Using Social Media To Educate Patients – A Tweet Chat

The definition of social media is dynamic and evolving. It generally refers to “Internet-based tools that allow individuals and communities to gather and communicate; to share information, ideas, personal messages, images, and other content; and, in some cases, to collaborate with other users in real time.”

There are a variety of social media sites that serve different purposes. Among the most common ones are for: (1) Social networking – e.g. Facebook, Twitter; (2) Professional Networking – e.g. LinkedIn; (3) Media sharing – e.g. Youtube, Pinterest, Flickr; (4) Content production – e.g. blogs [Tumblr, WordPress], microblogs [Twitter]; (5) Knowledge information/aggregation – e.g. Wikipedia; and (6) Virtual reality and gaming environments.

Social media is a powerful tool of communication and it has the power to engage target markets that were traditionally hard to reach. The industries that benefit most from its use include entertainment, real estate, marketing, retail, education, food (particularly restaurants), and fashion. It can be assumed that it has potential in changing the way health in general is communicated, too. But are healthcare professionals ready to use social media for educating their patients?

According to Ventola, recent studies have shown that physicians have begun to develop an interest in interacting with patients online. At least in the US, around 60% of physicians favor the use of social media in engaging with patients. Their purposes were to educate and monitor health, as well as encourage behavioral change and drug adherence, hoping that it will lead to better education, increased compliance, and better outcomes. On the other hand, other studies have shown conflicting results. Of four hundred eighty (480) surveyed practicing and student physicians, around 68% considered interacting with patients via social media, whether for professional or personal reasons, is ethically wrong.

To provide guidance on the use of the digital environment for medical purposes, the American College of Physicians and Federation of State Medical Boards released a position paper in 2013 that provided recommendations about “the influence of social media on the patient-physician relationship, the role of these media in public perception of physician behaviors, and strategies for physician–physician communication that preserve confidentiality while best using these technologies.” The table below shows common online physician activities and their associated benefits and pitfalls, as well as recommendations on how to mitigate risks.

In the Philippine setting, the HCP-patient relationship, particularly the physician-patient relationship, is still largely traditional. While social media is already being used by organizations or institutions to promote health in general, there are few individual practitioners who utilize social media as a means to engage and educate patients. Examples are the core collaborators of HealthXPh – Dr. Iris Isip-Tan, Dr. Gia Sison, Dr. Remo-tito Aguilar, Dr. Narciso Tapia,  Dr. Helen Madamba, Dr. Jaifred Lopez, and Dr. Stephania Miaco; and popular Filipino physicians with huge followings on Facebook – Dr. Willie T. Ong and Dr. Philip Nino Tan-Gatue – among others.

On the other end of the spectrum, the potential Filipino patients are already very active on social media. Around 60 million – roughly 58% of the population – have access to the internet. Based on the Digital in 2017 report, the Filipinos spend the most time on the internet using social media, with use averaging 4 hours and 17 minutes per day, and this is despite the slow internet speed in the Philippines. The country has a social media penetration rate of 58%, which is higher than the regional average of 47%. Use of social networking site is considered as the top online activity of the average Filipino internet user.

Social media has proven to be a powerful tool in reaching out to a wider audience than traditional communication methods. Considering the Philippine data on social media use of Filipinos, social media can be considered as a resource that has much potential for significantly enhancing the delivery of health education to the general public.

This October 13, Friday, from 9:00-10:00 PM (GMT+8), join me (@littledoktora) and my colleagues (@rdahildahil_, @agmolina, @BSMantaring, @jappyRN) on Twitter as we discuss how social media may be used by healthcare professionals for engaging and educating patients, as well the benefits and risks of doing so. Tweet us using #SocMedForHealth and #UPMSHI.

• Q1: What are your thoughts/concerns on the use of social media for educating patients?
• Q2: Which social media platform/s would you consider using to educate your patients and why?
• Q3: What are examples of best practice of online behavior for physicians and allied medical professionals when educating patients through social media?

---

Reading List:

1. Digital in 2017: Southeast Asia Regional Overview – https://wearesocial.com/special-reports/digital-southeast-asia-2017
2. Social Media Use in Healthcare: A Systematic Review of Effects on Patients and On Their Relationship with Healthcare Professionals – https://bmchealthservres.biomedcentral.com/articles/10.1186/s12913-016-1691-0
3. Online Medical Professionalism: Patient and Public Relationships: Policy Statement From the American College of Physicians and the Federation of State Medical Boards – http://annals.org/aim/article/1675927/online-medical-professionalism-patient-public-relationships-policy-statement-from-american
4. A Profile of Internet Users in the Philippines – https://www.rappler.com/brandrap/profile-internet-users-ph

Health Information Security – What Do We Need To Know?

This week for MI 227: Clinical and Laboratory Information Systems, we were tasked to create a in response to the following scenario:

You are part of a group practice that has decided to implement an electronic solution for clinical documentation. However, you have come across many horror stories regarding health information security that have led to failed clinical information system implementations. How would you prevent this from happening to your group practice?

Our specific task was to create an article listing down questions that my group practice should be able to answer to identify risks to securing electronic health information.

Along with the increasing adoption and implementation of health information are the increasing threats to information security. Cyberattacks on the health industry are on the rise and they translate not only to millions of dollars in losses but loss of patient trust as well. A recent example is the WannaCry Ransomware that affected UK’s National Health Service. It is imperative, therefore, to ensure that health information systems are secure and that patient’s sensitive personal information are adequately protected.

So if I were part of a group practice, I’d like to know the answer to the following questions:

1. What are the types and categories of health data are we collecting?
2. Who has access to the data and which data does each user have access to?
3. Where will the software/application be hosted?
4. What security measures are in place to ensure integrity, confidentiality, and privacy of data?
5. Who will be responsible for preventing, monitoring, and addressing any threats to the system?
6. What is the business continuity plan should the system be compromised?
7. How much will it cost to ensure that there are multiple layers of security for the system?
8. What is the exit strategy for a compromised system and how can data be migrated to another system?

I think that the list above covers the basic questions any owner of health information system should be able to answer adequately in relation to security of the system.

Barriers to EHR Implementation

You have been selected to be the project manager for a DOH project with the task of implementing a national Electronic Health Record (EHR) that all government hospitals will implement.  Select at least three barriers to EHR implementation from the article that you believe to be the most important ones that might adversely affect your implementation. Explain and provide supporting cases/articles/information.

The scenario above is what we have been tasked to discuss in this blog. This article was provided as a reference. As a disclaimer (for new readers out there), my only experiences working in a government hospital were the following: as a student nurse in Philippine General Hospital (3 years), as a junior OB intern in East Avenue Medical Center (1 month), and as a senior Pediatrics intern at Taguig-Pateros District Hospital (2 weeks). My PGH stint is the longest, although we were only on duty for certain weeks of the school year. I have not encountered any type of EHR in any of those settings. I have, however, personal experience working with an Electronic Medical Record (EMR) for the past twenty-one (21) months in the private multinational company I’m currently employed in. In addressing the scenario above, I will take into consideration both my experience, albeit limited, in EMR deployment in a private setup and how I think that would apply to the public hospital scenario, and articles or personal stories I have come across.

In the article by Boonstra and Broekhuis (2010), they did a systematic review of journals exploring the barriers to the acceptance of electronic medical records by physicians. They identified 8 main categories, namely: financial, technical, time, psychological, social, legal, organization, and change process. The first three were considered as the primary barriers – those that are first to arise when physicians are faced with EMRs, while the latter five were considered as secondary barriers – occasionally subconscious, beneath the surface, and so not immediately mentioned. 

In a setup where a national EHR will be implemented, I think that the top three (3) barriers to implementation will also be the primary barriers the article mentioned. First is the financial aspect of implementation. It could be assumed that since I was already tasked to implement a national EHR, then there already is a budget for this initiative. The health information system itself may be costly, but equally costly will be the actual rollout of the EHR. Since the Philippines is an archipelago, the deployment of the EHR especially in geographically-disadvantaged areas can be costly, taking into consideration not just the HIS but the deployment of hardware, ensuring that internet connection is available, and the capacity-building of the users. If the RxBox has taken more than a decade for its deployment in different parts of the Philippines, then the national EHR may take years as well.

The technical and time aspects of the EHR implementation, to me, are the more challenging concerns. Even in my current setup, where an EMR has been deployed in the different business units (countries) where our company operates in, these prove to be the biggest hindrances and they go hand in hand. I could say that the other aspects of the EMR implementation in our company – change process, financial, social, legal – were not much of a problem. The technical and time parts, however, were the main barriers. Most users of our EMR were doctors and nurses aged 30 and above and those who were not previously exposed to any type of EMR. The capacity-building for said users is taking years (since the rollout is still ongoing). Of the users I have talked to, the physicians were the most resistant. While all of them were computer-literate, use of the EMR required a different set of skills that they had to learn. Not much time can be dedicated just for learning the system since the operations are continuous and there are constant deliverables that could not be delayed. A common concern as well was the increased time it took to enter data into the system. If paper charts took an average of 5 minutes to be completed, data entry into the EMR took at least twice as much time, sometimes even longer especially during the initial phases of the EMR implementation when users were still learning the ropes.

Related to the concerns above is the complexity of the system. One of the identified reasons why it was taking a long time to learn how to use the EMR was its complexity. This is because despite all of us working in the same company, the health needs of each business unit are different. We have upstream, midstream, downstream, shipping, and shared services, and the processes of one group are not the same with the others. In an attempt to create an EMR that encompasses the needs of all stakeholders, the end product was an EMR that seemed overwhelming to use. The corporate support team has since tried to address the issue, but the current version that we have could still use some major improvement.

Based on those experiences, I also anticipate that similar issues will be encountered with implementation of a national EHR. Majority of public hospitals in the Philippines still employ paper-based systems. While the newer generation of health professionals are more tech-savvy and are mostly computer literates, the older generation aren’t necessarily so. This will present as the challenge during capacity-building of the end-users. As it is, health care personnel in our government hospitals, especially the tertiary ones, have a lot on their plate (with nurse-to-patient ratio as high as 1:40, even worse for physicians). There is little time to learn the new system, and even much lesser time to use it if it means that using the new system will mean needing more time for documentation. In addition, the workflow of government hospitals should be carefully studied as well. The same way that different business units in our company do things a little bit differently (aside from the core processes), the same is expected of the different government hospitals. A basic version may be deployed, but there should be options to customize some functionalities depending on the needs of the hospital. An EHR that is not congruent with the workflow of the users will encounter more resistance during implementation, and will not be maximized fully by the staff.

Aside from those mentioned above, I think that one of the legal aspects that is a big concern not just to the physicians but to the patients themselves is the security of data. I remember the #ComeLEAK issue in 2016 where voters’ data was hacked and reportedly later sold to the black market. It was regarded as “the worst recorded breach on a government-held personal database in the world”. Reports in 2017 revealed that the IP address was traced to the NBI. This incident then begs the question – how safe are our data? A computerized database on health will also mean that the data will be susceptible to hacks such as the #ComeLEAK. Similar concerns on security were likewise raised with the proposed national ID system. More than convincing the users of the EHR that the data will remain secure, it is ultimately the patients – the Filipino people – that will have to be assured that their sensitive personal data will not be compromised.

Two critical targets of the Philippine eHealth Strategic Framework and Plan (2014-2020) of the DOH, under eHealth solutions, are implementation of an integrated health application or software compliance certification system and integration and harmonization of various electronic health record systems. Implementation of a national EHR, at least for government hospital, will working towards achieving these targets. While the barriers are to be expected, the ultimate goal is to improve the delivery of health care services to the Filipino people. If done right, this will usher us into a new era – a better era – of health service delivery, something which the Filipino people deserve.

—

References:

• Barriers to the acceptance of electronic medical records by physicians from systematic review to taxonomy and interventions by A. Boonstra and M. Broekhuis (2010)
• NPC: NBI network used in 2016 ‘Comeleak’ 
• House committee approves national ID system amid security concerns 
• Philippine eHealth Strategic Framework and Plan

Impact Assessment of CPOEs and CDSS: Systematic Review and Meta-Analysis

Welcome back! I say that to both you and myself. It’s the start of a new school year. While this blog was abandoned in the second half of last academic year, this year I am hoping to put more into this.

One of my subjects this year is MI 227: Clinical and Laboratory Information Systems. We were tasked to find an article the adoption or use of any of the following: (1) EMR system; (2) CPOE system; (3) medication administration system; (4) telemedicine system; (5) telehealth system; (6) PHR, or; (7) other clinical or laboratory system or application.

I came across this article by Prgomet, et. al published in the Journal of Medical Informatics Association entitled:

The article’s main objective was to determine the impact of computerized provider data entry (CPOE) systems and clinical decision support systems (CDSS) on the medication errors, length of stay (LOS), and ICU mortalities through a systematic review and meta-analysis. The authors searched for journals published between January 2000 and 2016 and focused on those that used commercial CPOE and CDSS. They reasoned that homegrown softwares were more likely to demonstrate positive effects on safety and quality of care. At the same time, however, they are becoming more increasingly difficult for organizations to maintain and it is likely that almost all future system implementations will involve commercial systems. Twenty studies fit the inclusion criteria. Based on the EPHPP quality assessment tool, thirteen (13) studies were rated as having moderate methodological quality while seven (7) were rated as weak.

The overall results were as follows:

• Significant reduction of medication error rate by 85% with introduction of CPOE (pooled RR: 0.15, 95% CI,, 0.03-0.80, P=0.03)
• No significant change in ICU LOS following the introduction of CPOE (pooled mean difference: -0.01, 95% CI, -0.81-0.60, P=0.7)
• Evidence of significant reduction in ICU mortality by 12% following introduction of CPOE (pooled RR: 0.89, 95% CI, 0.78 – 0.99, P=0.04)
• No significant association between CPOE introduction and hospital mortality (pooled RR: 1.17, 95% CI, 0.53-2.54, P=0.6)

Several points were tackled in the discussion portion. One is the small sample sizes in the studies involved, such that they may not be powered to detect a true effect. The authors recommended future studies assessing impact of CPOE and CDSS to include larger sample sizes, so that they will be sufficiently powered to accurately detect clinically relevant rate of change in important indicators following implementation of CPOE and/or CDSS. Such systems are a big investment, and establishing a good business case for the continued use should be evidence-based as well.

Another is the need to monitor outcomes once such systems are implemented, because while CPOEs and CDSS address some problems of paper-based systems, they also introduce new challenges. Physicians have always been notorious for having illegible handwriting, and this is one of the things CPOEs address. However, they may also be attributed to system-related errors, which are not present in paper-based system. Example of which are duplicate prescriptions and erroneous selection from dropdown menu. Aside from such errors, other identified outcomes from the use and implementation of CPOEs include the following: order delays due to inability to “pre-register” patients into the system, increased time to enter orders, reduction of staff interaction, and delays in medication administration. Because the switch from a paper-based system is expected to bring about several changes, it is therefore imperative for any institution to make a follow-up on the effects of the implementation and address the new challenges along the way.

Yet another point of discussion for this article was the lack of standardized definitions.. For example, “medication prescription error” had different operational definitions in the studies included. Missing weight or signature constituted an error in some studies, while these were not considered in others. For systematic reviews and meta-analyses to have a more robust conclusion, it would be ideal if the studies involved are more homogenous – and that includes measuring the same outcomes the same way.

Said learnings and recommendations above could be applied to the local setting. However, the problem is the fact that paper-based systems are still the more common practice here. As a nurse and a physician, I was able to train into two hospitals representing opposite poles in terms of healthcare in the Philippines – Philippine General Hospital and St. Luke’s Medical Center. I was a student nurse in PGH from 2005 to 2009 and there was no CPOE nor CDSS at the time. At present, the main hospital still uses paper-based system. SLMC, on the other hand, has more advanced HIS. However, the practice was more of a hybrid – physicians used paper-based systems which are then encoded by either the pharmacists or the nurses. If there were potential drug-drug interactions or contraindications, it was the pharmacist’s responsibility to alert the physician who requested the order. Currently, I work in a private multinational company and we have our own EMR with CPOE and CDSS capabilities. However, since our system is not interoperable with any pharmacies or outside outside clinics in the Philippines, the EMR serves more as a repository of data. Laboratory, diagnostic, and medication orders are encoded into the system after the patient is seen and after paper prescriptions or requests have been given to the patient. I am not privy to how other hospitals or companies work, and my search for literature specific to outcomes measurement after CPOE/CDSS implementation in the Philippines did not yield any results. I believe this is both bad and good. Bad – because it means there is much to be done when it comes to the adoption, implementation, and evaluation of such systems. Good – because it also means that we can benchmark on what other countries have done. Hopefully we can perform more standardized and large-scale impact assessments and consequently generate robust studies for which we can safely draw conclusions from.

—

Reference:

• Mirela Prgomet, Ling Li, Zahra Niazkhani, Andrew Georgiou, Johanna I Westbrook; Impact of commercial computerized provider order entry (CPOE) and clinical decision support systems (CDSSs) on medication errors, length of stay, and mortality in intensive care units: a systematic review and meta-analysis, Journal of the American Medical Informatics Association, Volume 24, Issue 2, 1 March 2017, Pages 413–422, https://doi.org/10.1093/jamia/ocw145

 

HI 201 Journey – A Look Back

It has been a rollercoaster of a semester for me. I entered this course not fully understanding what I was getting myself into, but at the same time I was very hopeful that I would find my niche. And after 16 weeks of blogging and learning about the basics of this course, I can honestly say that I feel I belong here. I’m still struggling and I know there is still much to learn; however, I can now also see that there are so many opportunities for me in this field, opportunities which I am excited to explore.

Before moving on to the next semester, l’d like to look back at what has transpired over the last few months. Below are the highlights of each blog:

Week 2: Informatics, Global Health and eHealth

Driving Question: What is the relevance of informatics to global health and eHealth?

Highlights: Introduction to the very basic concepts which I had previously confused with. These concepts served as the foundation for this course.

 

Week 3: Health Informatics in the Philippines

Driving Question:
How can we advance the field of health informatics in the Philippines?

Highlights:  I was honestly surprised when I discovered all the progress our country has had in terms of eHealth. It was my first introduction to RxBox, CHITS, and other local initiatives. Prior to this I was somehow pessimistic about the state of healthcare in the Philippines.

 

 

Week 4: Health Information Systems in Developing Countries

Driving Question:
How can health information systems be sustainable in developing countries?

Highlights: I was introduced to the concept of hybrids and learned about the ITPOSMO dimensions of health information system design-reality gap.

 

Week 5: Governance and Management in Health Informatics

Driving Question: Why are governance and management important in health informatics?

Highlights: I learned about the COBIT 5 business framework and how it relates to governance and management.

 

 

Week 6: Establishing the Philippine Health Information Exchange 

Driving Question: How can patients access their data from different healthcare providers as they transfer care?

Highlights: I learned more about the Philippine Health Information Exchange, which I thought was a very promising initiative and something which I hope I can actively get to be part of when I graduate this course.

Week 7: Enterprise Architecture in Healthcare

Driving Question: In a multistakeholder, multicomponent health information system, how can you ensure that all the players are doing their part?

Highlights: This assignment was a struggle for me and I had a difficult time understand what EA was, but I eventually got there! *happy dance*

Week 8: Electronic Health Records: Issues and Challenges

Driving Question: What are the issues and challenges in implementing electronic health records in primary care?

Highlights: This, for me, helped reinforced what I already knew about EMRs (not EHRs yet) since we are using one in the company I am working for.

 

Week 9: Personal Health Records

Driving Question: What features are considered critical or most useful by users of Personal Health Records?

Highlights: I was able to develop a scoring system for a PHR and use it to evaluate an app I bought from iTunes.

 

Week 10: Standards and Interoperability

Driving Question: How can healthcare institutions adopt standards to ensure interoperability?

Highlights: I learned about significance of standards and interoperability, and the role they will play in the successful implementation of the PHIE.

 

Week 11: Clinical Decision Support
Driving Question: How can Clinical Decision Support Systems (CDSS) improve the quality of healthcare?

Highlights: Learning about the 10 commandments for CDSS was interesting for me. It was also fun trying to come up with a CDSS that can incorporated into CHITS, although it was challenging at the same time since I’m not really familiar with it.

Week 12: Knowledge Management and Information Retrieval
Driving Question: How can knowledge management improve access to healthcare research?
Highlights: I liked how the concepts above was explained. I used to mix up the concepts of data, information and knowledge. Answering this assignment also led me to the dengue vector eradication efforts in Pangasinan, which I thought was really interesting.

Week 13: Privacy, Confidentiality, Security and Trust
Driving Question: What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Highlights: This assignment helped me educate myself further on the policies that were in place that protected the privacy rights of the Filipino patient. It was the perfect jumping board for the next blog, which had to do with the Data Privacy Act of 2012.

Week 14: Legal and Regulatory Issues in eHealth

Driving Question: Is the Data Privacy Act adequate to protect confidential health information?

Highlights: I have a couple of cousins who are lawyers, and it was enlightening discussing this Act with them. After reviewing this Act and its IRR, I have a couple of reservations as to how effectively this can be implemented. But I think it’s good that something like this exists, considering we are in the age where information and communication technologies are integral to the processes of many businesses, including healthcare.

Week 15: Telehealth

Driving Question: How can telehealth support healthcare delivery in the Philippines?

Highlights: I reviewed House Bill 4199 or the Telehealth Act of 2014 for this assignment. After reading the very comprehensive Data Privacy Act of 2012, I felt that this fell short in terms of comprehensiveness. I think this Act needs a lot of improvement before it can be implemented.

Week 16: mHealth

Driving Question: How can mobile applications be useful in primary care?

Highlights: I think that by the time I did this assignment, I was more or less convinced that my niche in health informatics is more of helping out the private sector, particularly the corporate world. While the general public, especially the underserved and the underprivileged need to be attended to, a population that also needs attention are the workers, especially those in the BPO or in similar industries. They present with unique health challenges, and this is what I would like to explore more in the future.

—

It was an incredible journey, indeed. I hope my blogs were informative enough. If you are medical student or an allied medical professional and you’re reading this, I hope I convinced you enough to give this field a shot. We need more like us!

As always, comments and questions are very much welcome. Leave them in the box below.

XO,
Eve

mHealth – How Can It Enhance Delivery of Care?

It’s the last blog (before the final paper)! *Does a happy dance.* For this final assignment, we will be talking about mobile applications. The question we were asked was…

“How can mobile applications be useful in primary care?”

We were tasked to propose an app idea for a primary health care scenario, and the app must not duplicate any application already available in the market.

Primary care, as defined by the American Academy of Family Physicians (n.d.), is “that care provided by physicians specifically trained for and skilled in comprehensive first contact and continuing care for persons with any undiagnosed sign, symptom, or health concern not limited by problem origin, organ system, or diagnosis. [It] includes health promotion, disease prevention, health maintenance, counseling, patient education, diagnosis and treatment of acute and chronic illnesses in a variety of health care settings (e.g., office, inpatient, critical care, long-term care, home care, day care, etc.).”

Mobile health or mHealth, on the other hand, is the use of mobile technology applications for healthcare (Qiang, et. al, 2012). It is a new and developing field with lots of untapped potential. The use of mobile phones has significantly skyrocketed starting the 2000s. Currently, there is an estimated 4.77 billion mobile phone users in the world (Statista, n.d.). Mobile phones have evolved from simply being a handy telephone to a more sophisticated device that can function similar to computers. It has allowed people easier access not only to their family, friends, or network of people but it has also afforded access to information that previously would have taken much effort to gather. It has shrunk the world (in a good way), and now information is at our fingertips.

How, then, can mobile phones improve the delivery of primary health care? For one, it has facilitated easier communication between healthcare professionals and patients. There are now more options on how to communicate, from email to call to messages. There are even applications on smartphones that allow free video calls, voice calls, or messages as long as a person has an internet connection. Many models of mobile phones are likewise equipped with cameras, which can be useful for documenting external conditions (e.g. skin problems). The messages can also be readily shared via several means. Aside from traditional uses, many applications have already been developed to aid in the collection and processing of health information. For example, iPhones have a built-in health app that could collect and monitor several health data. Data collection and analysis can be further enhanced by connecting it to other applications that supports the Apple Health App. These types of applications help in empowering patients to be more in charge of their health. On the other hand, healthcare professionals also benefit significantly from the use of mobile phones in healthcare. The same way patients gain increased access to information, so do the doctors. Knowledge from various sources like journals, clinical practice guidelines, etc. are now easier to get a hold of. Thousands of apps which enhance patient care are also present in the market. The CDC, for example, has applications on STDs, vaccination, and travel medicine which can help a healthcare professional make evidence-based decisions. Another advantage of mHealth is that it can reduce the cost of healthcare. By improving means of communication between HCP and patient, personal or face-to-face consultations can be reduced. A patient who needs monitoring may no longer need to be seen personally at frequent intervals if the monitoring can be done remotely. Continuity of care can also be enhanced by mHealth, because coordination of efforts among different providers can be done with mHealth. Better record-keeping is also made possible with mHealth, an advantage that is common with electronic processing systems. There are several other advantages of mHealth but the bottomline is better access and better delivery of health.

Like electronic medical records (EMRs) and electronic health records (EHRs), however, there are still many challenges when it comes to the use of mHealth. Since mHealth is a relatively young field, there are limited studies on their efficiency. Privacy issues are also present. Accountability and ownership of data is also an issue, especially since unlike EMRs and EHRs, mHealth is more accessible to patients. Standards and interoperability issues are also present, since mobile applications are not always interoperable and there are few standards on their creation and use. Nonetheless, there is much promise in this rapidly growing field. mHealth has much potential in terms of further improving the access and delivery to healthcare.

If I were to create an application for primary healthcare, I would develop something for my company’s use. I think that one of the best things about my company is the value we put on the health and safety of our employees. Aside from the primary care I deliver (with the clinic consultations), various health and wellness programs are in place that are either global initiatives or local initiatives. From what I know, developing an app for the company was already considered previously. However, it hasn’t been realized due to several concerns, particularly privacy and security of data that crosses transnational borders. But if I were to design the app and it would focus on health, it would have the following features:

• Contains all medical and wellness offerings
  • Clinic
    • Option to schedule a consultation with available doctors (there are currently 3 in the company)
    • Option to schedule laboratory testing (since this is a service we can offer where employees can have some laboratory tests done in our own clinic)
  • Periodic medical examination (separate for employees and expatriates)
    • Schedules
    • Partner clinics
    • Guidelines
    • Results – to be reflected in app once they are available
  • Employee assistance program
    • Description/details of this employee benefit
    • Information on how to get in touch with the counselors
  • Vaccination
    • Calendar of vaccine offerings for the year
    • Information about the vaccines (locally adapted version of the Vaccine Information Statement from the CDC)
    • Guidelines – on how to sign-up, price, etc.
  • Wellness offerings
    • A calendar of activities to give an overview of the offerings
    • Description of the offerings, including the vendor or service provider we partnered with for the wellness offering
    • Sign-up option for activities
• Feedback
  • Employees should be able to give feedback on the offerings clinic services and wellness offerings, as well as have the option to suggest activities which they would want us to offer

The idea is that the application will integrate all the services of the health and medical team, from the clinic services to all other health and wellness offerings. The mobile app should make it easier for employees to avail of the services, and more importantly to participate in health and wellness offerings. Features like notifications for new activities, sign-up options,  or reminders for due vaccinations will be part of the app. Ideally, the app should also be integrated to the EMR that we are currently using so that there are programs we can tailor fit to employees. For example, patients who are overweight may be targeted for our weight-loss initiatives, from learning sessions to gym memberships to in-house weight management activities. We also have a corporate program that include reporting of stress, and employees who scored high on those could be target for the stress-related initiatives that we have. The application should be able to generate reports, which we can then use to help evaluate how effective our activities are and give us an idea of the overall health of our employees. 

—

That is it for the last blog and assignment! What do you think? If you are working in a company, is the type of application I’m proposing (of course it has to be catered with what your company offers) attractive to you? Is it something that you’d use? As always, let me know in the comments below!

XO,
Eve

---

References

• Primary Care as defined by the American Academy of Family Physicians
• Mobile Applications for the Health Sector by Qiang et. al (2012)
• Number of mobile phone users worldwide from 2013 to 2019 (in billions) from Statista (n.d.)

Telehealth – How Can It Change the Landscape of Health Care Delivery in the Philippines?

It’s the second to the last blog before the end of the semester. This week’s topic is all about telehealth. The question we were asked was…

How can telehealth support healthcare delivery in the Philippines?

To help answer this question, we were tasked to read and evaluate the Telehealth Act of 2014, and to suggest revisions, if any.

Telehealth, according to the Center for Connected Health Policy (n.d.) is “a collection of means or methods for enhancing health care, public health, and health education delivery and support using telecommunications technologies.” It is not a specific service but a term that describes the variety of technology and tactics to deliver virtual medical, health, and education services.

The practice of the use of telehealth services is more common in developed countries such as the US. In the Philippines, however, it is not as popular. Quite frankly, I finished nursing school and medical school without encountering a lecture on what it is and how it can be applied to our setting.

The Philippines is an archipelago composed of more than 7,600 islands. Our geography, while it has blessed us with incredible sights and natural wonders, has also made it more difficult for healthcare to be accessed and delivered. It is the same geography that constitutes the physical factors that characterize geographically isolated and disadvantaged areas or GIDAs. GIDAs are communities with marginalized population that are physically and socio-economically separated from mainstream society. They physical factors are mainly to geography and also includes difficult access due to weather conditions. Socio-economic factors, on the other hand, include high poverty incidence, presence of vulnerable sector, communities in or recovering from situation of crisis or armed conflict (Department of Health, n.d.).

With telehealth, the population that could potentially most benefit are those residing in GIDAs. The idea is that since they have difficulty access to healthcare, healthcare will be brought to them. This is one of the objectives of the Telehealth Act of 2014.

House Bill No. 4199, also known as the Telehealth Act of 2014, declares that “the State shall protect and promote right to health of the people and instill health consciousness among them. Henceforth, it is the intent of the Legislature to recognize the practice of telehealth as a legitimate means by which an individual may receive health care services from a health care provider without in-person contact with health provider. Telehealth or Telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize delivery of health care services in a setting or in a manner not otherwise authorized by law.”

Aside from the objective I mentioned above, other objectives of this Bill are to reduce the costs, set standards and establish regulations regarding the field, and strengthen the health system and infrastructure.

There are 20 sections to this Act. I have chosen the following to evaluate.

Section 9. Database. – All telehealth center and originating sites shall coordinate with DOH for consolidation of pertinent databases. DOH shall maintain and manage a national database for consults on clinical cases as well as health and medical education exchanges.

Considering how important documentation is especially for something like this, I feel as if this section is severely lacking. Having read the comprehensive IRR of the Data Privacy Act of 2012 in the previous blog, this, to me, needs further details. At the very least, the basic contents of the database should be enumerated. I would like to know if there are other types of data that should be gathered/documented when a consultation is done via telehealth.

Section 16. Standard of care. – The standard of care is the same as regardless whether a health care provider provides health care services in person or by telemedicine. Telehealth or telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize the delivery of health care services in a setting, or in a manner, not otherwise authorized by law. Telehealth shall not replace health care providers or relegate them less important role in the delivery of health care. The fundamental health care provider-patient can not only be preserved, but also augmented and enhanced.

While I agree that the standard of care should be the same whether the consult is done in person or via telehealth, I think the Bill fails to capture the limitations on this type of service. Granted that the scope of medicine (or allied medical services) will not change in terms of what a doctor can do, it should also acknowledge that that the things a doctor cannot do. There  is a science to the practice of medicine (and other disciplines) that simply cannot be done via a video call or similar means. Section 5. Scope can be elaborated further to include limitations. Or limitations could be in a whole new section together, and in that section include what can and cannot be penalized. The way I see this Bill so far is that it is not healthcare provider-friendly. The providers are not protected the same way the patients are.

Overall, a good portion of the Bill, in my opinion, needs further refinement apart from the 2 sections I stated above. But the fact that it exists is promising, as this legitimizes the practice of telehealth (or telemedicine). This field will open up a lot of opportunities especially for patients and will help in positively changing the landscape of healthcare delivery to the Filipinos.

—

Have you read the Telehealth Act of 2014? What do you think? How open are you to the idea of using telehealth services? How do you think will that impact the way we practice medicine in the Philippines? Let me know in the comments below.

XO,
Eve

---

References

• Telehealth as defined by Center for Connected Health Policy (n.d.)
• GIDA as defined by the Department of Health (n.d.)
• Telehealth Act of 2014

Data Privacy Act of 2012 – Is It Enough To Protect the Health Information of the Filipinos?

The countdown begins. Three more blogs to go before this semester closes. So for the 2nd to the last blog assignment (before the final paper/blog), we were asked this question…

Is the Data Privacy Act adequate to protect confidential health information?

There was supposed to be a debate about this. Due to lack of time, however, we were unable to conduct one. Nevertheless, let us discuss this latest law on data privacy.

In my previous blog, privacy was defined by Merriam-Webster (n.d) as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008),” and is declared under Section 3 of the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”

The latest law implemented relating to privacy is Republic Act (RA) 10173, otherwise known as the Data Privacy Act of 2012. Its implementing rules and regulations were promulgated last August 24, 2016. Under Section 2. Declaration of Policy, it states that “it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).”

Since we want to evaluate this law in terms of its adequacy in terms of protecting confidential health information, below are some definitions based on the RA.

• Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
• Sensitive personal information refers to personal information:
  • (2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings
  • (3) Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns

The Act encompasses to processing of all types of personal information; hence, it protects the processing of health information. However, I wanted to see if there were specific clauses related to health. They are as follows.

• SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
  • (d) The processing is necessary to protect vitally important interests of the data subject, including life and health
  • (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate
• SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:
  • (c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing
  • (e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured

Since health information are classified under sensitive personal information, all clauses in this Act are applicable to a Filipino patient’s health information, even if there specific clauses related to health are only in Sections 12 and 13.

I have read the both the Act (read it’s entirety here) and the IRR (read its entirety here), and I think that it is sufficient to safeguard the health information of the Filipino people.

I’d like to emphasize the Rule VIII. Rights of Data Subjects. It enumerated several rights of the data subject under it, including: right to be informed, right to object, right to access, right to correct, and right to rectification, erasure or blocking. I believe that these in particular, especially when applied to health information, will highly empower the patients because it explicitly states their rights on what can and cannot be done for their health information.

Now that we are shifting towards the use of technology for the delivery of health, it appears as if there are more threats to the privacy and confidentiality of patients. With the use of electronic medical records, for example, health information is now more accessible not just to patients but to a whole new group of people (ex. developers of the software, administrators, other clinic staff) who would not have had the same access if we were still using paper charts. In the Act, Section 47. Registration of Personal Data Processing Systems states that “The personal information controller or personal information processor that employs fewer than two hundred fifty (250) persons shall not be required to register unless the processing it carries out is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes sensitive personal information of at least one thousand (1,000) individuals.” This is very important because as mentioned above, we are in the era where health technology is on the rise. With registration of systems (especially in major institutions), registration of data processing systems provides an additional layer of protection for the patients since institutions will now be liable to the Commission especially in the event of data breaches. Personal information controllers and processors will be identified and held liable, and the Commission will be able to monitor said institutions or organizations.

While I think that the Act is sufficient, I feel that more specific clauses on processing of health information should have been included and explicitly stated. Categorizing them all under sensitive personal information is not enough. For me, health information requires more special consideration. For example, the right of the data subject (i.e. patient) to correct, rectify, erase or block his/her health data will not be as easily done compared to changing demographic data. Several factors come into play like the professional opinion or assessment of the healthcare personnel who inputted and/or processed the data. Differing opinions from different professionals may also make it appear like the data is inconsistent or false in the eyes of a data subject who may not fully understand his/her health status. In conclusion, I believe this Act can be improved to better fit the rapidly changing health information needs of the Filipino people.

—

What do you think about this law? How to do think this impact the health landscape in the Philippines? Does it make you feel more secure about your personal information in general, knowing that this Act is now in place? Let me know what you think in the comments below.

XO,
Eve

---

References

• Privacy as defined in the Merriam-Webster Dictionary
• Privacy as defined in West’s Encyclopedia of American Law, 2nd Ed. (2008
• Republic Act No. 10173 from the Official Gazette (2012)
• Implementing Rules and Regulations of Republic Act No. 10173, know as the “Data Privacy Act of 2012” from the National Privacy Commission

Privacy and Confidentiality – What Policies Are In Place?

We are nearing the end of the semester. For this blog, I am going to talk about privacy and confidentiality. The driving question we were asked was:

What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Additionally, we were tasked to pick a hospital evaluate their document on privacy and confidentiality, if they had any.

As always, let’s define a couple of things first.

Merriam-Webster (n.d) defines privacy as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008).”

Confidentiality, on the other hand, is defined as the “nondisclosure of information except to another person” (Mosby’s Medical Dictionary, 2009). In healthcare, it is often referred to the “principle in medical ethics that the information a patient reveals toa  health care provider is private and has limits on how and when it can be disclosed to a third party” (Dorland’s Medical Dictionary for Health Consumers, 2007).

In the Philippines, there are several policies in place which protects the Filipino patient’s privacy and confidentiality. Under the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), the right to privacy is declared under Section 3, where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.” There are additional laws that expound on and further protect this right, specific to privacy and confidentiality of health-related information. The table below is adapted from the paper of Antonio, Patdu and Marcelo (2013) on Health Information Privacy in the Philippines: Trends and Challenges in Privacy and Practice. It includes excerpts on the statutes and rules of court and administrative rules pertaining to the patient’s right to privacy in relation to the healthcare system.

The Medical Act of 1959 Republic Act No. 2382 (June 20, 1959)	Section 24. Grounds for reprimand, suspension or revocation of registration certificate. Any of the following shall be sufficient ground for reprimanding a physician, or for suspending or revoking a certificate of registration as physician: (12) Violation of any provision of the Code of Ethics as approved by the Philippine Medical Association.
Philippine AIDS Prevention and Control Act of 1998 Republic Act No. 8504 (February 13,1998)	Section 2. (b) (1) The State shall extend to every person suspected or known to be infected with HIV/AIDS full protection of his/her human rights and civil liberties. Towards this end, the right of privacy of individuals with HIV shall be guaranteed. Section 3. (n) Medical Confidentiality – refers to the relationship of trust and confidence created or existing between a patient or a person with HIV and his attending physician, consulting medical specialist, nurse, medical technologist and all other health workers or personnel involved in any counselling, testing or professional care of the former; it also applies to any person who, in any official capacity, has acquired or may have acquired such confidential information Section 30, Article VI: Medical Confidentiality. – All health professionals, medical instructors, workers, employers,recruitment agencies, insurance companies, data encoders, and other custodians of any medical record, file, data, or test results are directed to strictly observe confidentiality in the handling of all medical information, particularly the identity and status of persons with HIV. Section 31, Article VI: Exceptions to the Mandate of Confidentiality Medical confidentiality shall not be considered breached in the following cases: (a) when complying with reportorial requirements in conjunction with the AIDSWATCH programs provided in Section 27 of this Act; (b) when informing other health workers directly involved or about to be involved in the treatment or care of a person with HIV/AIDS: Provided, That such treatment or care carry the risk of HIV transmission: Provided, further, That such workers shall be obliged to maintain the shared medical confidentiality; (c) when responding to a subpoena duces tecum and subpoena ad testificandum issued by a Court with jurisdiction over a legal proceeding where the main issue is the HIV status of an individual: Provided, That the confidential medical record shall be properly sealed by its lawful custodian after being double-checked for accuracy by the head of the office or department, hand delivered and personally opened by the judge: Provided, further, That the judicial proceedings be held in executive session.
Comprehensive Dangerous Drugs Act of 2002 Republic Act No. 9165 (June 7, 2002)	Section 36. Authorized Drug Testing. The following shall be subjected to undergo drug testing: (a) Applicants for driver’s license. (b) Applicants for firearm’s license and for permit to carry firearms outside of residence. (c) Students of secondary and tertiary schools. (d) Officers and employees of public and private offices. (e) Officers and members of the military, police and other law enforcement agencies. (f) All persons charged before the prosecutor’s office with a criminal offense having an imposable penalty of imprisonment of not less than six (6) years and one (1) day shall have to undergo a mandatory drug test; and (g) All candidates for public office whether appointed or elected both in the national or local government shall undergo a mandatory drug test. Section 40. Records Required for Transactions on Dangerous Drug and Precursors and Essential Chemicals. (a) Every pharmacist dealing in dangerous drugs and/or controlled precursors and essential chemicals shall maintain and keep an original record of sales, purchases, acquisitions and deliveries of dangerous drugs, Section 60. Confidentiality of Records Under the Voluntary Submission Program. – Judicial and medical records of drug dependents under the voluntary submission program shall be confidential and shall not be used against him for any purpose, except to determine how many times, by himself/herself or through his/her parent, spouse, guardian or relative within the fourth degree of consanguinity or affinity, he/she voluntarily submitted himself/herself for confinement,treatment and rehabilitation or has been committed to a Center under this program. Section 64. Confidentiality of Records Under the Compulsory Submission Program. – The records of a drug dependent who was rehabilitated and discharged from the Center under the compulsory submission program, or who was charged for violation of Section 15 of this Act, shall be covered by Section 60 of this Act. However, the records of a drug dependent who was not rehabilitated, or who escaped but did not surrender himself/herself within the prescribed period, shall be forwarded to the court and their use shall be determined by the court, taking into consideration public interest and the welfare of the drug dependent.
Anti-Violence Against Women and Their Children Act of 2004 Republic Act No. 9262 (March 8, 2004)	Section 44. Confidentiality. – All records pertaining to cases of violence against women and their children including those in the barangay shall be confidential and all public officers and employees and public or private clinics to hospitals shall respect the right to privacy of the victim.
Revised Rules of Evidence, Rules of Court (March 14, 1989)	Section 24 (c), Rule 128: Disqualification by reason of privileged communication. The following persons cannot testify as to matters learned in confidence in the following cases: A person authorized to practice medicine, surgery or obstetrics cannot in a civil case, without the consent of the patient, be examined as to any advice or treatment given by him or any information which he may have acquired in attending such patient in a professional capacity, which information was necessary to enable him to act in capacity, and which would blacken the reputation of the patient.
Department of Health Guidelines in the Planning and Design of a Hospital and other Health Facilities (2004)	Auditory and Visual Privacy A hospital and other health facilities shall observe acceptable sound level and adequate visual seclusion to achieve the acoustical and privacy requirements in designated areas allowing the unhampered conduct of activities.
Philippine Health Insurance Corporation Benchbook Self-Assessment and Accreditation Process Manual	3.b.1 Standard: The organization documents and follows policies and procedures for addressing patients’ needs for confidentiality, privacy, security, religious counseling and communication. Criteria: The hospital systematically determines, monitors and improves the extent to which patients’ needs for confidentiality, privacy, security, counseling and communication are addressed. 1.5.b.1 Standard: The organization’s personnel discharge their functions according to codes of ethical behavior and other relevant professional and statutory standards. Criteria: The organization identifies and monitors personnel compliance with the code of ethics relevant to their respective disciplines.

Note: Some clauses were edited for length. Violations for the policies were no longer included in the text.

Aside from the laws stated above, we also have the Data Privacy Act of 2012. Under Section 2. Declaration of Policy, it states that “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).” Its implementing rules and regulations were released in August 2016, and there are clauses there that also pertain to privacy of health information. This Act will be discussed further in the next blog.

Now that we are aware of some of the policies that are in place to protect the Filipino patient’s privacy and confidentiality of health information, let us proceed to answering the task.

Unfortunately, I was not able to secure a privacy and confidentiality document from a hospital. However, since I am currently working as a medical officer, I have decided to review our privacy policy of our company.

There are several policies in place which aim to protect the privacy of the employees. Although there is no dedicated policy for health information except for the confidentiality and NDA for the electronic medical record (see below), the existing policies already include them.

To start, the company has defined personal data as “information that can directly or indirectly identify an individual, including employees, contractors, directors, shareholders, customers and anyone else with whom [the company] does business.” Sensitive personal data (SPD), on the other hand, is defined as a subset of Personal Data that has the potential of causing harm to an individual and therefore requires heightened protection and care. SPD should only be collected or handled when there is a specific legal, regulatory, or compelling business requirement and may require registration with local Data Processing authorities. SPD requires heightened security, and it should only be collected or processed when there is a specific legal, regulatory, or compelling business requirement.” Data collected for medical purposes (ex. pre-employment/periodic medical exams, consultations, etc.) are classified under sensitive personal data.  

Before discussing the policies, let me briefly enumerate 3 of the most important privacy imperatives of the company:

• Only collect the personal data you need.
• Only use personal data for the reason it was collected.
• Don’t share personal data with anyone who doesn’t need it.

Now let us proceed to examples of policies/agreement that relate to information and privacy.

Data Privacy	Within the normal course of business operations, the Company collects and processes personal data of individuals with whom the Company has business relationships. These personal data either identify a person or provide characteristics of an identifiable person. The Company respects the sensitivity of personal data; it is corporate policy that personal data be collected, processed, protected, transferred, stored, disclosed and disposed of in accordance with applicable laws and Company approved procedures. It is the Company’s policy to: Collect personal data in a legal manner and for specified legitimate business purposes only. Process personal data only as necessary for the specified purposes. Collect and process personal data by lawful and fair means and, where required, with the knowledge or consent of the individual. Keep personal data as accurate and complete as possible for their intended purpose. Permit individuals to review their personal data and to request correction of factual inaccuracies in accordance with and subject to Company standards, procedures and appropriate verification. Secure personal data by reasonable and appropriate information protection safeguards as set forth by corporate policy on Information Protection. Retain personal data in accordance with the corporate policy on Information Retention and when no longer required for the stated purpose or by law, destroy personal data in a manner which protects the confidentiality of the data. Comply with all data privacy laws and regulations applicable to our business operations. Integrate data privacy principles into our business activities, including, as necessary, agreements and arrangements with third parties, Joint Ventures and other companies with whom we have a business relationship. Institute and maintain processes to coordinate enterprise-wide data privacy compliance activities, recognizing that many aspects of data privacy compliance can be implemented only at the local level. Where appropriate, review and comment on proposed data privacy legislation, regulations or policies that may significantly impact our business; cooperate with appropriate government agencies to facilitate timely, reasonable and business-oriented solutions for data privacy issues that may arise. Audit conformity with this policy through a comprehensive compliance program, including self-assessments and internal audits.
Information Protection	The information assets of the Company are vital resources. These resources include information in any form, whether acquired or developed by the Company, and any systems that store, process, or transmit information. It is the policy of the Company to ensure the availability, integrity, and confidentiality of these resources in a manner that is consistent with risk and business value. All [company] Corporation employees and contractors have responsibility for properly protecting these resources. It is the Company’s policy to: Comply with all information protection laws and regulations. Integrate information protection principles into every aspect of its business activities, including the structure of agreements and business arrangements with its Joint Venture, Alliance, and third party relationships. Take cost-effective measures to ensure the availability, integrity, and confidentiality of Company information assets, considering current, as well as emerging, business needs and technology. Ensure that processes are in place to manage enterprise-wide information protection issues, recognizing that some aspects of information protection can only be addressed at the Reporting Unit level. Comply with established standards, follow good safeguarding practices and guidelines, and apply principles of risk assessment to ensure that Company information protection activities are conducted responsibly. Participate in the formulation of information protection legislation, regulation, or policy issues that may significantly impact our business. Work actively with the appropriate governmental agencies to ensure timely, reasonable, and cost-effective solutions for issues wherever possible. Ensure conformity with this policy through a comprehensive compliance program, including a self-assessment process.
Information Retention	It is the Company’s policy to retain information for the minimum period necessary to: Satisfy the Company’s operating requirements Substantiate the Company’s holdings Protect the Company’s interest in asserting and defending claims and lawsuits Assure compliance with the retention requirements of applicable Government, Federal, State, and local laws and regulations If a document or other form of information does not satisfy any one of these criteria, then it is not a Company “Record” and is not subject to retention and should not be retained.
Confidentiality and Non- Disclosure Agreement	You are about to access patients’ protected health information (PHI). The system should only be accessed by authorized users. By logging in and accessing PHI, you acknowledge that you are doing so in accordance with HIPAA and your organization’s policies and procedures. Access is monitored and you will be held accountable for any activity on your login. Organizational information may include, but is not limited to, financial, patient identifiable, employee identifiable, intellectual property, financially non-public, contractual, of a competitive advantage nature, and from any source or in any form (i.e. paper, magnetic or optical media, conversations, film, etc.), may be considered confidential. Information’s confidentiality and integrity are to be preserved and its availability maintained. The value and sensitivity of information is protected by law and by the strict policies of your organization. The intent of these laws and policies are to assure the confidential information will remain confidential through its use, only as a necessity to accomplish your organization’s mission.

While the first 3 are general policies for privacy, they are the same rules that my team and I follow when it comes to handling health data, and are also the same guidelines all health care professionals in our counterparts in other countries are using. Although not comprehensive, it makes it clear to us how to collect, process, store and destroy health data that we encounter. We also ensure to comply with local policies/guidelines set forth by the Department of Health (ex. policies on data retention and destruction). The general rule is that local laws supersede those of the company’s. In addition, since we are a private company, we have partner service providers/institutions that handle our employee’s health data. Examples are clinics where the employee’s perform their annual physical examinations. While we do not have direct control over how they handle data, we ensure that we do regular audits on said providers. We assess and verify if they are compliant with Philippine and company standards when it comes to managing health data. If they fail the audit, we discontinue our partnership with them.

As for the last example in the table above, it is the only guideline that is specific to the protection of health data. The agreement is posted at the login page of the electronic medical record. There was mention of the Health Insurance Portability and Accountability Act or HIPAA since our EMR was developed in the United States. The “policies of your organization” it was referring to are the first 3 policies that I have already discussed above.

The company policies, even though they are general policies on privacy and information, are acceptable in terms of safeguarding the privacy and confidentiality of health information of the employees. By following additional international and local policies on health, our practices on privacy and confidentiality are strengthened. I feel that considering our company’s primary business is not the delivery of healthcare, our operations in terms of health data privacy and confidentiality are comparable to those hospitals and clinics with the best standards of care.

—

Comments, as always, are welcome. Let me know your thoughts!

XO,
Eve

---

References:

• Privacy as defined in the Merriam-Webster Dictionary
• Privacy as defined in West’s Encyclopedia of American Law, 2nd Ed. (2008)
• Confidentiality as defined in Mosby’s Medical Dictionary, 8th Ed. (2009)
• Confidentiality as defined in Dorland’s Medical Dictionary for Health Consumers (2007)
• 1987 Constitution of the Republic of the Philippines – Article III 
• Republic Act No. 10173 – Data Privacy Act of 2012
• Health Information Privacy in the Philippines: Trends and Challenges in Policy and Practice by Antonio, Patdu and Marcelo (2013)

Knowledge Management – What Is Its Role in Healthcare Research?

This week, we are diving into knowledge management, another new concept we can both learn together.

The driving question is…

How can knowledge management improve access to healthcare research?

To answer the question above, we were tasked to pick a local public health problem and answer the driving question in relation to the public health problem.

Let me break it down and introduce a few concepts first.

Knowledge management (KM) is a concept that was first introduced roughly around the 1990s (Koenig, 2012). According to the Association of State and Territorial Health Officials or ASTHO (2005), is defined as “a process used by organizations and communities to improve how business is conducted by leveraging data and information that are gathered, organized, managed, and shared.” The Gartner Group (2016) defined it as “business process that formalizes the management and use of an enterprise’s intellectual assets. [Knowledge Management] promotes a collaborative and integrative approach to the creation, capture, organization, access and use of information assets, including the tacit, uncaptured knowledge of people.” Its goal is to move from “not knowing what you know” and using that knowledge to improve organizational effectiveness and efficiency (ASTHO, 2005). The building blocks of KM are data, information and knowledge, which are represented by the figure below:

Data is defined as “unprocessed representations of raw facts, concepts or instructions that can be communicated, interpreted, or processed by humans or automatic means (ASTHO, 2005).” An example of data is the number of dengue cases in a region. When meaning is assigned to data or when data is categorized, filtered or indexed, it now becomes information. In the dengue scenario, an example of information would be the number of dengue cases per district or barangay in the region. Finally, when processes like critical thinking, evaluation, structure or organization are applied to support decisions or understand concepts, information becomes knowledge. Knowledge is dynamic and evolving. It also has two types, namely: explicit and tacit. The former is also known as ‘book knowledge’ and refers to the “ordering of data and information according to well-defined, formalized procedures or rules.” On the other hand, the later refers to knowledge that is informal and that which is gained through experience and training. An example of knowledge in the dengue scenario is understanding the patterns of illness well enough to adjust preventative measures in a particular area.

When pieces of information are linked in meaningful ways, the information’s relevance to the problem at hand is established, and the information at hand is understood in larger context, there is translation of information to knowledge. This can then lead to knowledge translation which occurs when knowledge is put into action. (Straus et. al, 2011). The concept of knowledge translation is especially important because despite the abundance of evidence-based data, it has been found that there is still large gap between what is known and what is used in practice. In addition, there is a failure to use health research evidence in making informed decision related to healthcare.

For an organization to adapt the KM approach, the following components must be examined: culture, content, processes and technology (ASTHO, 2005). Culture is the organization’s shared set of beliefs, values, and understandings, and therefore varies from one organization to another. It is reflected by how and organization envisions, measures, and carries out its mission and responsibilities. Content refers to resources of the organization, which can range from data to information to skills to expertise. Meanwhile, processes are methods by which an organization manages data and information. They can be formal or informal. The processes are in place to ensure that content is created, assessed, management and disseminated effectively. Finally, technology has to be assessed in the context of why and how effectively it is used in an organization.

The role of knowledge management in public health is critical. To do their jobs, public health practitioners require accurate data and the ability to access data quickly from different sources and transform said data into useful information and knowledge. The officials, in particular, need up-to-date information for them to conduct analyses, report and generate vital information, and to collaborate with other agencies. In addition, the knowledge generated will guide decision-making in addressing public health concerns. Through KM, there can be an efficient way of developing and disseminating best practices and of continually assessing said practices for improvement.

In order to illustrate KM further, let us use dengue as a public health concern as an example. The dengue epidemic has plagued the Philippines since 1953 and continues to be a significant public health concern (Interhealth Worldwide, 2016) despite the many efforts of the Department of Health.

There was a recent article published, however, that featured the elimination of dengue cases through the combined efforts of a data analyst, professor, and local agency director. The story was a feature piece in Manila Bulletin and the subheadline mentioned that the answer to the dengue problem was not medicine but big data. It recounted how Wilson Chua, a big data analyst, was able to analyze the raw data on the dengue cases in Pangasinan provided to him by the Department of Health. He noted that the district of Bonuan had the highest number of cases in Pangasinan for 3 consecutive years, and that most of those infected were children aged 5-15. In doing his research, he found out that there were two public schools in the area (specifically Barangay Bonuan Boquig) with large pools of stagnant water in between, which were assumed as the source of the dengue vector.  Once he was able to identify the problem, he crowdsourced through social media (Facebook in particular) and got in touch with Professor Nicanor Melecio, the project director of the e-Smart Operation Center of Dagupan City Government, and Wesley Rosario, director at the Bureau of Fisheries and Aquatic Resources. Their solution to the problem was two-pronged, which was release of mosquito dunks and mosquito fish. They were able to implement this through the help of the local government. Thirty days after intervention, there was still no report of dengue cases in the area (you can read the full story here).

This article caught my attention for several reasons. One, I found it amazing that they were able to find a solution that could help address the dengue problem in the country. While I am aware that their solution is not applicable to other areas (ex. urban poor areas where large pools of water are not present and mosquito fish release is not feasible), it still impresses me how they were able to collaborate and come up with a solution. Two, the initial efforts were not made by a public health professional but by an analyst who just happened to have a personal interest in the situation. Third, his collaborators were not from the Department of Health. Fourth, DOH gave him raw data. (It was mentioned in the article that he was given an file with 81,000 rows of data. Aren’t there data privacy concerns?) Lastly, it mentioned that ‘big data’ was the solution.

Let me take a quick detour and discuss that last point. Big data, according to Tech Target, is a term that refers to a voluminous amount of structured, semi-structured, or unstructured data that has potential to be mined for information. There is no consensus on what ‘voluminous’ equates to in terms of volume or size, although it often refers to terabytes, petabytes, or exabytes of data captured over time. It is often characterized by extreme volume of data, wide variety of data types, and the velocity with which the data must be processed.

Going back, it now makes me wonder about how DOH has handled the massive amount of data that they have. Have they thought of Mr. Chua and his team’s interventions before? Based on the article by Lomibao (2013) in the Philippine Inquirer, Mr. Rosario mentioned that mosquito fish has been in the country for decades. Mosquito dunks are also not a new concept. But is the two-pronged approach new? If it showed promising results in Pangasinan, are there efforts to disseminate the information and replicate it in regions with similar topography? Is further research being done to address the feasibility of this solution and its long-term effects?

Recalling the 4 components of KM, I’ll now discuss how each of those components would play a role in improving access to healthcare research given the scenario above. Organization in the following paragraph will refer to the Department of Health.

The ideal culture in an organization is one where leadership plays a strong role in establishing the cultural will to support and maintain practices such as data documentation and dissemination of results. Considering the nature of public health, leadership should also be able to effectively communicate and coordinate with other organizations. It will help in understanding how the practices of others might be leveraged. First, recognizing the efforts of Mr. Chua is imperative. Given his and his collaborators’ success, a more wide-scale feasibility study should be done on the intervention that they did. Long-term effects of said intervention should likewise be performed, since the Department of Environment and Natural Resources’ Protected Areas and Wildlife Bureau (PAWB) has already expressed their concern over the potential negative and irreversible impact on our fragile biodiversity (Lomibao, 2013). At least for this particular aspect of dengue vector control and management, the DOH should work with BFAR, PAWB and the local government.

For content, one of the most significant challenges is capturing tacit knowledge, which means making it easy for individuals to share what they know through training, collaborative opportunities, networking, and other personal interactions. Mr. Chua can be considered as a potential content resource of the organization. I assume that there are already people employed by the DOH who do what Mr. Chua does, but he can help by sharing his knowledge on how he analyzed the data that was given to him.

As for processes, the ideal scenario is that the data and information management processes that exist in the organization are driven by the needs identified from the agency’s business activities. Given the nature of the public health sector, the data it collects is usually shared with external organizations aside for its intended personal use. Because of this, data and information management processes should make it possible for the DOH to share their data in a way that is understable and meaningful to other sectors, such as the local government or BFAR.

Lastly, for technology, it is already a reality that the public health sector has been increasingly using electronic technology to collect, store, access, analyze, visualize and communicate data. However, there remains a gap in the availability of personnel who both have an expertise in information technology and in public health, or the so-called hybrids. If the gap in hybrids cannot be addressed for now since it needs specialized training, the DOH could continue its efforts to collaborate with experts in different fields to address the problem.

If the above core components are present in an organization such as the Department of Health, knowledge on dengue and means for vector control would be more accessible. It will also encourage and allow for further research to be done. 

—

That is it for week number 12 of HI 201. I have a couple of questions for you.

First, do you agree that big data was indeed the answer to the dengue problem (at least for Pangasinan)? Second, do you think your organization (if you belong to one) is ready to adopt knowledge management approach?

Let me know in the comments below.

XO,
Eve