Professional Documents
Culture Documents
CPHIMS Flashcard Study Guide PDF
CPHIMS Flashcard Study Guide PDF
STUDY GUIDE
MENU
Healthcare Environment
General
Technology Environment
Analysis
Design
Leadership
Administration
Management
ACRONYMS &
ABBREVIATIONS
General
The Healthcare Environment
LEARNING OBJECTIVES:
1. Articulate characteristics of different types of healthcare organizations.
2. Articulate characteristics of the interrelationships within and across healthcare organizations.
3. Describe the roles of healthcare professionals and the organizational structure where they work.
4. Understand the role of government in healthcare delivery.
HEALTHCARE DELIVERY PROVIDERS
1. HOSPITALS
a. Levels of care: primary, secondary, tertiary
b. Ownership: for-profit (taxed), non-profit (tax-exempt)
c. Geographic location: urban (MSAs and community hospitals), rural
d. Payor mix: based on weighted mix of revenue sources
e. Teaching facilities or academic medical centers: teaching facilities are affiliated with a medical
school, academic medical centers include a medical school, and non-teaching hospitals do not
formally train physicians or other providers
2. AMBULATORY CENTERS OR CLINICS: preventive, diagnostic, and treatment services
3. LONG-TERM CARE (LTC) SERVICES: 30-days or more
4. PUBLIC HEALTH AGENCIES AND PROGRAMS: may be predominant way that medical care is delivered
5. COMMUNITY HEALTH PROGRAMS: primary care safety net, access to basic services for medically
underserved and/or uninsured
6. PHYSICIAN PRACTICES: solo and group practices
7. PHARMACIES: prepare and dispense pharmaceuticals
8. INTEGRATED DELIVERY NETWORK (IDN): composite healthcare organizations and services; merger and
acquisition formation (integrates assets), joint venture (pools resources), alliance (joint agreement),
network (alliance of several providers), virtual (contractual arrangement, independent practice
association [IPA])
PAYMENT SYSTEMS
Financing of healthcare services: National Health Insurance (NHI, Canada) public finance, private providers;
national Health System (NHS, Britain) government managed infrastructure; public/private (US, including
Medicare and Medicaid)
HEALTHCARE WORKFOCE
1. Physicians
2. Mid-Level Practioners: physician assistants, advanced practice nurses
3. Nurses: largest category, mostly in hospitals
4. Information and management systems professionals: operations, development, process, admin, etc.
ROLE OF GOVERNMENT, REGULATION, PROFESSIONAL AND ACCREDITATION AGENICES IN HEALTHCARE
DELIVERY
Provider of services (VA, NHS); Payor of services (NHI); regulator of services (Health Insurance Portability and
Accountability Act, HIPAA; Emergency Medical Treatment and Active Labor Act, EMTALA; European union Data
Protection Directive, EUDPD)
1. ACCREDITATION
a. Joint Commission and Joint Commission International (JCI)
b. ICD-10 Standardization
GENERAL: HEALTHCARE ENVIRONMENT
The Technology Environment
LEARNING OBJECTIVES:
1. Define components of healthcare IT environment and factors influencing evolution.
2. Define major types of software applications used in healthcare and give examples.
3. Describe the hardware and connectivity components typically found in healthcare organizations.
APPLICATIONS IN SOFTWARE
1. CLINICAL APPLICATIONS: EHR, PACS, decision support
2. ADMINISTRATIVE APPLICATIONS: scheduling, business intelligence
3. FINANCIAL APPLICATIONS: practice management (ambulatory), patient accounting (hospital), contract
management, decision support, membership enrollment, claims adjudication, care management,
budgeting, accounts receivable/payable, general ledger
4. E-HEALTH AND CONSUMER ACCESS: web based (services), portals/portlets, PHR
5. E-HEALTH AND HEALTH INFORMATION EXCHANGES: usually regional (RHIO), agreed sharing of all,
some, or no data (data use agreements)
Integration
Master Person Index Product Suite HL7 Standard
Interface Single Sign-On X12 Standard
[2] GENERAL: TECHNOLOGY ENVIRONMENT
Figure 1 - Hardware and Connectivity
Internal External
END-USER Medical
DEVICES Devices
External
Web User
Wireless
CONNECTIVITY Network
Firewall
SERVERS AND
STORAGE
Trading
Partner
Redundant
Servers
RECOVERY AND
REDUNDANCY
Cold/Hot Site
System Analysis
Systems
Systems Design
Operation
Systems
Implementation
Method Description
Interviews The interviews should be conducted with a questionnaire or interview protocol that relies mostly on open-ended
questions. Since the goal of the assessment is to uncover what the respondents need and want, it is important not
to bias them with heavily preformatted questions that may steer them to a particular response or solution.
Review of Review of existing documentation should supplement the interviews. Among the documentation that should be
considered:
Documentation Organization charts
Policies, procedures, practice guidelines, training materials
Performance metrics, problem logs, incident and adverse event reports
User manuals and other system documentation
Observation Observing and documenting the existing operational processes is also valuable in the needs assessment. Detailed
analysis and diagramming of process flows is more appropriate once the initiative has been approved and
requirements are being defined. But for the needs assessment, a high level examination of existing processes is
useful for understanding the needs and discovering integration touch points that might be overlooked by
interviewees.
Surveys While interviews are useful in identifying the types of needs and problems that concern the stakeholders, a survey
can validate the extent of the problem or need within a broader audience. For example, an investigation into a
nursing incident reporting system might start with interviews with key stakeholders on obstacles to current
reporting and then be expanded to an online survey for all nurses to complete to better quantify the problem.
Data Analysis Analysis of data from existing sources can be valuable in validating perceptions of the size of the problem when
such sources exist.
Patient Appears at
Receptionist
New Patient No
Front Desk
Schedules Follow-
Up Visit
History Form
Yes Completed
History Form
Completed
Documents
Complaint
Nurse
Educates Patient
Education
Reviews Chart Ordered
Physician
Practice Management
(Office)
Patient
Examine
Physician
Give Order
History
Nurse
Data Store
Cost Example
Hardware Computers
Initial purchase and ongoing maintenance Handheld devices
Service contracts
Software Vendor supplied software
Initial purchase and ongoing maintenance Support agreements
Network and Communications Communication lines
Network costs including wireless costs
Training and Support Training staff
Cost of removing staff from their normal work duties to attend
training
Initial and additional costs for ongoing support staff
Personnel Project management
Systems analysts
Programmers, testers, etc.
Induced costs Loss of productivity of staff when initially using the system
Component Items
Background Summary of needs
Readiness assessment
Objectives
Scope
Proposed Solution Overview of solution
Use case
Detailed requirements
Process changes
Assumptions and risks
Business Case Alignment with business goals
Alignment with systems strategy plan
Summary of benefits
Recommendation Alternatives considered
Cost-benefit analysis
Recommendation
Implementation Initial budget
Initial schedule
Initial project organization
Appendices Current state activity flow
Future state
Detailed requirements description
[3]
Table 2 – Sample RFP Timeline
Activity Duration
1. Determine business needs and project scope 1 week
2. Systems analysis 2 months
3. Systems design and planning 1 month
4. Select design approach: RFP 1 week
5. Technology and industry evaluation 2 weeks
6. Develop RFP 1-2 weeks
7. Submit RFP to prospective vendors 1-2 weeks
8. Collect vendor responses 1 month
9. Review, weight, and score responses 2 weeks
10. Rank vendors and narrow selection to 2 vendors 2 weeks
11. Select primary and secondary vendor <1 week
12. Develop, negotiate, and finalize contract 3 weeks
[4]
Systems Selection, Implementation, Support, and Maintenance
LEARNING OBJECTIVES:
1. Identify the needs of the organization.
2. Select the appropriate software solution to meet the needs of the organization.
3. Negotiate with vendor and acquire the software application in the best interest of the organization.
4. Successfully implement the new software application.
5. Manage and monitor the performance of the new software application.
6. Prepare a disaster recovery plan.
7. Maintain operations in the event the information system experiences downtime.
SELECTION PROCESS
1. Start with clear, concise goals and objectives; selection team needs to include representation and
participation of the individuals within the organization who will be most affected by the new system.
2. End-user; high level executive “champion;” clinical, operations, IT, business managers; right size.
3. Reviewing Operations: gap analysis of current operations:
a. What is good about the current system?
b. Where can it be improved?
c. What is missing from the current system that must be part of the new application?
4. Review of infrastructure: hardware, networking, physical plant resources (electricity, equipment
locations, and security needs).
ACQUISITION PROCESS
1. Role of RFIs and RFPs
a. RFI: less formal, to gain more detailed information about products and meets requirements.
b. RFP: formal, solicit responses to evaluate vendors’ proposal criteria.
2. Demonstrations of Applications: top two or three vendors; look under the hood and kick the tires;
scheduled close together; prepare specific scenarios; required outputs and format demonstrated;
scoring sheet for vendors/applications.
3. On-site Visits: to existing vendor client(s); scoring sheet for vendor/application.
4. Client References: request positive and less positive client references.
5. Negotiations: cost proposal – software licenses, interfaces, conversions, third party software licenses,
training costs, implementation services, hardware purchases.
6. Standards of Performance Components: definition of severity of support issues, types of support issues
(hard/software, interfaces, networking), response time frames, remote/on-site support, downtime,
and patches/fixes.
CHANGE MANAGEMENT
1. Areas most likely to experience change: strategy, operations, culture, and office politics.
2. Techniques: compose team of people from all levels of the organization; strategic plan developed by
the team; candidly assess organization’s culture/politics.
3. Solid training plan; proactively addressing potential issues; having a strong support for the end-user.
THE IMPLEMENTATION PROCESS
Complete implementation plan includes: milestones, timeframes, clearly defined actions, responsibilities,
testing, and sign-off (acceptance).
1. Implementation Strategies: phase-in; departmental; single department; parallel; system-wide.
[2]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Table 1 – Review of Current Operations
Operational Regulatory Agency Management Support Services Other Requirements
Requirements Requirements Information Needs Requirements
Requirements
Hardware Regulatory Operational Interfaces
Requirements Processes
Networking Documentation Maintenance
and Support
Issues
Internet Capabilities Reporting
Capabilities
Decision Support
Functionality
[3]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Section Description
Proposal Response Format Standard configuration for vendor response.
Cost Proposal Standard components of the total cost (hardware, licensing,
training, travel, conversions, interfaces, maintenance, etc.).
Method of Evaluation and Award Description of how responses will be evaluated.
Attachments Include plans or charts, as well as any additional information the
vendor wants to submit. *Be aware of page limitations or file size*
[4]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Table 5 - Change Management Actors
Actor Description
Initiator Sees problem, conceptualizes the change.
Approver Provides funds.
Champion Enthusiastically advocates for change.
Facilitator Assists in smoothing the change process.
Developer Oversees technical aspects of the change.
Installer Handles implementation, training, and support.
Doer Serves as the end-user.
Obstructionist Guards the status quo.
Customer Serves as end beneficiary.
Observer Is not immediately effected by change.
Ignorer Perceives no personal implications or is unaware of change.
[5]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Table 8 - Disaster Recovery Plan
Disaster Recovery Plan Component Description Status
Critical functions of the organization.
How to recover the operations of the
organization.
How to function without the electronic IT systems
functioning.
Who is responsible for what activities of the
recovery process?
A plan for notifying personnel regarding issues
related to the disaster.
Protocols for testing the disaster recovery plan.
Procedure for updating the disaster recovery
plan.
[6]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Table 10 - Sample Hurricane Procedures and Protocols
Critical Function Compliance
As the storm approaches, review your plans with employees and outline their tasks.
Print flyers for the patients with your pertinent recovery information and hotline numbers
so they know where to call or go if they need care or medication.
Update information on your hotline.
Print the appointment schedules for the next five days and distribute copies to
appropriate staff.
Be sure to run at least one final pre-hurricane backup.
Alert your alternative sites of possible need to activate their operations.
Prepare your physical office, move equipment away from windows, file as much
paperwork as possible and store the rest of the paperwork in a safe location.
If possible, turn off and unplug all electronic equipment including computers, monitors,
copiers, etc.
Move all equipment and exposed medical records with plastic in case windows break.
Clear desktops and countertops.
Secure the physical location.
Table 11 - Additional Functions and Issues for the Disaster Recovery Plan
Other Functions Compliance
Administrative functions (e.g., payroll)
Maintaining facilities (e.g., clearing debris)
Logistics (e.g., providing the personnel on-site with food, water, shelter)
User support, especially in the case of intermittent connectivity
Continuity and updates of the electronic data
Restoration of the facilities and services after the disaster
Test Factors Compliance
Ability to execute the plan
Success of interaction with vendors
Timeframes for recovering both critical and non-critical functions
Effectiveness of the training of personnel
Success of the procedures for maintaining and updating the plan
[7]
SYSTEMS: SYSTEMS SELECTION, IMPLEMENTATION, SUPPORT, AND MAINTENANCE
Systems Testing and Evaluation
LEARNING OBJECTIVES:
1. Define the purpose of information systems testing.
2. Identify five (5) key components of a testing methodology.
3. Understand the major levels of testing and their intended use.
4. List five (5) testing controls used to maintain the integrity of a testing process.
5. Identify the key elements of a post-implementation review.
6. Articulate and define a systems testing methodology.
PURPOSE OF TESTING
1. To formally challenge the functioning of a program, application, or system – under controlled
conditions – specifically to detect errors or unexpected system responses.
2. Prior to implementing a system in production, testing provides stakeholders with the highest level of
confidence that the system will operate relatively error free, meet end-user requirements, and provide
consistent outcomes.
COMPONENTS OF A TESTING METHODOLOGY
1. “Black Box” – without full knowledge of underlying code and relational database structure.
2. “Grey Box” – no knowledge of underlying code, but some knowledge of database structure.
3. ITIL, PMBOK, COBIT/IASCA, Deming’s PDCA/PDSA (quality cycle).
4. 5 Components of a Testing Methodology: planning, development, execution, reporting, evaluation.
PLANNING AND DEVELOPMENT
1. Testing Strategy: formal description of how the organization plans to approach testing in terms of
resources, infrastructure, functional relationships, and practice standards.
a. Software Release Levels: ITIL (package release, full release, delta release).
b. System Configuration: IT infrastructure and system configuration (hard/software); testing
environment, training environment, production environment.
c. Testing Tools: various instruments used to improve the efficiency and effectiveness of testing
process, e.g., templates, flowcharts, automated test scripts, data scrambling, code/release
management.
d. Testing Roles and Responsibilities: all testing requires clear leadership; establishing buy-in from
business end-users and time commitments for testing activities.
e. Levels of Testing: Unit Testing, Functional Testing, Integration and Interoperability Testing,
System Testing, Performance Testing, Regression Testing, Acceptance Testing.
f. Control Requirements: (ITIL) describe the functional interactions within configuration, change
and release management processes, as well as general retesting requirements and system
access guidelines; Configuration Management, Change Management, and Release
Management.
g. Limitations and Assumptions: to determine testing priorities; personnel, technical resources,
timeframe, etc.
2. Test Plan: formal testing plan; (1) how will testing be done, (2) what will be tested, (3) when can it
begin, (4) who will do it, and (5) how long will it take?
a. A test plan is tactical in nature and provides the functional details necessary to implement your
testing strategy. It defines the objectives, scope, schedule, test case requirements, risks, and
release criteria.
SYSTEMS: SYSTEMS TESTING AND EVALUATION
b. Test development is the process of translating system requirements into specific testable
activities through the development of test cases and scenarios.
c. Functional tests cover these functional types:
i. Normal case: expected valid inputs.
ii. Output forcing: all system inputs selected to force all outputs.
iii. Robustness: unexpected/invalid inputs to demonstrate system behavior.
iv. Combination of inputs: multiple functions assembled into a scenario that fully executes
business rules.
d. Test Cases and Scenarios:
i. Test Case: minimally execute a business event and includes input, action, output,
expected result, and actual result.
ii. Testing Scenario: a collection of test cases arranged in a specific sequence; the goal
would be to cover all possible business process outcomes, paths, and data flows.
e. Scheduling: allow sufficient time for error resolution and retesting.
f. Automation: best use of automation is in regression testing.
3. Execution: resource/time intensive; risk analysis can help with prioritization; change management
processes important.
a. Controls:
i. Versioning Control
ii. Change Control
iii. Quality Control Tools
iv. Pre- and Post-Testing Audits
v. System Access and User Security Profiles
4. Test Reporting: all test results should be documented, with all defects (or bugs) reported and
evaluated for corrective action.
5. Evaluation / Post-Implementation Review: initiated to evaluate how the system is doing; how is it
performing, what opportunities exist for improvement? Can be the basis for periodic system reviews,
and should be completed after a period of live use.
a. Key Outcomes:
i. Did the release meet its objectives?
ii. Did it deliver planned benefits and are the stakeholders satisfied?
iii. Did it address contractual and design specifications?
iv. Can we improve the implementation process (including testing)?
v. What are the lessons learned for further releases?
b. Post-implementation should result in specific action items communicated to stakeholders.
[2]
SYSTEMS: SYSTEMS TESTING AND EVALUATION
Figure 1 - Software Development Life Cycle Process Model (including testing)
CUSTOMER
USER
Business
DOC APP DOC APP ACCEPT DELIV
Needs
TEST
ANALYST
DES
DEVELOPER
UNIT
CODE
TEST
TESTER
FUNC
INTEG
TEST
CONFIGURATION
MANAGER
[3]
SYSTEMS: SYSTEMS TESTING AND EVALUATION
Systems Privacy and Security
LEARNING OBJECTIVES:
1. Identify responsibilities implementing privacy and security requirements.
2. Understand how to identify compliance gaps and how to use this to implement requirements.
3. Understand types of physical environment controls to safeguard PHI.
4. Define data integrity and how to achieve it.
5. Define how to implement technical access controls.
6. Explain risks in electronic transmission of health information.
7. Understand how to handle privacy and security violations or breaches.
8. Understand importance of sanctions program for non-compliance.
9. Identify key components of a contingency plan.
10. Define key processes in maintenance of privacy/security compliance program.
11. Explain why “maintenance” is an important part of the compliance plan.
INTRODUCTION
ISO, FISMA/FIPS, HIPAA, GLB, UK Data Protection Act of 1998, EUDPD
Privacy: what information/data is to be held confidential and allowed to be disclosed (need to know).
Security: how information/data is to be protected (physical and technical).
1. General Rules of Privacy: how to protect data and general understanding of data use.
2. Individual Rights: rule relating to sharing information as required by state or governmental law.
3. Privacy Administrative Requirements: covered organizations.
a. Compliance responsibilities include:
i. Developing policies and procedures.
ii. Processing related claims.
iii. Monitoring ongoing compliance.
iv. Training workforce, monitoring compliance, and subject to disciplinary
actions/sanctions.
b. Variations in methods of safeguarding and protecting information may be the result of:
i. Organization structure/size.
ii. Business operations or external partners/agreements.
iii. Financial and workforce resources.
iv. Technical foundation.
4. General Security: successful security balances controls or limitations on the data; controls on
workforce; controls regarding physical environment.
5. The Privacy and Security Compliance Process
a. Awareness: first step is to appoint a team of accountable people. Impacted areas include:
compliance area, workforce understands operations and development of current policy,
workforce understands current systems, workforce handles ongoing disciplinary issues and
training, and workforce handles controls for the physical environment.
b. Assessment: Identifying how current practices differ from requirements; risk analysis.
c. Remediation: closing the gaps from assessment. Two stages: close gaps on paper via policy; and
close gaps via practice. The people who actually do the work must be trained.
d. Maintenance: surveillance; updates; periodic review of requirements.
Table 4 - Risk Scale and Necessary Actions (adapted from NIST 800-30, Risk Management Guide for Information Technology Systems)
Risk Level Necessary Actions
High Existing system may continue to operate but a strong corrective
action plan must be put in place as soon as possible.
Medium Plan must be developed to incorporate necessary corrective
actions within a reasonable period.
Low System’s authorizing official must determine whether corrective
actions are still required or decide to accept risk.
8.5 STRETCH
8 GOAL
7.5 METRIC
LCL
7
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
Month
Attendees
Names: □ Chairperson □ Attendee 2 □ Attendee 3
□ Attendee 1 □ □
November Guests:
□ Guest 1 and reason for attendance
□ Guest 2 and reason for attendance
Agenda
Discussion Point Expected Outcome Responsible Party Time
(Min)
Agenda Review Agree to meeting goals 5
Prior Meeting Review Approve prior meeting minutes. 5
Review/Update action items.
Review/Update issues status.
Item 1 Discussion vs. Decision 10
Item 2 Discussion vs. Decision 10
Item n Discussion vs. Decision 30
Meeting Minutes
Discussion Point Discussion Notes Time
(Min)
Agenda Review Meeting began at 0700
Prior meeting review
Item 1
Item 2
Item n
Adjourn Meeting adjourned at 0900
Staffing and
Certification
Workflows
Reporting
Resolute Needs
Hospital System
Billing Build
Claims Testing
End User
Training
Post-Live
Activities
Staffing and
Certification
Managers
Certification
Workflows
Reporting
Resolute
Needs
Professional
System
Billing
Build
Testing
End User
Training
Post-Live
Activities