Case study on database administration

1. Do EMR and CPOE systems seem to have the potential to help Mountain View achieve its goals of achieving high-quality care and containment? Support you answers with examples of how you think these goals may not or may not be achieved.
The EMR and CPOE have mechanisms that can help the MVCH achieve its goals and objectives as they make the process of administering services to different patients easier. They facilitate the service delivery process and ensure that there is proper data storage which can be easily accessed when needed. The EMR and CPOE also reduces the time for delivering services thus making service delivery more effcient as described by Dr. “ Z”
2. In light of HIPAA and other regulations, securing and protecting other patient records is a primary requirement for MVCH.
a) What data security issues would you expect mountain view to encounter if an EMR system is implemented which is accessible by physicians in the community, by laboratories and by healthcare organisations.

Confidentiality – if data is accessible to anyone in the insitution, then the confidentiality of the patients’ data will be compromised.

Data Integrity – data which is accessible to anyone is likleky to be manipulated at different stages in the organisation.
b) What data security techniques described in this chapter could be used to address the issues.
In order to eliminate the above problems, the hospital should consider using encryption for the data and also use of digital signatures which can help in making data more authentic. The encryption will help the hospital employees to access some data only if they have the decryption key thus making them authorised data handlers. The hospital should also introduce the use of access control so that only legitimate employees can access a given set of data in the hospital.
3. If MVCH decides to implement a CPOE system, how could access problems such as the one that Dr. “ Z” experienced at another hospital be prevented?
Since the implementation of theCPOE system results into access problems, there is a number of ways in which such problems can be eliminated. The physians should be granted access priviledges depending on the level that they occupy in the institutions. Data should not be accessible to anyone in the insitution. There should be a mechanism that haandles access rights of different categories of employees within the hospital.
4. Given that the Mountain View database you developed in SQL server already includes tables for physicians, orders and so on, do you think a full-fledged CPOE system could or should be developed internally? Why or why not?
A fully fledged CPOE system should be developed internally so as to help the physicians to propely manage the data presented to them by the patients. The COPE system that is developed internally will be easily customised so as to enable the computerisation of all the processes in the provision of healthcare services at the insitution.
5. Dr. “ Z” indicated that physicians might resist the implementation of a CPOE system. do you think that that would also be true for an EMR system? Why or why not? What would be critical success factors for implementing an electronic medical record at MVCH?
Dr. “ Z” indicated that physicians might resits the CPOE implementation since it was hard to implement due to the multiple steps involved, and difficult of access. He also noted that this system was still prone to errors. However, the implementation of the Electronic Medical Record system is likely to be receive positively by most of the physicians in the hospital. This is due to the following reasons:
i. They help in saving on the cost and space for keeping the medical records
ii. It enables all the participants in the healthcare system to cordinate care
iii. They also help in saving time
iv. Doctors are known to have some undesirable handwriting. The use of the EMR will remove the possibility of the occurrence of such problems as computer font will be used.
v. It results into enhanced quality of care
vi. It also results into faster and more diagnosis treatments of different cases presented to them
6. Should Mountain View Community Hospital adopt a continuos data Protection (CPD) system? why or why not? What other back-up strategies might the hospital pursue?

Mountain View Community Hospital should adopt continuous data protection because of the following reasons:

The continuous data protection is easier and more efficient to use since the data administrator does not have to specify the point where he or she wishes to recover the data until he/she is ready to perform a restore. It therefore helps in eliminating the need for having scheduled backups. The CDP also helps in protecting against some effects of data protection as it allows the user to restore to a previous uncorrupted point. All the transactions that might have taken place during the corruption time are then lost. The CPD also requires less disk space than the traditional methods used to offer the backup services.

Other backup strategies that the hospital can pursue in order to ensure that their data is properly backed up include:

i. Backing up offline files and folders
ii. Backing up browser preferences
iii. Backing up of emails
iv. Using sync tools to backup the data.
7. Do you think data storage at Mountain View Community Should be treated as strategic issue? Why or why not?
Data storage is a strategic issue and should be handled with utmost care. Poorly stored data usually results into passage of wrong information. The patients’ data should be properly stored so that they can be used for future reference and patients will not be required to through the rigorous process of acquiring information. Patients’ data should also be stored with a lot of confidentiality. The data should not be accessible to anybody in the organisation. If patients’ information is leaked to the public, then there will loss of trust between the patients and the hospital administration. For the good of both the patients and the hospital administration, data should be properly planned and managed.
8. Do you think that data quality at Mountain view Community Hospital is a strategic issue? Why or why not?
Data quality is also a strategic issue and should be taken into consideration by Mountain View Community Hospital. Poor data quality is usually a nuisance and results into loss of customer loyalty. The quality of data stored by the hospital can also compromise the services offered by the hospital. Data quality is therefore a strategic issue as it will help the hospital to properly manage data and also help the management of the hospital and the physicians to correctly administer their services thus improving the quality of services hence improving customer loyalty.
9. Which data and database administration issues described in chapetr 12 should be addressed by Mountain View Hospital’s special study as part of the long-range business and information systems plan? Why?
The MVCH should address data confidentiality, Access and integrity issues. If such data administartion issues are properly addressed, then the patients in the hospital are likely to have more trust in the hospital. Data properly stored also help to control data access by competitors thus helping the hospital to improve their mode of service delivery.

Additional Question

How can views be used as part of data security?
Views usually provide extra security as they help to limit the degree of exposure of tables used in the database to the outer world. They help in protecting access to and from the tables which are used in tha database. Once the degree of exposure has been limited, it is therefore easier to control and protect the data in those tables.

What are the limitations of views for data security?

The views are very slow. Their speed of operation is similar to that of query thus compromising on the data security. Views can also be eaily queried and data contained in the views be easily changed. This also jeopardises the security level of the data it represents.

References

1. Peter Fleischer, Jane Horvath, Shuman Ghosemajumder (2008). Celebrating data privacy.
2. Smaltz, Detlev and Eta Berner. (2007)The Executive’s Guide to Electronic Health Records. Health Administration Press p. 03
3. Foreman, Judy (2006). ” At risk of exposure”. Los Angeles Times.
4. Kate Ramunni; ” UCLA hospital scandal grows” Los Angeles Times, August 05, 2008