As the database network administrator assigned to the reworking of this expanding medical practice, my primary concern will be to balance the need for a large staff to be able to access the data (with differing levels of access allowed to people in different positions) while at the same time adhering to the standards of medical confidentiality as they are outlined in the HIPPA statutes and as supplemented by the medical ethics of this practice, which we assume to be of the highest since the staff are expending time and money to bring their system into compliance with current law and practice.
Computer Science
As the database network administrator assigned to the reworking of this expanding medical practice, my primary concern will be to balance the need for a large staff to be able to access the data (with differing levels of access allowed to people in different positions) while at the same time adhering to the standards of medical confidentiality as they are outlined in the HIPPA statutes and as supplemented by the medical ethics of this practice, which we assume to be of the highest since the staff are expending time and money to bring their system into compliance with current law and practice.
The first part of my job would be to create the basic categories into which all of the relevant data can be sorted. One of the key roles of designing a database is that of reducing the complexity of the real world into a manageable degree. While current database programs have the capacity to handle an enormous amount of data (to a degree that would have hardly been manageable even a few years ago) and to do so in an appropriately fast way, this is not the only concern.
Hardware and software allow for a higher level of complexity than does "wetware" -- the humans who use a system. Even more importantly, different system users have varying degrees of computer expertise, and it is imperative to bear this in mind when designing a system. This system cannot be designed to the level of a computer technician because doctors, while generally intelligent and skilled, tend to be resistant to adapting themselves to computer systems. This means that, to the greatest degree possible, the database must be designed around the ways in which the doctors' (and their staffs) already work, so as not to rile the essentially conservative nature of the doctors in terms of the way that they approach their work.
A key element of the new system that my consulting team and I are proposing to the doctors is how data are initially put into the system. A data entry system that is sufficiently (but not overly) complex and as free as possible from ambiguity to ensure that the data coming in are as accurate as possible. One of the most important aspects of a well-designed database is that, while it has mechanisms in it to catch and repair errors, it minimizes those errors to begin with.
When individuals enter data in the system, they will include the following information: Their name and their role or category (physician, X-ray technician, etc.) This information will allow them access to the database to the extent that they are authorized. For example, a physician requires access to every datum in a patient's records, but she does not need to know the social security numbers of the clerical staff.
The receptionist does not need to know either the social security numbers of other staff members or the details of a patient's diagnosis and treatment, but does need to know when appointments are scheduled, when lab results will be available, and similar scheduling information. Embedded in the database software will be a description of the access given to each role so that when an individual enters "physician" or "RN" or "phlebotomist" (as a few of the possible examples), the software will guide that individual to the information that s/he has a reason to be accessing.
One of the security systems built into the software is that it will flag an log-on that has a mismatch between the person's entered job title and their actual title. This system of flagging (and following up on) such discrepancies is something that is badly lacking from the current system. Even if there is no malfeasance that arises from the current structure of the offices' communication systems (including IT), placing well-designed safeguards into the system will help ensure that the staff are able to demonstrate that they are in fact acting responsibly and ethically should they ever need to do so.
The database will also include information on the association between each patient and his/her medical providers. It may be the case that there will be a fully integrated system among all of the doctors for sharing all of the information about all patients so that any one of the physicians can step in to treat any of the other doctor's patients. This option falls within the standard of ethical care. However, it seems more likely (given the details with which we are provided in the background to the case study) that there will continue to be unique relationships between each patient and a care team -- unless an individual is referred to a specialist.
Under the second scenario, each patient's complete records should be available only to his/her doctor and that doctor's staff. Thus the treating physician's name must be linked in the database to each of his/her patients so that the confidentiality (as required by HIPPA) is maintained. Simply because an individual is a physician does not give her/him the legal right to look at the records of a person who is not his/her patient.
You’re 78% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.