecognized character error rate (manual: 1/300 keystrokes; 1D barcode 1/90K to 37M; 2D barcode 1/1021)
Application Server eg Citrix, connects end-user application with EMR
Methods to improve partial interoperability between HIT systems Interfaces (eg HL7); Communicate results on paper- scan into foreign EMR; Reciprocal access; Embedded applications (take appearance of one application and put them within the EMR of the other organization); Context sharing-CCOW; Build separate application with data from both

Types of settings where systems are used Ambulatory, surgical center, ER, OR, nursing facility, acute care facility, home, inpatient (acute care, psych, rehab, ICU: trauma/surgical, pulmonary, cardiology, neurology, neonatology, remote)
Clinical Laboratory Improvement Amendments of 1988 CLIA overhaul of CLIA (1967); generated in reponse to public fury (false neg pap smears); pertains to every laboratory in the US. Requirements for reporting and notification of laboratory results; regulates labs not EHRs which must be certified by CMS and state
CLIA regulations must have adequate manual or electronic system in place to ensure test results and other patient-specific data are accurately and reliably sent from the point of data entry to final report destination in a timely manner. Test report must indicate patient identification, name/address of lab, date, test, specimen source, test result, units of measurement; reference intervals or normal values must be available to authorized person who ordered test.
CLIA maintenance every two years (or CLIA-deemed agency); college of American Pathologists accredits most labs in the US (more strict). Gen.48500: there is a procedure to verify that patient results are accurately transmitted
Patient Access Rule Revises CLIA and HIPAA / supercedes all state laws; patient can request copy of lab results directly from lab (has 30d to provide); requirements to comply with request are the same as for health care entities; labs can refer patient to medical records if all results available and HIPAA compliant; no requirement for lab to interpret or to notify ordering provider
Transfusion systems Regulated by the FDA; considered high risk (Class III) medical device. Guidance on software validation available
Digital Imaging Pixel (smallest component of an image; print vs digital); Image Size (overall size of image in its final form, width by height; contains no information on image resolution; important to know if need to decide on resolution)
Image resolution aka pixel density, commonly referenced as DPI. Gross images --> low resolution OK; microscopic images --> high resolution desired. Balance resolution against the final image size desired (small image size : low res; large : hi)
Dots per inch DPI number of pixels per inch per screen/print medium; DPI = 96 on average computer screen; printed DPI = 300 variable
Image Compression Reduces the amount of memory that an image occupies by various mathematical algorithms; lossy or lossless
Lossless image compression memory (file size) reduced but original image data can be recovered, eg PNG, GIF
Portable Network Graphics PNG
Graphics Interchange Format GIF
Lossy image compression some original data in the photo is gone forever; amount of compression is proportional to the amount of loss; well designed --> substantial data reduction without obvious loss to the end-user; eg JPG
Joint Photographic Experts Group JPEG
Tagged Image File Format TIFF can use either type of compression
Mutliple-image Network Graphics MNG can use either type of compression

Electronic health / medical records systems as the foundational tool EMR Evolution from department-focused to patient-focused; tab metaphor for data remains common; goal of problem-oriented medical record remains largely elusive; most visible system to clinicans and patients; target of federal incentive programs
EMR core functionalities (IOM) health information and data, results mgmt, order entry/mgmt, CDS, e-communication and connectivity, patient support, administrative processes, reporting & population heatlh mgmt
EMR functionality 1 Message box (proprietary names vary but functionality similar); Results review (lab, path, imaging, notes); Documentation (direct entry, structured/unstructured, dictation, mixed); Order mgmt; Patient summary displays; MAR/BCMA
Medication Administration Record MAR
Bar Code Medication Administration BCMA
EMR functionality 2 Patient lists, schedule, rounding/handoff tools; patient monitoring review; quality metrics, dashboards; Billing; Patient support; Administrative; E-communication (with team, patients); Population health, external resources, Compliance & Decision Support (permeates all the other functionalities)
HIMSS EMR Adoption Model commonly used: 8 stages, each has features that add to one below it; different sequences possible
Documentation Using EMRs Satisfaction = f (time efficiency, availability/accessibility, expressivity, quality)
EMR Issues Time spent writing notes: 4-14 min; 'electronic notes are harder to understand'; copying and pasting; note loss, notes in wrong chart, notes with wrong title, notes on wrong encounter; billing & compliance
Study on EMRs copying and pasting 1-6 scale of harm/misleading/risk. 1/10 charts contained an instance of high-risk copying; clear policies, practitioner consciousness-raising and devlopment of effective monitoring procedures are recommended
Documentation Tools Structured (codes, needs training) vs Unstructured (narrative text, easier to learn)
Order Sets collection of pre-configured orders; time savings; reduce errors and increase accuracy during order entry; increase completeness of orders; 'built-in' decision support and evidence driven care; reduce variability and enhance compliance with best practices. Protocol is built of orders sets is built of preconfigured orders is built from order dialog.

Telemedicine communication of voice or appearance of patient is important to delivery of care (psych, derm, path, ENT, retinography); teleradiology, telesurgery, remote imaging/monitoring, remote ICU, remote procedures
Synchronous Teleconferencing Dedicated hardware, broadly available tools (eg Skype, conferencing applications)
Asynchronous Telemedicine Store & forward; email, other
Telepathology has a specific meaning compared to all other forms of digital pathology; diagnosis which results in a report is rendered from a digital microscopic image ONLY. Static telepathology : entire image is caputred then transmitted; transmission can be in toto or in pieces (tiling). Dynamic telepathology : live video feed, with or without remote control of scanner. Hybrid telepathology do both
Telepathology regulations vary from state to state; not the same as for teleradiology; CLIA applies; CAP has additional standards for accredidation; whole slide imaging device are FDA Class III (requires premarket approval)

Clinical Data Standards promote consistent naming of individuals, events, diagnoses, treatments etc; allow better use of data for patient care as well as secondary uses, such as QA, research public health etc; enhance ability to transfer data among applications, allowing better system integration; facilitate interoperability among information systems and users
Standard A standard document established by consensus and approved by a recognized body that provides for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the optimum degree of order in a given context

Standards development approaches (Hammond) 1. ad hoc (groups come together and agree to use a common but informally developed specification eg DICOM); 2. De facto standards emerge as one earns a critical mass of adopters to make its system the standard (eg .DOC format); 3. Mandated standards by government agencies, eg US certificate of death; 4. Consensus, closed or open (preferred)
Standards development process (Hammond) identification, conceputalization, discussion, specification, early implementation, conformance, certification
American National Standards Institute ANSI private nonprofit organization, developed a formal consensus process with open balloting and public review as well as an accreditation program for SDOs; coordinates US standards with international standards so American products can be used worldwide
Health IT Standards Committee HITSC charged with making recommendations to ONC on standards, implementation specifications, and certification criteria for electronic exchange and use of health information. Lately : increasing interoperability. 'JASON Group' of scienctists that advises US government - move to more modern API-based approaches; JASON task force developed recommendations: interoperability vision and framework --> Argonaut Project (2014, details of implementation); Standards advisory (2015) deemed ready for use
Standards Development Organization SDO has overall responsibility and ownership of a standard; employs a multistep process in producing standards to ensure quality, integrity, and input
American Society for Testing and Materials ASTM SDO responsible for many healthcare standards eg the CCR
International Organization for Standardization ISO International standard-setting group; ANSI is the US representative
European Committee for Standardization CEN CEN/TC 251 is health informatics standards body for Europe
National Institute of Standards and Technology NIST Information standards organization (not an SDO, exists to foster, promulgate and coordinate standards)
International Health Terminology Standards Development Organization IHTSDO based in Denmark. Maintains SNOMED-CT
Clinical and Laboratory Standards Institute CLSI Intl SDO for labs, consensus-driven (reflects equal representation from govt, industry, health care pros)
National Electrical Manufactuers Association NEMA maintains DICOM
National Council for Prescription Drug Programs NCPDP VD.0, standard for pharmacy claims transactions.
NCPDP Medicaid Subrogation Version 3.0 standardization of the Medicaid pharmacy subrogation transaction process (claim from a Medicaid agency to a payer for the purpose of seeking reimbursement from the responsible health plan for a pharmacy claim the State has paid on behalf of a Medicaid recipient.)
NCPDP Batch Standard Version 1.2 Similar to D.0 but in a batch enviroment

Standards and Interoperability Framework S&I standard initiative of ONC
Unique Patient Identifier UPI yet to come to fruition despite being mandated in original HIPAA; should be unique, nondisclosing, permanent (will never be reused), ubiquitous (everyone had one), canonical (each person has only one), invariable (will not change over time). There are probabilistic matching algorithms to link records. ?Globally unique identifier eg Record@Hospital : combine local MPI plus holding institution identifier - could be unique, permanent, nondisclosing, ubiquitous; once in place develop a 'Reocrd Locator System' to achieve linkage
Unique Device Identification UDI 2014-2020 FDA mandate?
National Provider Identifer NPI 10-digit numeric identifier issued by the NPS (of HHS) replaced UPIN in 2007 and is required for medical billing. 10th digit a Luhn algorithm checksum
National Provider System NPS Issues NPI to all US physicians
Universal Physician Identifier Number UPIN mandated in HIPAA
National Standard Employer Identifier EIN
Health Plan Identifier HPID mandated in ACA
Other Entity Identifier OEID mandated in ACA
Medical Information Bus MIB aims to develop standards for control and linkage of information from medical devices; most implementations just transfer data, but there is capability to issue commands eg change settings of an IV pump

Transaction standards standardized electronic exchanges involving data transfer between two parties for specific reasons
Electronic data interchange EDI covers transactions involving claims and encounter information, ERA, claim status, eligibility, enrollment and disenrollment, referrals and authorizations, and coordination of benefits and premium payment
Electronic Funds Transfer EFT under ACA physicians can require payers to use EFT. Medicare requires physicians to use EFT
Electronic payment & Remittance Advice ERA
ASC X12 Version 5010 mandated in HIPAA to encourage electronic commerce for health claims: eligibility, claim status, EFT, ERA
Context Inspired Component Architecture CICA

Continuity of Care Record CCR ASTM patient health summary standard; the most relevant and timely facts about a patient's condition; goal was for use when patient was referred, transferred, or discharged. Not compatible with existing standards so HL7 and vendors created CCD which is richer
Health Level Seven International HL7 ANSI accredited international SDO with 2,300+ members across 500 corporations representing ~90% of IS vendors. Provides a framework for the exchange, integration, sharing, and retrieval of electronic health data ie major messaging standards.
HL7 versions V2.1 (1987) through V2.8 (2014), syntactic-oriented, loose guidelines can be built in ad hoc fashion, backwards compatible with other V2 versions but not V3, each message type has a set of segments delimited by | consisting of a three character identifier and values. Version 3 (2005), semantic interoperability, stricter more consistent standards, plug-and-play, built upon RIM in XML, not compatible with V2.x, more expensive
Reference Information Model RIM Object-oriented model to define healthcare interactions based on five abstract classes : 1. Entity 2. Role 3. Participation 4. Act 5. Act relationship. All clinical, administrative, financial activities of healthcare can be expressed in 'constraints' to model
Structured Product Labeling SPL HL7 XML document markup standard that specifies the structure and semantics of the content of authorized published information that accompanies any licensed medicine
Clinical Document Architecture CDA most widely recognized HL7 version 3 component; a standard for specifying the XML-based standard structure and metadata of clinical documents; templated and object-oriented; much healthcare information is in 'documents' required for human reading, but still want computable structure. Templates are reusable, computable components of CDA documents; unstructured documents can be 'wrapped' in a CDA framework. Level 1: specification of document; Level 2: adds document types with allowable structures; Level 3 adds mark-up expressible in RIM
CDA usage CDA defines building blocks which can be used to contain healthcare data elements that can be captured, stored, accessed, displayed and transmitted electronically for use and reuse in many formats; sets of these CDA standardized building blocks can be arranged for whatever needs exist; this approach offers tremendous flexibility; it allows for the creation of a comprehensive variety of clinical documents which share common design patterns and use a single base standard; arranging (or constraining) the CDA elements in defined ways using templates produces clinical documents
CDA Structure Header; Body>>Section>>Narrative Block; Entry. Every document must have at least a header (sets context) and one section (contains one narrative block (human readability; rendered for viewing) and 0-many coded entries(machine-readability).
Consolidated CDA C-CDA document templates for common clinical notes (discharge summary (CCD), diangostic imaging report, consultation note, H&P, op note, progress note, procedure note, unstructured document), which are based on Section templates and Entry templates
Continuity of Care Document CCD HL7 XML specification for structuring in a static form the many data elements that are needed to record clinical encounters; based on HL7v3 and CDA. The core data set of the most relevant administrative, demographic, and clinical information facts about a patient's healthcare. Required to have : US Realm Header, Allergies, Medications, Problem, Results sections in body
Clinical Context Object Workgroup CCOW HL7 protocol designed to enable disparate applications to synchronize in real time and at the user-interface level; manages context of caregivers who may need to access different computer applications in process of care; oft-stated goal is 'single sign-on' across applications, network etc.
Electronic Health Record - System Functional Mode EHR-S FM outlines important features and functions that should be contained in an EHR system
Digital Imaging and Communications DICOM international medical imaging messaging standard for handling, storing, printing, and transmitting across a specified network communications protocol with a specific file format definition; maintained by NEMA
NCPDP SCRIPT SCRIPT NCPDP standard for electronic communications between prescriber and pharmacy; MU requires for e-prescribe
CEN ISO / IEEE 1073 standard that dictates how medical, wellness, and healthcare devices communicate with external computer systems: allows fo 'plug-n-play' use of healthcare devices.
EHR-Laboratory Interoperability and Connectivity Standards ELINCS goal to standardize laboratory ordering from and reporting to EHRs; relies on HL7v2 and LOINC
Blue Button Initiative Public-private partnership to empower consumers with easy and secure access to their health records from a variety of sources in a format they can use. Began with the VA --> led to ONC launching Blue Button Toolkit to facilitate development
Substitutable Medical Apps, Resuable Technologies SMART an ONC SHARP project : create a platform for app development accessing store of information. Some vendors are pursuing platforms (Surescripts, Allscripts launched open architecture platform HELIOS, EPIC has developed API for accessing data and services)

terminology set of terms representing the system of concepts of a particular subject field
synonym different term for same concept
polysem term that means more than one concept
dictionary concepts plus meaning
thesaurus groups synonyms by concept
nomenclature system of terms elaborated according to established naming rules
vocabulary concepts and terms in a domain
classification system that organizes like or related entitties
semantics insertion of meaning via relationships
term designation of a defined concept in a special language by a linguistic expression
Nomenclatures, vocabularies, and terminologies benefits of computerization of clinical data depend upon its 'normalization'. Clinical language is inherently vague, which is at odds with the precision of computers. Use cases: information capture, communication, knolwedge organization, information retrieval, decision support
concept thing or idea, expressed in one or more terms

ontology A framework for representing knowledge (web). A controlled vocabulary expressed in an ontology representation language thereby creating a formal representation (structuring of concepts and relationships between them) of definitional information of a domain in a way that allows it to support automatic information processing. The grammar contains formal constraints (e.g., specifies what it means to be a well-formed statement, assertion, query, etc.) on how terms can be used together. Like thesauri but different because there are often no preferred terms and the concepts and relationships are described in machine readable ways thereby supporting semantic interoperability. Generally adheres to either RDF or OWL XML-based standards.
taxonomy practice and science of classification; taxonomies add structure to unstructured information to make it easy to search and filter. (tree with branches)
Predication relationship A.1 is a certain type of A (what a statement says about its subject)
Conditional relationship All A.1 are A
International Classification of Diseases ICD international standard and disease ontology published by the WHO originally for morbidity reporting; ICD-10 defined in 1990 (69k codes, 3-7 characters, first character alpha), now standard as of 10/1/15 (ICD-10-CM, maintained by the CDC) ICD-10-PCS procedure codes will be used for intpaitent procedures instead of CPT). Half of all codes related to musculoskeletal system, primarily injuries. A requirement for billing claims. ICD-9 (1975, 14k codes, 3-5 characters) limitations include NOS and NEC codes, lack of granularity
General Equivalence Mapping GEM enables mapping, eg from ICD-9 to ICD-10 codes
Diagnosis-Related Group DRG describes a bundle of services a hospital might provide; flat rate per case for inpatient hospital care to rewards hospitals for efficiency; original intent was to aggregate ICD-9 codes into groups for health services research; set of several hundred codes 'lump' hospital illnesses; adopted in 80s for prospective payment for hospitalization in Medicare;
CVX Code codes for active and inactive vaccines in the US
National Drug Code NDC FDA required registration that utilizes a 10 digit, three-segment number that serves as universal identifer of the product (pharmaceutical preparation); labeler code - product code - package code
Unique Ingredient Identifier UNII specifies ingredients in drugs and other compounds
National Drug File Reference Terminology NDF-RT standardized terminology maintained by the VA, for modeling drug characteristics, including ingredients, chemical structure, formulations etc, ie ADMET (absorption, distribution, metabolism, elimination, toxicity)
RxNorm substance-oriented standardized terminology maintained by the NLM that provides normalized names for clinical drugs and links to synonyms within First Databank, Micromedex, MediSpan, Gold Standard Drug Database, NDF-RT and Multum. The first component of UMLS; provides semantic structure for formulations and their components
Logical Observation Identifiers Names and Codes LOINC standard universal codes for identifying laboratory tests and clinical observations in electronic messaging; developed by the Regenstrief Institute. MU requires LOINC in messages reporting lab results, medical summaries, sending data to cancer and public health registries. Each term is assigned a unique identifier and a fully specified name with 1. component (what is measured) 2. kind of property (eg mass, substance) 3. time aspect (eg 24h collection) 4. system type (eg context or specimen type ) 5. type of scale (eg ordinal, nominal, narrative) 6. type of method (eg procedure used to make the measurement /observation)
Current Procedural Terminology CPT-4 standardized terminology maintained by the AMA; category I: numeric codes for procedures and RVUs; category II; alphanumeric codes for tracking performance measurement 'F' eg 3725F screening for depression); cateogry III: Temporary codes for new or emerging procedures removed after 5 years
Healthcare Common Procedure Coding System HCPCS aka 'hickpicks', a CMS billing coding system based on the AMA CPT. Category I : same as CPT. Cateogry II: items, supplies, non-physician (ancillary) services
Common Dental Terminology CDT HIPAA standard for dental procedures and electronic dental claims maintained by the ADA
Systematized Nomenclature of Medicine - Clinical Terms SNOMED CT multi-lingual concept-oriented standard terminology, maintained by the IHTSDO (NLM is the member organization of the IHTSDO and distributes SNOMED CT). Key feature is 'multi-axial' or compositional approach allowing terms to be combined and modifiers to be added. >300k concepts, >1M terms, >1M relationships
US SNOMED CT Content Request System USCRS allows users to request basic changes to SNOMED CT. New concept, new synonym, new parent, change description, etc
Nursing Vocabularies irreconcilable information models, tedious, terms not used the way clinicans express them; NANDA, NIC, NOC, Omahar System, Home Health Care Classification, International Classfication for Nursing Practice
Unified Medical Language System UMLS 1986 NLM standard to link the different standards; integrates 58 sources.
UMLS Metathesaurus MTH database of information on concepts that appear in one or more controlled vocabularies (eg ICD-10-CM, LOINC, CPT). Synonymous terms from different vocabularies are given same concept identifier; each distinct term can have different lexical variants, aka strings.
Concept Unique Identifer CUI all terms from all vocabularies representing same notion are groujped as a concept
Term Unique Identifier LUI all source terms of similar form (ie differing only in lexical variation) are groups as terms
String Unique Identifer SUI within each term lexical variants are strings
Atomic Unique Identifier AUI each string is an atom from its source
UMLS Semantic Network each concept in the metathesaurus has an associated semantic type; concepts can also be linked through semantic relationships; generic relationships between semantic types of concepts
UMLS SPECIALIST lexicon contains information on syntactic, orthographic, and morphological information for each concept; based on metathesaurus words and terms, designed to assist in natural language processing applications
Crosswalk a set of links between the same information in one ontology to another ontology
Clinical Element Model CEM stack of coded items can be ambiguous, need model for clinical elements
Clinical Information Modeling Initiative CIMI aims to create CEMs for clinical data, part of ONC SHARP project

Interoperability standards Meaning, Structure, Transport, Security, Services
Interoperability The ability of different IT systems and software applications to communicate; to exchange data accurately, effectively, and consistently; and to use the information that has been exchanged. Made possible by the implementation of standards
Levels of Interoperability Level 1: foundational interoperability (eg mail, fax, phone) Level 2: machine-transportable (structural; information cannot be manipulated, systems can exchange data but the data does not have to be able to be interpreted by the receviing system, eg scanned document) Level 3: machine-organizable (syntactic, sender and receiver understand vocabulary eg email, proprietary format files) Level 4: machine-interpretable (semantic, structured messages with standardized and coded data that can be read and understood, eg coded results from structured notes)
Fast Healthcare Interoperability Resources FHIR HL7 standard to merge versions 2 and 3, CDA, with a focus on implementation; response to complexity of HL7v3 but maintaining compatibility with other HL7 standards eg RIM, CDA. Basic building block is a resource which has common way to define and represent data elements, building them from data types that define common reusable patterns of elements; common set of metadata; human-readable part; public API
Integrating the Health Enterprise IHE Non-federal effort (sponsored by HIMSS) that identifies and demonstrates solutions to real-world interoperability problems, usually done by organizing interoperability showcases to demonstrate solutions. Clinical and operational domains produce technical framework documents which are published resulting in a trial implementation which if successful, profile will be published in final form
Medical Device 'Plug-and-Play" Interoperability Program focus on interoperability of network-based devices, mainly in medical settings
Continua Health Alliance consortium of companies and organizations devoted to interoperability of personal telehealth devices
CONNECT US government software initiative suitable for an HIE based on record locator services (query-based or pull) approach
Direct Project US government software initiative suitable for an HIE based on a secure e-mail (query-based or pull) approach

Institutional governance of clinical information systems best to integrate governance into existing organizational governance structures. Information system projects are best viewed as clinical rather than IT. Leadership best derived from opinion leaders rather than technophilic users. Health IT leadership has migrated up the org chart.
Medical Records Bylaws govern electronic records: content, permissions, responsibility of MDs for entering into the medical record, standards for completion. Oversight vested in medical record or HIM committe and for preparing for review by TJC, laws, policies for completion etc
Business Associates Agreement BAA required by HIPAA; associate has access to PHI
Data Use Agreement DUA govern conditions for use and sharing of data between organizations
Data Storage Agreement DSA Similar to above, but parties store data for another
Service Legal Agreement SLA Typically contractual rather than legal agreeements for performance

Clinical information needs analysis and system selection Create project team, Define requirements (observation, mapping, interviews, focus groups, expert interviews), Identify viable candidates, System selection

Methods for identifying clinician information system needs List taks: orders, notes, results, messaging. Workflow analysis or informal

Elements of a system requirements specification document (eg technical specs, intellectual proprerty, patents, copyright, licensing, contracting, confidentiality, specific organizational needs such as user training and support)
Request for Proposal RFP a document that an organization posts to elicit bids from potential vendors for a product or service. A weighted point assignment method of evaluation may be used if considered appropriate. Includes: description of organization, needs, timing, financial issues, selection process.
Request for Information RFI less formal; Request made typically during the project planning phase where a buyer cannot clearly identify product requirements, specifications, or purchase options. RFIs clearly indicate that award of a contract will not automatically follow
Request for Quotation RFQ used when requirements are clear-cut, ie "you are buying what they are selling"

Due Dilligence demonstrations for small or large groups, require vendor to specifiy what is future functionality. Site visits: one that you arrange! Visit sites like your own; conference calls. Business investigation: will the vendor remain in business, how long have they been in business, private or public, likely to be aquired? future? involve your business office / CFO.

The costs of health information and communications technologies Most of cost is in ongoing/maintenance costs (support payments) rather than initial capital expense. Basis for long-term financial and professional relationship; legal counsel; vendor proposal should be submitted in form to be included in contract; contract controls project, functionality, payments

Clinical information system implementation assess current state, process design (future state), software design/configuration, testing, training, go-live, post conversion assessment, move to ongoing support model
Information Technology Infrastructure Library ITIL Developed in the UK, gained recognition when Microsoft used it as the basis for MOF; deines the operational structure and skill requirements of an IT area and documents a set of operational management procedres to foster more effective management of an IT operation and infrastructure: potfolio --> services --> processes --> procedures

Elements of a system implementation plan manage budget, external audit, testing, training, support, transition planning ('go-live', 'activation', 'conversion'): big bang vs pilot or phased (staggered, sequential); when choosing transitiion consider functionality & geography

Models of user training and support processes that can meet clinician needs classroom (web-based or blended), concierge (meeting needs where user finds most useful, costly), in-person (tailored to specialty), strengths and weaknesses of superuser, physical presence: be on wards/clinics 'at the elbow'

Processes and mechanisms that obtain and respond to clinician feedback Real-world active surveillance best. Solicit feedback from users (eg capture feedback button); safety reporting system; simulations, robot monitoring of user experience
Clinician feedback Processes and mechanisms that obtain and respond to clinician feedback : support team embedded in clinical world (rounding, using systems give insights), monitoring remotely, 'feedback button', 'pizza budget' meals coupled with feedback; regular communication at meetings, via pages, using ad hoc hallway and clinical setting conversations

Unit testing Directed at menus, templates, and other modules and subunits of the system, without regard to other system components internal or external to a given application
Application testing All modules and subunits of the application work in connection with each other
Integration testing Conformation that information flow between the EMR and external systems occurs as expected
Performance testing With production loads and users, system functions within expected boundaries
Post-production testing After conversion, all aspects of system operate as required
System testing Tests all aspects of a given system or application, eg how well the software satisfies the stakeholders' functionality, security, performance, load, reliability, compatibility, availability, etc. requirements
Regression testing Tests to make certain that, with the exception of the change currently being requested, all components of the software's functionality/behavior are unchanged
Backout or contingency testing Tests the ability to back out the changes being made to a system or, if changes cannot be backed out, tests the contingency plan if modifications cause problems once implemented
Test environment Domain (or instance) of system with configuration and data similar to production in which testing occurs
Scripts structured simulations of workflow and system use that can reproducibly be used for testing versions of proposed production version
Conversion aka activation or go-live: Command Center (on-site presence, all teams: technical, application, interface, user liaisons; planning duration and logistics should being early); User support team (goal is overwhelming support 'at the elbow', project and non-project team, roamers); Communication methods and plan (pagers, cell phones, scheduled status calls, shift reports); Issue management (capture and triage, documentation, communcation / closing the loop); Review downtime procedures; Have back-out or remediation plan
User support models role of help desk, escalation procedures, onsite vs remote, superusers (may be busy)

Clinical information system maintenance operations entails day-to-day running, maintenance, enhancement and safeguarding of the system to meet the availability and reliability requirements. Patches, upgrades from vendor, coding system updates (ICDX, DDI databases etc), interfaces with other systems, delivery (end user devices, Citrix)
Organizational strategies necessary to EHR Safety care-process transformation, patient safety, HFE, software safety, proejct management, continuous improvement (Walker)
EMR optimization post-implementation focus on features and functionality that have been incompletely or suboptimally adopted; review of workflow and tailored education; use of EMR to assist in meeting organizational quality, safety, and financial goals
Compliance and the law Documentation, orders, results review and other tasks and audit trails scrutinized by compliance are increasingly accomplished using computing systems: compliance officers charged with protecting the organization and may not have full understanding of clinical computing systems functionality and workflow; copmliance and DOJ focus on cloning, upcoding, copy/paste
Clinical computing systems and the law authentication vs authorization; nonrepudiation (user may attempt to claim they did not create document when in fact they did); audit trails (reconstruct construction of note or use of EMR), document version history; close cooperation with compliance and general counsel

Downtime Time systems not available to significant group: inevitable, prepare ahead, communication between parties critical, parties must know a priori what to do, business must continue, reucing downtime is a key metric
Scheduled downtime Best to develop/train downtime procedures including workflow, data access, preparation and backloading from paper. Select optimal time based on schedule of clinical activity and key business, availability of internal/external technical resources; stratify plans by length of planned downtime, notify user community in advance
Unscheduled downtime causes include human error, changes in system insufficiently tested, software fault, hardware/connectivity failure, reaching capacity, disaster, malicious activity; have and follow a plan that includes structured incident command, triage, communication, and a post-mortem review
Reducing risk of unscheduled downtime Code updates (avoid the bleeding edge, limit changes to those that are absolutely necessary); Downtime Windows (allow resources to adjust their body clock, ensure backup plans for key resources, check-in in advance and keep in contact throught the downtime); Vendor Availability (get on the vendor's activity calendar; make sure they know what you're doing ahead of time and that they can support it); Planning, testing, post-implementation validation (sufficient test environments, testing tools, standardized/reusable test scrips, post-implementation validation should be done by people on the front lines)
Operations when actions down communicate; conference calls, emails, personall calls to sr mgmt; right frequency, right timing with right relevant details. If big problem: have separate technical solution group and user communication group (Shield solution group from communication group - no lynching rule; communication group triggers business continuity plans, unless it is triggered automatically); each affected work area manager and each affected service follows their business continuity plan. Solution group needs a leader; must have time to propose, vet and try alternatives; should focus on alternatives to minimize downtime, not necessary solve the problem; pay attention to when to let members of solution group be fed/relieved; involve vendor early, show urgency, demand speed, call their bosses; conduct detailed post mortem for RCA later if not found as yet
Issues when the system is back up are data on paper back-loaded? When and by whom? Are resuls generated by departmental systems loaded retrospectively? Plan transitions of orders and medication administration from paper to EMR; pay attention to staff fatigue
Operations - service view IT service portfolio (collection of high level, grounded objectives; manage performance, secure assets, manage identities, plan strategically); Each folio is a set of services (offered to a user, peer, institution with SLAs; minize expected downtime, manage a reported performance problem, protect perimeter; Each service is a collection of processes (processes are collections of procedures using a set of tools by a collection of custodians - who does what using what?); Each procedure is measured for resource and efficiency, and these collections generate operational metrics; Disaster recovery and downtime : off-site storage needed, test restore processes, corruption risks - stagger versions, rehearse downtime, day and night, to from daylight savings)

Decommissioning of systems consider data transfer risk/benefit; keep old system? Drivers external (eg certification, ICD10), internal (best of breed vs integration, better systems available, cycle time between systems?)
Trends in operations most healthcare organizations may invest in care instead of IT; outsourcing specific applications; cloud computing (provision of dynamically scalable and often virtualized resources as a service over the internet on a utility basis, infrastructure/platform/software as a service (Iaas/PaaS/SaaS), makes good economic sense due to scales of operations, unclear understanding with privacy issues); models of operational consolidation
Change control requires that updates or changes to software, hardware, or other parts of the infrastructure or application go through testing and analysis of its expected and potential impacts. Those making the change are expected to test changes, understand impacts, notify users, and minimize unexpected side effects. A formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner

Usage Proportion of users. In ambulatory settings, CDC finds growing adoption. Hospital settings most sucessful but do not use all capabilities. Compared to other countries, US is a laggard but most other countries do not have advanced functionality
Evaluation help experts determine what works best; allows users to cut through hype; justifies costs / helps with cost comparison
Efficacy vs Effectiveness Efficacy is evaluation in controlled research setting; Effectiveness is evaluation in real world (aka outcomes research)
Microevaluation vs Macroevaluation Micro: evaluation of individual components of a system; Macro: evlaution of a whole system as a 'black box'

Outcomes relevant to the clinical goals and quality measures Measures of various clinical operational and other outcomes
Outcomes Systematic reviews: clearly there are benefits - most studies had positive outcomes.
Costs Does HIT reduce cost of care? Challenging to measure with different technologies, reimbursement models etc. Notable findings: in outpatient settings practices only get 11% ROI with rest going to labs and insurers; models of health information exchange show benefit but have yet to yield benefits in reality; lowered costs from hospital implementation before/after EHR implementation

Objectivist aka quantitative research; most common approach is comparative
Subjectivist aka qualitative research
Comparative research choose a research question and population; select sample; determine variables to measure: dependent or outcome - measure difference; independent or predictor - explain difference; randomize sample to experimental or control group; results show either truth or error
Bias systematic error introduced by experiment whereas chance is random error; bias can be due to selection, measurement, confounders.
Assessment bias Subjects allow feelings toward system to influence their performance with it
Allocation bias Randomization 'cheated' inadvertantly or purposefully
Hawthorne effect Humans try harder when they know they are being observed
Checklist effect Deicision-making more copmlete with checklists
Chance Result obtained by chance, minimized by statistical anlalysis; alpha error - difference represents chance event; beta error - there is an actual difference when none is detected, usually due to small sample size
Validity Internal (experimental methodology must be sound by avoiding bias and chance error); External (experimental results must have generalizability to real world and clinical significance)
Ethnography Subjectivist : observe users in their natural environment
Focus groups Subjectivist : convene individuals for focused discussion
Usability studies Subjectivist : give users tasks and watch what they do
Protocol analysis Subjectivist : ask users to 'think aloud'
Actionable qualitative research tools and data collection include site inventory profiles, ethnography guides, interview question guides, rapid survey instruments. Has been successfully deployed for evaluation of clinical decision support and EHR safety; has led to elucidation of 'unintended consequences' of HIT

Challenges in Evaluation of Clinical Systems most CMIOs do not have budget/personnel. Small incremental evalutions, particularly if they are built into the clinical system operations. What to study? Override rates, effectiveness of particular alerts, effectiveness of strategies to reduce use of expensive resource that does not give improved clinical benefit?