Analysis of the quality of hospital information systems audit trails
详细信息 查看全文
- 作者:Ricardo Cruz-Correia (1) (3)
Isabel Boldt (1)
Luís Lap?o (1) (2)
Cátia Santos-Pereira (1)
Pedro Pereira Rodrigues (1) (3)
Ana Margarida Ferreira (1) (3)
Alberto Freitas (1) (3) - 刊名:BMC Medical Informatics and Decision Making
- 出版年:2013
- 出版时间:December 2013
- 年:2013
- 卷:13
- 期:1
- 全文大小:251KB
- 参考文献:1. Barnett O: Computers in medicine. / JAMA 1990, 263:2631-633. CrossRef
2. Kuhn K, Giuse D, Lapao L, Wurst S: Expanding the scope of health information systems-from hospitals to regional networks, to national infrastructures, and beyond. / Methods Inf Med 2007,46(4):500-02.
3. Feied CF, Handler JA, Smith MS, Gillam M, Kanhouwa M, Rothenhaus T, Conover K, Shannon T: Clinical Information Systems: Instant Ubiquitous Clinical Data for Error Reduction and Improved Clinical Outcomes. / Acad Emerg Med 2004,11(11):1162. CrossRef
4. Shapiro J, Kannry J, Lipton M, Goldberg E, Conocenti P, Stuard S, Wyatt B, Kuperman G: Approaches to patient health information exchange and their impact on emergency medicine. / Ann Emerg Med 2006,48(4):426-32. CrossRef
5. Hripcsak G, Sengupta S, Wilcox A, Green RA: Emergency Department Access to a Longitudinal Medical Record. / JAMIA 2007,14(2):235-38.
6. Cruz-Correia RJ, Wyatt J, Dinis-Ribeiro M, Altamiro C-P: Determinants of frequency and longevity of hospital encounters-data. / BMC Med Inform Decis Mak 2010, 10:15. CrossRef
7. Brodnik MS, McCain MC, Rinehart-Thompson LA, Reynolds R: / Fundamentals of Law for Health Informatics and Information Management. Chicago, USA: AHIMA; 2009.
8. Nunn S: Managing audit trails. / J AHIMA 2009,80(9):44-5.
9. Bakker AR: The need to Know the history of the use of digital patient data, in particular the EHR. / IJMI 2007,76(5-):438-41.
10. Mack EH, Wheeler DS, Embi PJ: Clinical decision support systems in the pediatric intensive care unit. / Pediatr Crit Care Med 2009, 10:1. CrossRef
11. Chen D, Chen WB, Soong M, Soong SJ, Orthner HF: Turning Access into a web-enabled secure information system for clinical trials. / Clin Trials 2009, 6:4378-385.
12. Chen X, Zhang J, Wu D, Han R: HIPPA’s compliant Auditing System for Medical Imaging System. / Conference Proceedings of the IEEE Engineering in Medicine and Biology Society 2005, 1:562-63.
13. European Institute for Health Records: / EuroRec. 2013. Available from: http://www.eurorec.org
14. ISO: / Health informatics -- HL7 version 3 -- Reference information model -- Release 1. Switzerland: International Organization for Standardization; 2006.
15. IHE - Integrating the Healthcare Enterprise: / IT Technical Framework Profiles. USA: IT Technical Framework Profiles; 2005.
16. Lap?o L: Organizational Challenges and Barriers to Implementing “IT Governance-in a Hospital. / Eur J Inf Syst 2011,14(1):37-5.
17. Assembleia da Republica Portuguesa (Ed): Lei do Acesso aos Documentos da Administra??o e Reutiliza??o - LADA In / 46/2007. Portugal; 2007.
18. Mitchell T, Burr Ridge I: / Machine learning. McGraw Hill: IL; 1997.
19. Lang M, Burkle T, Laumann S, Prokosch H: Process Mining for Clinical Workflows: Challenges and Current Limitations. In / MIE Studies in Health Technology and Informatics 2008. Gotenburg, Sweden: IOS Press; 2008:229-34. 136
20. Bouarfa L, Dankelman J: Workflow mining and outlier detection from clinical activity logs. / J Biomed Inform 2012,45(6):1185-190. USA CrossRef
21. Van der Aalst W, Weijters T, Maruster L: Workflow mining: Discovering process models from event logs. / IEEE Trans Knowl Data Eng 2004,16(9):1128-142. CrossRef
22. Aalst W: / Process mining: Discovery, conformance and enhancement of business processes. Berlin: Springer; 2011.
23. De Weerdt J, De Backer M, Vanthienen J, Baesens B: A multi-dimensional quality assessment of state-of-the-art process discovery algorithms using real-life event logs. / Inf Syst 2012,37(7):654-76. CrossRef
24. Guttman B, Robach E: An Introduction to Computer Security: The NIST Handbook. In / National Institute of Standards and Technology, Special Publication 800-2. Gaithersburg, MD, United States: ; 1995.
25. Halamka JD, Szolovits P, Rind D, Safran C: A WWW Implementation of National Recommendations for Protecting Electronic Health Information. / J Am Med Inform Assoc 1997, 4:458-64. CrossRef
26. R?stad L, Edsberg O: A study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access logs. In / 22nd Annual Computer Security Applications Conference (ACSAC-6). Washington, DC, USA: IEEE Computer Society; 2006.
27. Zhang W, Gunter CA, Liebovitz D, Tian J, Malin B: Role Prediction using Electronic Medical Record System Audits. / AMIA Annual Symposium Proceedings, American Medical Informatics Association, 2011, Washington, DC 2011.
28. ASTM: / E2147 - 01 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems. American Society for Testing and Materials-ASTM International. United States; 2009.
29. Rebuge A, Lap?o L, Freitas A, Cruz-Correia R: / A Process Mining Analysis on a Virtual Electronic Patient Record System. Porto: CBMS; 2013.
30. ISO: / ISO/IEC 25012:2008 - Software engineering - Software product Quality Requirements and Evaluation (SQuaRE) - Data quality model, International Organization for Standardization, Switzerland. 2008.
31. Sousa LMM: / Análise da utiliza??o de EHRs usando teoria de grafos em ficheiros de log. Faculdade de Medicina da Universidade do Porto Faculdade de Ciências da Universidade do Porto; 2011. [ / Master Thesis]
32. Ribeiro L, Cunha JP, Cruz-Correia RJ: Information systems heterogeneity and interoperability inside hospitals - A Survey. In / Third International Conference on Health Informatics - HealthInf 2010. Valencia, Spain; 2010:337-43.
33. Rahm E, Do HH: Data cleaning: Problems and current approaches. / IEEE Data Engin Bull 2000,23(4):3-3.
34. Kim W, Choi B-J, Hong E-K, Kim S-K, Lee D: A taxonomy of dirty data. / Data min knowl disc 2003,7(1):81-9. CrossRef
35. Müller H, Freytag J-C: / Problems, methods, and challenges in comprehensive data cleansing. Berlin; 2003. [ / Humboldt-Universitat zu Berlin, No. HUB-IB-164]
36. Oliveira P, Rodrigues F, Henriques P: A formal definition of data quality problems. In / International Conference on Information Quality: 2005 (ICIQ-05). Cambridge, Massachusetts: MIT; 2005.
37. Gschwandtner T, G?rtner J, Aigner W, Miksch S: / A taxonomy of dirty time-oriented data. In: Multidisciplinary Research and Practice for Information Systems. Springer; 2012:58-2.
38. Weiskopf NG, Weng C: Methods and dimensions of electronic health record data quality assessment: enabling reuse for clinical research. / J Am Med Inform Assoc 2013,20(1):144-51. CrossRef
39. Bose RJC, Mans RS, VdA Wil MP: Wanna Improve Process Mining Results? : It's High Time We Consider Data Quality Issues Seriously. In / Proceedings of the IEEE Symposium on Computational Intelligence and Data Mining (CIDM). Singapore; 2013:127-34.
40. Mans R, Aalst W, Vanwersch R, Moleman A: Process Mining in Healthcare: Data Challenges when Answering Frequently Posed Questions. / Lect notes comput sc - Proceedings of the Workshops of BPM 2012 2013, LNAI 7738:140-53.
41. Marshall G: / RFC 3881 - Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications. In., vol. RFC 3881. Geneva, Switzerland: The Internet Society; 2004:1-8.
42. ISO: / Data Elements and Interchange Formats - Information Exchange Representation of Dates and Times In., vol. ISO 8601: 2004. 2004.
43. Mills D: Internet time synchronization: The network time protocol. / Communications, IEEE Transactions on 2002,39(10):1482-493. CrossRef
44. Becker J, Matzner M, Muller O, Walter M: A Review of Events Formats as Enablers of Event-Driven BPM. In / BPM Workshops - Part 1. France: Clermont-Ferrand; 2011:433-45.
45. The pre-publication history for this paper can be accessed here:http://www.biomedcentral.com/1472-6947/13/84/prepub - 作者单位:Ricardo Cruz-Correia (1) (3)
Isabel Boldt (1)
Luís Lap?o (1) (2)
Cátia Santos-Pereira (1)
Pedro Pereira Rodrigues (1) (3)
Ana Margarida Ferreira (1) (3)
Alberto Freitas (1) (3)
1. CINTESIS -Centre for Research in Health Technologies and Information Systems, Faculdade de Medicina da Universidade do Porto, Porto, Portugal
3. Department of Health Information and Decision Sciences, Faculdade de Medicina da Universidade do Porto, Porto, Portugal
2. International Public Health and Biostatistics and WHO Collaborating Center for Health Workforce Policy and Planning, Instituto de Higiene e Medicina Tropical -Universidade Nova de Lisboa, Lisbon, Portugal
文摘
Background Audit Trails (AT) are fundamental to information security in order to guarantee access traceability but can also be used to improve Health information System’s (HIS) quality namely to assess how they are used or misused. This paper aims at analysing the existence and quality of AT, describing scenarios in hospitals and making some recommendations to improve the quality of information. Methods The responsibles of HIS for eight Portuguese hospitals were contacted in order to arrange an interview about the importance of AT and to collect audit trail data from their HIS. Five institutions agreed to participate in this study; four of them accepted to be interviewed, and four sent AT data. The interviews were performed in 2011 and audit trail data sent in 2011 and 2012. Each AT was evaluated and compared in relation to data quality standards, namely for completeness, comprehensibility, traceability among others. Only one of the AT had enough information for us to apply a consistency evaluation by modelling user behaviour. Results The interviewees in these hospitals only knew a few AT (average of 1 AT per hospital in an estimate of 21 existing HIS), although they all recognize some advantages of analysing AT. Four hospitals sent a total of 7 AT -2 from Radiology Information System (RIS), 2 from Picture Archiving and Communication System (PACS), 3 from Patient Records. Three of the AT were understandable and three of the AT were complete. The AT from the patient records are better structured and more complete than the RIS/PACS. Conclusions Existing AT do not have enough quality to guarantee traceability or be used in HIS improvement. Its quality reflects the importance given to them by the CIO of healthcare institutions. Existing standards (e.g. ASTM:E2147, ISO/TS 18308:2004, ISO/IEC 27001:2006) are still not broadly used in Portugal.