Barriers to EHR Implementation [MI 227:CW04]

Posted on by triciuhhh

As part of MI 227 coursework, we were given a scenario on being a project manager for DOH and spearheading the nation-wide implementation of Electronic Health Record (EHR) in all government hospitals. However, there are challenges and difficulties being encountered along the way. I have identified the following barriers that I see has impact in the implementation across the country:

First off—The Philippine government has formulated 2014-2020 Philippine e-Health Strategic Plan (PeHSP) that envisions “eHealth will enable widespread access to health care services, health information, and securely share and exchange patients’ information in support to a safer, quality health care, more equitable and responsive health system for all the Filipino people by transforming the way information is used to plan, manage, deliver and monitor health services.” by 2020. This enables access and availability of the medical information through the secured Philippine Health Information Exchange (PHIE). Interoperability of the health information systems (HIS) [BR01] is usually one of the major concerns worldwide. In the Philippines, health facilities started to invest and use different Health Information Systems (HIS) such as iClinicSys, CHITS and RxBox, Integrated Hospital Operations and Management Information System (iHOMIS), Wireless Access for Health (WAH) to name a few. However, these systems are not interoperable and information exchange may not be possible due to lack of standardization and use of different programming languages for building the HIS. Furthermore, some HIS were developed just for the purpose and convenience of automation but flexibility, adaptability and interoperability were not considered. When the patient decides to consult in another health facility and would want the medical records be accessed, it may not be possible all the time because the data are confined within the walls of the system. Integration of the systems for interoperability should be considered and is suggested, or use of PHIE. In this situation, implementation of EHR in one health facility may be possible but using interoperable EHR across the country is still a struggle.

In addition to that, the lack of funding and lack enough infrastructure in the health facilities [BR02] is a current problem as well. While the implementation and training of the health workers are being done, the actual use in the facility is impossible due to lack of computers, servers, electricity, and internet connection in the area, especially to GIDA. Furthermore, the confidence that the health workers (especially the nurses and doctors) in using the HIS is somehow a challenge as well. This is due to concerns of privacy, confidentiality, and security of data [BR03]. While the IRR of Data Privacy Act has been released August 2016, there are still loopholes and lacking of specific guidelines for the medical field. As medical professional, we do not want to compromise the medical information of the patient. Which means, the HIS design should be par with the standards, registered to and certified by the NPC, and be continually tested for quality assurance. The security of the HIS should be strengthened especially now that malware such as WannaCry affected hundreds of hospitals and thousands of computers. Such attacks compromise the system and the medical information. This results to medical device outages increase resource needs, delay care, trigger more clinical mistakes.

The health workers should be trained and be aware as well of the protocol and guidelines on how to safeguard and strengthen the EHR:

  • Protect your computer by updating your Operating Systems, patch and harden systems (i.e., block access to sites with Java, Flash, ads)
  • Implement Network Segmentation
  • Identify and back-up critical systems and data
  • Always encrypt and password-protect important files (especially one containing PI and PHI) and never share your passwords; multi-factor authentication
  • Don’t click the links in received phishing e-mails (or basically from people you do not know); don’t forward even!
  • Be compliant to any requirements in observance to Cybercrime Law and Data Privacy Act

 

References: 

  1. World Health Organization, 2006. Chapter 3. Issues and Challenges in Electronic Health Records: A Manual for Developing Countries. Tierney, William M., et al. “Experience implementing electronic health records in three East African countries.” Stud Health Technol Inform 160.Pt 1 (2010): 371-5.
  2. Sood, Sanjay Prakash, et al. “Electronic medical records: a review comparing the challenges in developed and developing countries.” Hawaii International Conference on System Sciences, Proceedings of the 41st Annual. IEEE, 2008.
  3. Hoyt, R. E., Yoshihashi, A., & Sutton, M. (n.d.). Health informatics: Practical Guide for the Healthcare Professionals (3rd ed.)
  4. Coiera, E., & Coiera, E. (2003). Guide to health informatics (3rd ed.). CRC Press.
  5. eHealth. (n.d.). Retrieved from Overview of Philippine Health Information exchange: http://ehealth.doh.gov.ph/index.php/phie/overview
  6. Philippines eHealth Strategic Framework & Plan 2014-2020:  http://ehealth.doh.gov.ph/index.php/policies-and-protocols/signed/64-pehsfp
  7. Joint Administrative Order No. 2016-0001  entitled “Implementation of the Philippine Health Information Exchange” 1-11, 2016, January 26.
  8. Joint Administrative Order No. 2016-0002 entitled “Privacy Guidelines for the Implementation of the Philippine Health Information Exchange”, 1-17, 2016, January 28.

  9. Ellis, J (2017). WannaCry Ransomware and its Lessons by John Ellis (talk from HIMSS PH Community Event)

Leave a comment