Barriers to EHR Implementation

You have been selected to be the project manager for a DOH project with the task of implementing a national EHR that all government hospitals will implement.  Select at least three barriers to EHR implementation from the article that you believe to be the most important ones that might adversely affect your implementation. Explain and provide supporting cases/articles/information.

The scenario above is what we have been tasked to discuss in this blog. This article was provided as a reference. As a disclaimer (for new readers out there), my only experiences working in a government hospital were the following: as a student nurse in Philippine General Hospital (3 years), as a junior OB intern in EAMC (1 month), and as a senior Pediatrics intern at Taguig-Pateros District Hospital (2 weeks). My PGH stint is the longest, although that we were only on duty for certain weeks of the school year. I have not encountered any type of EHR in any of those settings. I have, however, personal experience working with an EMR for the past 21 months the private multinational company I’m currently employed in. In addressing the scenario above, I will take both into consideration my experience, albeit limited, in EMR deployment in a private setup and how I think that would apply to the public hospital scenario, as well as from articles or personal stories I have come across.

In the article by Boonstra and Broekhuis (2010), they did a systematic review of journals exploring the barriers to the acceptance of electronic medical records by physicians. They identified 8 main categories, namely: financial, technical, time, psychological, social, legal, organization, and change process. The first three were considered as the primary barriers – those that are first to arise when physicians are faced with EMRs, while the latter five were considered as secondary barriers – occasionally subconscious, beneath the surface, and so not immediately mentioned. 

In a setup where a national EHR will be implemented, I think that the 3 top barriers to implementation will also be the primary barriers the article mentioned. First is the financial aspect of implementation. It could be assumed that since I was already tasked to implement a national EHR, then there already is a budget for this initiative. The health information system itself may be costly, but equally costly is the actual rollout of the EHR. Since the Philippines is an archipelago, the deployment of the EHR especially in geographically-disadvantaged areas can be costly, taking into consideration not just the HIS but the deployment of hardware, ensuring that internet connection is available, and capacity-building of the users. If the RxBox has taken more than a decade for it to be deployed in different parts of the Philippines, then the national EHR may take years as well.

The technical and times aspects of the EHR implementation, to me, are the most challenging of all. Even in my current setup, where an EMR has been deployed in the different business units (countries) where our company operates in, these prove to be the biggest hindrances and they go hand in hand. I could say that the other aspects of the EMR implementation in our company – change process, financial, social, legal – were not much of a problem. The technical and time parts, however, were the main barriers. Most users of our EMR were doctors and nurses aged 30 and above and those who were not previously exposed to any type of EMR. The capacity-building for said users is taking years (since the rollout is still ongoing). Of the users I have talked to, the physicians were the most resistant. While all of them were computer-literate, use of the EMR required a different set of skills that they had to learn. Not much time can be dedicated just for learning the system since the operations are continuous and there are constant deliverables that could not be delayed. A common concern as well was the increased time it took to enter data into the system. If paper charts took an average of 5 minutes to be completed, data entry into the EMR took at least twice as much time, sometimes even longer especially during the initial phases of the EMR implementation when users.

Related to the concerns above is the complexity of the system. One of the identified reasons why it was taking a long time to learn how to use the EMR was its complexity. This is because despite all of us working in the same company, the health needs of each business unit (country) are different. We have upstream, midstream, downstream, shipping, and shared services, and the processes of one group are not the same with the others. In an attempt to create an EMR that encompasses the needs of all stakeholders, the end product was an EMR that seemed overwhelming to use. The corporate support team has since tried to address the issue, but the current version that we have could still use some major improvement.

Based on those experiences, I also anticipate that similar issues will be encountered with implementation of a national EHR. Majority of public hospitals in the Philippines still employ paper-based systems. While the newer generation of health professionals are more tech-savvy and are mostly computer-literates, the older generation aren’t necessarily so. This will present as the challenge during capacity-building of the end-users. As it is, health care personnel in our government hospitals, especially the tertiary ones, have a lot on their plate (with nurse-to-patient ratio as high as 1:40, even worse for physicians). There is little time to learn the new system, and even much lesser time to use it if it means that using the new system will mean more needing more time for documentation. In addition, the workflow of government hospitals should be carefully studied as well. The same way that different business units in our company do things a little bit differently (aside from the core processes), the same is expected of the different government hospitals. A basic version may be deployed, but there should be options to customize some functionalities depending on the needs of the hospital. An EHR that is not congruent with the workflow of the users will encounter more resistance during implementation, and will not be maximized fully by the staff.

Aside from those mentioned above, I think that one of the legal aspects that is a big concern not just to the physicians but to the patients themselves is the security of data. I remember the #ComeLEAK issue in 2016 where voters’ data was hacked and reportedly later sold to the black market. It was regarded as “the worst recorded breach on a government-held personal database in the world”. Reports in 2017 revealed that the IP address was traced to the NBI. This incident then begs the question – how safe are our data? A computerized database on health will also mean that the data will be susceptible to hacks such as the Comeleak. Similar concerns on security were likewise raised with the proposed national ID system. More than convincing the users of the EHR that the data will remain secure, it is ultimately the patients – the Filipino people – that will have to be assured that their sensitive personal data will not be compromised.

Two critical targets of the Philippine eHealth Strategic Framework and Plan (2014-2020) of the DOH, under eHealth solutions, are implementation of an integrated health application or software compliance certification system and integration and harmonization of various electronic health record systems. Implementation of a national EHR, at least for government hospital, will working towards achieving these targets. While the barriers are to be expected, the ultimate goal is to improve the delivery of health care services to the Filipino people. If done right, this will usher us into a new era – a better era – of health service delivery, something which the Filipino people deserve.



Impact Assessment of CPOEs and CDSS: Systematic Review and Meta-Analysis

Welcome back! I say that to both you and myself. It’s the start of a new school year. While this blog was abandoned in the second half of last academic year, this year I am hoping to put more into this.

One of my subjects this year is MI 227: Clinical and Laboratory Information Systems. We were tasked to find an article the adoption or use of any of the following: (1) EMR system; (2) CPOE system; (3) medication administration system; (4) telemedicine system; (5) telehealth system; (6) PHR, or; (7) other clinical or laboratory system or application.

I came across this article by Prgomet, et. al published in the Journal of Medical Informatics Association entitled:

Screen Shot 2017-08-10 at 10.30.54 PM.png

The article’s main objective was to determine the impact of computerized provider data entry (CPOE) systems and clinical decision support systems (CDSS) on the medication errors, length of stay (LOS), and ICU mortalities through a systematic review and meta-analysis. The authors searched for journals published between January 2000 and 2016 and focused on those that used commercial CPOE and CDSS. They reasoned that homegrown softwares were more likely to demonstrate positive effects on safety and quality of care. At the same time, however, they are becoming more increasingly difficult for organizations to maintain and it is likely that almost all future system implementations will involve commercial systems. Twenty studies fit the inclusion criteria. Based on the EPHPP quality assessment tool, thirteen (13) studies were rated as having moderate methodological quality while seven (7) were rated as weak.

The overall results were as follows:

  • Significant reduction of medication error rate by 85% with introduction of CPOE (pooled RR: 0.15, 95% CI,, 0.03-0.80, P=0.03)
  • No significant change in ICU LOS following the introduction of CPOE (pooled mean difference: -0.01, 95% CI, -0.81-0.60, P=0.7)
  • Evidence of significant reduction in ICU mortality by 12% following introduction of CPOE (pooled RR: 0.89, 95% CI, 0.78 – 0.99, P=0.04)
  • No significant association between CPOE introduction and hospital mortality (pooled RR: 1.17, 95% CI, 0.53-2.54, P=0.6)

Several points were tackled in the discussion portion. One is the small sample sizes in the studies involved, such that they may not be powered to detect a true effect. The authors recommended future studies assessing impact of CPOE and CDSS to include larger sample sizes, so that they will be sufficiently powered to accurately detect clinically relevant rate of change in important indicators following implementation of CPOE and/or CDSS. Such systems are a big investment, and establishing a good business case for the continued use should be evidence-based as well.

Another is the need to monitor outcomes once such systems are implemented, because while CPOEs and CDSS address some problems of paper-based systems, they also introduce new challenges. Physicians have always been notorious for having illegible handwriting, and this is one of the things CPOEs address. However, they may also be attributed to system-related errors, which are not present in paper-based system. Example of which are duplicate prescriptions and erroneous selection from dropdown menu. Aside from such errors, other identified outcomes from the use and implementation of CPOEs include the following: order delays due to inability to “pre-register” patients into the system, increased time to enter orders, reduction of staff interaction, and delays in medication administration. Because the switch from a paper-based system is expected to bring about several changes, it is therefore imperative for any institution to make a follow-up on the effects of the implementation and address the new challenges along the way.

Yet another point of discussion for this article was the lack of standardized definitions.. For example, “medication prescription error” had different operational definitions in the studies included. Missing weight or signature constituted an error in some studies, while these were not considered in others. For systematic reviews and meta-analyses to have a more robust conclusion, it would be ideal if the studies involved are more homogenous – and that includes measuring the same outcomes the same way.

Said learnings and recommendations above could be applied to the local setting. However, the problem is the fact that paper-based systems are still the more common practice here. As a nurse and a physician, I was able to train into two hospitals representing opposite poles in terms of healthcare in the Philippines – Philippine General Hospital and St. Luke’s Medical Center. I was a student nurse in PGH from 2005 to 2009 and there was no CPOE nor CDSS at the time. At present, the main hospital still uses paper-based system. SLMC, on the other hand, has more advanced HIS. However, the practice was more of a hybrid – physicians used paper-based systems which are then encoded by either the pharmacists or the nurses. If there were potential drug-drug interactions or contraindications, it was the pharmacist’s responsibility to alert the physician who requested the order. Currently, I work in a private multinational company and we have our own EMR with CPOE and CDSS capabilities. However, since our system is not interoperable with any pharmacies or outside outside clinics in the Philippines, the EMR serves more as a repository of data. Laboratory, diagnostic, and medication orders are encoded into the system after the patient is seen and after paper prescriptions or requests have been given to the patient. I am not privy to how other hospitals or companies work, and my search for literature specific to outcomes measurement after CPOE/CDSS implementation in the Philippines did not yield any results. I believe this is both bad and good. Bad – because it means there is much to be done when it comes to the adoption, implementation, and evaluation of such systems. Good – because it also means that we can benchmark on what other countries have done. Hopefully we can perform more standardized and large-scale impact assessments and consequently generate robust studies for which we can safely draw conclusions from.


  • Mirela Prgomet, Ling Li, Zahra Niazkhani, Andrew Georgiou, Johanna I Westbrook; Impact of commercial computerized provider order entry (CPOE) and clinical decision support systems (CDSSs) on medication errors, length of stay, and mortality in intensive care units: a systematic review and meta-analysis, Journal of the American Medical Informatics Association, Volume 24, Issue 2, 1 March 2017, Pages 413–422,


mHealth – How Can It Enhance Delivery of Care?

It’s the last blog (before the final paper)! *Does a happy dance.* For this final assignment, we will be talking about mobile applications. The question we were asked was…

“How can mobile applications be useful in primary care?”

We were tasked to propose an app idea for a primary health care scenario, and the app must not duplicate any application already available in the market.

Primary care, as defined by the American Academy of Family Physicians (n.d.), is “that care provided by physicians specifically trained for and skilled in comprehensive first contact and continuing care for persons with any undiagnosed sign, symptom, or health concern not limited by problem origin, organ system, or diagnosis. [It] includes health promotion, disease prevention, health maintenance, counseling, patient education, diagnosis and treatment of acute and chronic illnesses in a variety of health care settings (e.g., office, inpatient, critical care, long-term care, home care, day care, etc.).”

Mobile health or mHealth, on the other hand, is the use of mobile technology applications for healthcare (Qiang, et. al, 2012). It is a new and developing field with lots of untapped potential. The use of mobile phones has significantly skyrocketed starting the 2000s. Currently, there is an estimated 4.77 billion mobile phone users in the world (Statista, n.d.). Mobile phones have evolved from simply being a handy telephone to a more sophisticated device that can function similar to computers. It has allowed people easier access not only to their family, friends, or network of people but it has also afforded access to information that previously would have taken much effort to gather. It has shrunk the world (in a good way), and now information is at our fingertips.

How, then, can mobile phones improve the delivery of primary health care? For one, it has facilitated easier communication between healthcare professionals and patients. There are now more options on how to communicate, from email to call to messages. There are even applications on smartphones that allow free video calls, voice calls, or messages as long asscreen-shot-2016-12-11-at-3-10-46-pm a person has an internet connection. Many models of mobile phones are likewise equipped with cameras, which can be useful for documenting external conditions (e.g. skin problems). The messages can also be readily shared via several means. Aside from traditional uses, many applications have already been developed to aid in the collection and processing of health information. For example, iPhones have a built-in health app that could collect and monitor several health data. Data collection and analysis can be further enhanced by connecting it to other applications that supports the Apple Health App. These types of applications help in empowering patients to be more in charge of their health. On the other hand, healthcare professionals also benefit significantly from the use of mobile phones in healthcare. The same way patients gain increased access to information, so do the doctors. Knowledge from various sources like journals, clinical practice guidelines, etc. are now easier to get a hold of. Thousands of apps which enhance patient care are also present in the market. The CDC, for example, has applications on STDs, vaccination, and travel medicine which can help a healthcare professional make evidence-based decisions. Another advantage of mHealth is that it can reduce the cost of healthcare. By screen-shot-2016-12-11-at-8-11-06-pmimproving means of communication between HCP and patient, personal or face-to-face consultations can be reduced. A patient who needs monitoring may no longer need to be seen personally at frequent intervals if the monitoring can be done remotely. Continuity of care can also be enhanced by mHealth, because coordination of efforts among different providers can be done with mHealth. Better record-keeping is also made possible with mHealth, an advantage that is common with electronic processing systems. There are several other advantages of mHealth but the bottomline is better access and better delivery of health.

Like electronic medical records (EMRs) and electronic health records (EHRs), however, there are still many challenges when it comes to the use of mHealth. Since mHealth is a relatively young field, there are limited studies on their efficiency. Privacy issues are also present. Accountability and ownership of data is also an issue, especially since unlike EMRs and EHRs, mHealth is more accessible to patients. Standards and interoperability issues are also present, since mobile applications are not always interoperable and there are few standards on their creation and use. Nonetheless, there is much promise in this rapidly growing field. mHealth has much potential in terms of further improving the access and delivery to healthcare.

If I were to create an application for primary healthcare, I would develop something for my company’s use. I think that one of the best things about my company is the value we put on the health and safety of our employees. Aside from the primary care I deliver (with the clinic consultations), various health and wellness programs are in place that are either global initiatives or local initiatives. From what I know, developing an app for the company was already considered previously. However, it hasn’t been realized due to several concerns, particularly privacy and security of data that crosses transnational borders. But if I were to design the app and it would focus on health, it would have the following features:

  • Contains all medical and wellness offerings
    • Clinic
      • Option to schedule a consultation with available doctors (there are currently 3 in the company)
      • Option to schedule laboratory testing (since this is a service we can offer where employees can have some laboratory tests done in our own clinic)
    • Periodic medical examination (separate for employees and expatriates)
      • Schedules
      • Partner clinics
      • Guidelines
      • Results – to be reflected in app once they are available
    • Employee assistance program
      • Description/details of this employee benefit
      • Information on how to get in touch with the counselors
    • Vaccination
      • Calendar of vaccine offerings for the year
      • Information about the vaccines (locally adapted version of the Vaccine Information Statement from the CDC)
      • Guidelines – on how to sign-up, price, etc.
    • Wellness offerings
      • A calendar of activities to give an overview of the offerings
      • Description of the offerings, including the vendor or service provider we partnered with for the wellness offering
      • Sign-up option for activities
  • Feedback
    • Employees should be able to give feedback on the offerings clinic services and wellness offerings, as well as have the option to suggest activities which they would want us to offer

The idea is that the application will integrate all the services of the health and medical team, from the clinic services to all other health and wellness offerings. The mobile app should make it easier for employees to avail of the services, and more importantly to participate in health and wellness offerings. Features like notifications for new activities, sign-up options,  or reminders for due vaccinations will be part of the app. Ideally, the app should also be integrated to the EMR that we are currently using so that there are programs we can tailor fit to employees. For example, patients who are overweight may be targeted for our weight-loss initiatives, from learning sessions to gym memberships to in-house weight management activities. We also have a corporate program that include reporting of stress, and employees who scored high on those could be target for the stress-related initiatives that we have. The application should be able to generate reports, which we can then use to help evaluate how effective our activities are and give us an idea of the overall health of our employees. 

That is it for the last blog and assignment! What do you think? If you are working in a company, is the type of application I’m proposing (of course it has to be catered with what your company offers) attractive to you? Is it something that you’d use? As always, let me know in the comments below!



Telehealth – How Can It Change the Landscape of Health Care Delivery in the Philippines?

It’s the second to the last blog before the end of the semester. This week’s topic is all about telehealth. The question we were asked was…

How can telehealth support healthcare delivery in the Philippines?

To help answer this question, we were tasked to read and evaluate the Telehealth Act of 2014, and to suggest revisions, if any.

Telehealth, according to the Center for Connected Health Policy (n.d.) is “a collection of means or methods for enhancing health care, public health, and health education delivery and support using telecommunications technologies.” It is not a specific service but a term that describes the variety of technology and tactics to deliver virtual medical, health, and education services.

The practice of the use of telehealth services is more common in developed countries such as the US. In the Philippines, however, it is not as popular. Quite frankly, I finished nursing school and medical school without encountering a lecture on what it is and how it can be applied to our setting.

The Philippines is an archipelago composed of more than 7,600 islands. Our geography, while it has blessed us with incredible sights and natural wonders, has also made it more difficult for healthcare to be accessed and delivered. It is the same geography that constitutes the physical factors that characterize geographically isolated and disadvantaged areas or GIDAs. GIDAs are communities with marginalized population that are physically and socio-economically separated from mainstream society. They physical factors are mainly to geography and also includes difficult access due to weather conditions. Socio-economic factors, on the other hand, include high poverty incidence, presence of vulnerable sector, communities in or recovering from situation of crisis or armed conflict (Department of Health, n.d.).

With telehealth, the population that could potentially most benefit are those residing in GIDAs. The idea is that since they have difficulty access to healthcare, healthcare will be brought to them. This is one of the objectives of the Telehealth Act of 2014.

House Bill No. 4199, also known as the Telehealth Act of 2014, declares that “the State shall protect and promote right to health of the people and instill health consciousness among them. Henceforth, it is the intent of the Legislature to recognize the practice of telehealth as a legitimate means by which an individual may receive health care services from a health care provider without in-person contact with health provider. Telehealth or Telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize delivery of health care services in a setting or in a manner not otherwise authorized by law.”

Aside from the objective I mentioned above, other objectives of this Bill are to reduce the costs, set standards and establish regulations regarding the field, and strengthen the health system and infrastructure.

There are 20 sections to this Act. I have chosen the following to evaluate.

Section 9. Database. – All telehealth center and originating sites shall coordinate with DOH for consolidation of pertinent databases. DOH shall maintain and manage a national database for consults on clinical cases as well as health and medical education exchanges. Considering how important documentation is especially for something like this, I feel as if this section is severely lacking.

Having read the comprehensive IRR of the Data Privacy Act of 2012 in the previous blog, this, to me, needs further details. At the very least, the basic contents of the database should be enumerated. I would like to know if there are other types of data that should be gathered/documented when a consultation is done via telehealth.

Section 16. Standard of care. – The standard of care is the same as regardless whether a health care provider provides health care services in person or by telemedicine. Telehealth or telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize the delivery of health care services in a setting, or in a manner, not otherwise authorized by law. Telehealth shall not replace health care providers or relegate them less important role in the delivery of health care. The fundamental health care provider-patient can not only be preserved, but also augmented and enhanced. While I agree that the standard of care should be the same whether the consult is done in person or via telehealth, I think the Bill fails to capture the limitations on this type of service. Granted that the scope of medicine (or allied medical services) will not change in terms of what a doctor can do, it should also acknowledge that that the things a doctor cannot do. There  is a science to the practice of medicine (and other disciplines) that simply cannot be done via a video call or similar means. Section 5. Scope can be elaborated further to include limitations. Or limitations could be in a whole new section together, and in that section include what can and cannot be penalized. The way I see this Bill so far is that it is not healthcare provider-friendly. The providers are not protected the same way the patients are.

Overall, a good portion of the Bill, in my opinion, needs further refinement apart from the 2 sections I stated above. But the fact that it exists is promising, as this legitimizes the practice of telehealth (or telemedicine). This field will open up a lot of opportunities especially for patients and will help in positively changing the landscape of healthcare delivery to the Filipinos.

Have you read the Telehealth Act of 2014? What do you think? How open are you to the idea of using telehealth services? How do you think will that impact the way we practice medicine in the Philippines? Let me know in the comments below.



Data Privacy Act of 2012 – Is It Enough To Protect the Health Information of the Filipinos?

The countdown begins. Three more blogs to go before this semester closes. So for the 2nd to the last blog assignment (before the final paper/blog), we were asked this question…

Is the Data Privacy Act adequate to protect confidential health information?

There was supposed to be a debate about this. Due to lack of time, however, we were unable to conduct one. Nevertheless, let us discuss this latest law on data privacy.

In my previous blog, privacy was defined by Merriam-Webster (n.d) as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008),” and is declared under Section 3 of the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”

The latest law implemented relating to privacy is Republic Act (RA) 10173, otherwise known as the Data Privacy Act of 2012. Its implementing rules and regulations were promulgated last August 24, 2016. Under Section 2. Declaration of Policy, it states that “it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).”

Since we want to evaluate this law in terms of its adequacy in terms of protecting confidential health information, below are some definitions based on the RA.

  • Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
  • Sensitive personal information refers to personal information:
    • (2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings
    • (3) Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns

The Act encompasses to processing of all types of personal information; hence, it protects the processing of health information. However, I wanted to see if there were specific clauses related to health. They are as follows.

  • SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
    • (d) The processing is necessary to protect vitally important interests of the data subject, including life and health
    • (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate
  • SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:
    • (c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing
    • (e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured

Since health information are classified under sensitive personal information, all clauses in this Act are applicable to a Filipino patient’s health information, even if there specific clauses related to health are only in Sections 12 and 13.

I have read the both the Act (read it’s entirety here) and the IRR (read its entirety here), and I think that it is sufficient to safeguard the health information of the Filipino people.

I’d like to emphasize the Rule VIII. Rights of Data Subjects. It enumerated several rights of the data subject under it, including: right to be informed, right to object, right to access, right to correct, and right to rectification, erasure or blocking. I believe that these in particular, especially when applied to health information, will highly empower the patients because it explicitly states their rights on what can and cannot be done for their health information.

Now that we are shifting towards the use of technology for the delivery of health, it appears as if there are more threats to the privacy and confidentiality of patients. With the use of electronic medical records, for example, health information is now more accessible not just to patients but to a whole new group of people (ex. developers of the software, administrators, other clinic staff) who would not have had the same access if we were still using paper charts. In the Act, Section 47. Registration of Personal Data Processing Systems states that “The personal information controller or personal information processor that employs fewer than two hundred fifty (250) persons shall not be required to register unless the processing it carries out is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes sensitive personal information of at least one thousand (1,000) individuals.” This is very important because as mentioned above, we are in the era where health technology is on the rise. With registration of systems (especially in major institutions), registration of data processing systems provides an additional layer of protection for the patients since institutions will now be liable to the Commission especially in the event of data breaches. Personal information controllers and processors will be identified and held liable, and the Commission will be able to monitor said institutions or organizations.

While I think that the Act is sufficient, I feel that more specific clauses on processing of health information should have been included and explicitly stated. Categorizing them all under sensitive personal information is not enough. For me, health information requires more special consideration. For example, the right of the data subject (i.e. patient) to correct, rectify, erase or block his/her health data will not be as easily done compared to changing demographic data. Several factors come into play like the professional opinion or assessment of the healthcare personnel who inputted and/or processed the data. Differing opinions from different professionals may also make it appear like the data is inconsistent or false in the eyes of a data subject who may not fully understand his/her health status. In conclusion, I believe this Act can be improved to better fit the rapidly changing health information needs of the Filipino people.

What do you think about this law? How to do think this impact the health landscape in the Philippines? Does it make you feel more secure about your personal information in general, knowing that this Act is now in place? Let me know what you think in the comments below.



Privacy and Confidentiality – What Policies Are In Place?

We are nearing the end of the semester. For this blog, I am going to talk about privacy and confidentiality. The driving question we were asked was:

What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Additionally, we were tasked to pick a hospital evaluate their document on privacy and confidentiality, if they had any.

As always, let’s define a couple of things first.

Merriam-Webster (n.d) defines privacy as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008).”

Confidentiality, on the other hand, is defined as the “nondisclosure of information except to another person” (Mosby’s Medical Dictionary, 2009). In healthcare, it is often referred to the “principle in medical ethics that the information a patient reveals toa  health care provider is private and has limits on how and when it can be disclosed to a third party” (Dorland’s Medical Dictionary for Health Consumers, 2007).

In the Philippines, there are several policies in place which protects the Filipino patient’s privacy and confidentiality. Under the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), the right to privacy is declared under Section 3, where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.” There are additional laws that expound on and further protect this right, specific to privacy and confidentiality of health-related information. The table below is adapted from the paper of Antonio, Patdu and Marcelo (2013) on Health Information Privacy in the Philippines: Trends and Challenges in Privacy and Practice. It includes excerpts on the statutes and rules of court and administrative rules pertaining to the patient’s right to privacy in relation to the healthcare system.

The Medical Act of 1959

Republic Act No. 2382

(June 20, 1959)

Section 24. Grounds for reprimand, suspension or revocation of registration certificate. Any of the following shall be sufficient ground for reprimanding a physician, or for suspending or revoking a certificate of registration as physician:

(12) Violation of any provision of the Code of Ethics as approved by the Philippine Medical Association.

Philippine AIDS Prevention and Control Act of 1998

Republic Act No. 8504

(February 13,1998)

Section 2. (b) (1) The State shall extend to every person suspected or known to be infected with HIV/AIDS full protection of his/her human rights and civil liberties. Towards this end, the right of privacy of individuals with HIV shall be guaranteed.

Section 3. (n) Medical Confidentiality – refers to the relationship of trust and confidence created or existing between a patient or a person with HIV and his attending physician, consulting medical specialist, nurse, medical technologist and all other health workers or personnel involved in any counselling, testing or professional care of the former; it also applies to any person who, in any official capacity, has acquired or may have acquired such confidential information

Section 30, Article VI: Medical Confidentiality. – All health professionals, medical instructors, workers, employers,recruitment agencies, insurance companies, data encoders, and other custodians of any medical record, file, data, or test results are directed to strictly observe confidentiality in the handling of all medical information, particularly the identity and status of persons with HIV.

Section 31, Article VI: Exceptions to the Mandate of Confidentiality

Medical confidentiality shall not be considered breached in the following cases:

(a) when complying with reportorial requirements in conjunction with the AIDSWATCH programs provided in Section 27 of this Act;

(b) when informing other health workers directly involved or about to be involved in the treatment or care of a person with HIV/AIDS: Provided, That such treatment or care carry the risk of HIV transmission: Provided, further, That such workers shall be obliged to maintain the shared medical confidentiality;

(c) when responding to a subpoena duces tecum and subpoena ad testificandum issued by a Court with jurisdiction over a legal proceeding where the main issue is the HIV status of an individual: Provided, That the confidential medical record shall be properly sealed by its lawful custodian after being double-checked for accuracy by the head of the office or department, hand delivered and personally opened by the judge: Provided, further, That the judicial proceedings be held in executive session.


Dangerous Drugs Act of 2002

Republic Act No. 9165

(June 7, 2002)

Section 36. Authorized Drug Testing. The following shall be subjected to undergo drug testing:

(a) Applicants for driver’s license.

(b) Applicants for firearm’s license and for permit to carry firearms outside of residence.

(c) Students of secondary and tertiary schools.

(d) Officers and employees of public and private offices.

(e) Officers and members of the military, police and other law enforcement agencies.

(f) All persons charged before the prosecutor’s office with a criminal offense having an imposable penalty of imprisonment of not less than six (6) years and one (1) day shall have to undergo a mandatory drug test; and

(g) All candidates for public office whether appointed or elected both in the national or local government shall undergo a mandatory drug test.

Section 40. Records Required for Transactions on Dangerous Drug and Precursors and Essential Chemicals.

(a) Every pharmacist dealing in dangerous drugs and/or controlled precursors and essential chemicals shall maintain and keep an original record of sales, purchases, acquisitions and deliveries of dangerous drugs,

Section 60. Confidentiality of Records Under the Voluntary Submission Program. – Judicial and medical records of drug dependents under the voluntary submission program shall be confidential and shall not be used against him for any purpose, except to determine how many times, by himself/herself or through his/her parent, spouse, guardian or relative within the fourth degree of consanguinity or affinity, he/she voluntarily submitted himself/herself for confinement,treatment and rehabilitation or has been committed to a Center under this program.

Section 64. Confidentiality of Records Under the Compulsory Submission Program. – The records of a drug dependent who was rehabilitated and discharged from the Center under the compulsory submission program, or who was charged for violation of Section 15 of this Act, shall be covered by Section 60 of this Act. However, the records of a drug dependent who was not rehabilitated, or who escaped but did not surrender himself/herself within the prescribed period, shall be forwarded to the court and their use shall be determined by the court, taking into consideration public interest and the welfare of the drug dependent.

Anti-Violence Against Women and Their Children Act of 2004 Republic Act No. 9262

(March 8, 2004)

Section 44. Confidentiality. – All records pertaining to cases of violence against women and their children including those in the barangay shall be confidential and all public officers and employees and public or private clinics to hospitals shall respect the right to privacy of the victim.
Revised Rules of Evidence, Rules of Court

(March 14, 1989)

Section 24 (c), Rule 128: Disqualification by reason of privileged communication. The following persons cannot testify as to matters learned in confidence in the following cases: A person authorized to practice medicine, surgery or obstetrics cannot in a civil case, without the consent of the patient, be examined as to any advice or treatment given by him or any information which he may have acquired in attending such patient in a professional capacity, which information was necessary to enable him to act in capacity, and which would blacken the reputation of the patient.
Department of Health Guidelines in the Planning and Design of a Hospital and other Health Facilities (2004) Auditory and Visual Privacy

A hospital and other health facilities shall observe acceptable sound level and adequate visual seclusion to achieve the acoustical and privacy requirements in designated areas allowing the unhampered conduct of activities.

Philippine Health Insurance Corporation Benchbook Self-Assessment and Accreditation Process Manual 3.b.1 Standard: The organization documents and follows policies and procedures for addressing patients’ needs for confidentiality, privacy, security, religious counseling and communication.

Criteria: The hospital systematically determines, monitors and improves the extent to which patients’ needs for confidentiality, privacy, security, counseling and communication are addressed.

1.5.b.1 Standard: The organization’s personnel discharge their functions according to codes of ethical behavior and other relevant professional and statutory standards.

Criteria: The organization identifies and monitors personnel compliance with the code of ethics relevant to their respective disciplines.

Note: Some clauses were edited for length. Violations for the policies were no longer included in the text.

Aside from the laws stated above, we also have the Data Privacy Act of 2012. Under Section 2. Declaration of Policy, it states that “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).” Its implementing rules and regulations were released in August 2016, and there are clauses there that also pertain to privacy of health information. This Act will be discussed further in the next blog.

Now that we are aware of some of the policies that are in place to protect the Filipino patient’s privacy and confidentiality of health information, let us proceed to answering the task.

Unfortunately, I was not able to secure a privacy and confidentiality document from a hospital. However, since I am currently working as a medical officer, I have decided to review our privacy policy of our company.

There are several policies in place which aim to protect the privacy of the employees. Although there is no dedicated policy for health information except for the confidentiality and NDA for the electronic medical record (see below), the existing policies already include them.

To start, the company has defined personal data as “information that can directly or indirectly identify an individual, including employees, contractors, directors, shareholders, customers and anyone else with whom [the company] does business.” Sensitive personal data (SPD), on the other hand, is defined as a subset of Personal Data that has the potential of causing harm to an individual and therefore requires heightened protection and care. SPD should only be collected or handled when there is a specific legal, regulatory, or compelling business requirement and may require registration with local Data Processing authorities. SPD requires heightened security, and it should only be collected or processed when there is a specific legal, regulatory, or compelling business requirement.” Data collected for medical purposes (ex. pre-employment/periodic medical exams, consultations, etc.) are classified under sensitive personal data.  

Before discussing the policies, let me briefly enumerate 3 of the most important privacy imperatives of the company:

  • Only collect the personal data you need.
  • Only use personal data for the reason it was collected.
  • Don’t share personal data with anyone who doesn’t need it.

Now let us proceed to examples of policies/agreement that relate to information and privacy.

Data Privacy Within the normal course of business operations, the Company collects and processes personal data of individuals with whom the Company has business relationships. These personal data either identify a person or provide characteristics of an identifiable person. The Company respects the sensitivity of personal data; it is corporate policy that personal data be collected, processed, protected, transferred, stored, disclosed and disposed of in accordance with applicable laws and Company approved procedures.

It is the Company’s policy to:

  • Collect personal data in a legal manner and for specified legitimate business purposes only.
  • Process personal data only as necessary for the specified purposes.
  • Collect and process personal data by lawful and fair means and, where required, with the knowledge or consent of the individual.
  • Keep personal data as accurate and complete as possible for their intended purpose.
  • Permit individuals to review their personal data and to request correction of factual inaccuracies in accordance with and subject to Company standards, procedures and appropriate verification.
  • Secure personal data by reasonable and appropriate information protection safeguards as set forth by corporate policy on Information Protection.
  • Retain personal data in accordance with the corporate policy on Information Retention and when no longer required for the stated purpose or by law, destroy personal data in a manner which protects the confidentiality of the data.
  • Comply with all data privacy laws and regulations applicable to our business operations.
  • Integrate data privacy principles into our business activities, including, as necessary, agreements and arrangements with third parties, Joint Ventures and other companies with whom we have a business relationship.
  • Institute and maintain processes to coordinate enterprise-wide data privacy compliance activities, recognizing that many aspects of data privacy compliance can be implemented only at the local level.
  • Where appropriate, review and comment on proposed data privacy legislation, regulations or policies that may significantly impact our business; cooperate with appropriate government agencies to facilitate timely, reasonable and business-oriented solutions for data privacy issues that may arise.
  • Audit conformity with this policy through a comprehensive compliance program, including self-assessments and internal audits.
Information Protection The information assets of the Company are vital resources. These resources include information in any form, whether acquired or developed by the Company, and any systems that store, process, or transmit information. It is the policy of the Company to ensure the availability, integrity, and confidentiality of these resources in a manner that is consistent with risk and business value. All [company] Corporation employees and contractors have responsibility for properly protecting these resources.

It is the Company’s policy to:

  • Comply with all information protection laws and regulations.
  • Integrate information protection principles into every aspect of its business activities, including the structure of agreements and business arrangements with its Joint Venture, Alliance, and third party relationships.
  • Take cost-effective measures to ensure the availability, integrity, and confidentiality of Company information assets, considering current, as well as emerging, business needs and technology.
  • Ensure that processes are in place to manage enterprise-wide information protection issues, recognizing that some aspects of information protection can only be addressed at the Reporting Unit level.
  • Comply with established standards, follow good safeguarding practices and guidelines, and apply principles of risk assessment to ensure that Company information protection activities are conducted responsibly.
  • Participate in the formulation of information protection legislation, regulation, or policy issues that may significantly impact our business. Work actively with the appropriate governmental agencies to ensure timely, reasonable, and cost-effective solutions for issues wherever possible.
  • Ensure conformity with this policy through a comprehensive compliance program, including a self-assessment process.
Information Retention It is the Company’s policy to retain information for the minimum period necessary to:

  • Satisfy the Company’s operating requirements
  • Substantiate the Company’s holdings
  • Protect the Company’s interest in asserting and defending claims and lawsuits
  • Assure compliance with the retention requirements of applicable Government, Federal, State, and local laws and regulations

If a document or other form of information does not satisfy any one of these criteria, then it is not a Company “Record” and is not subject to retention and should not be retained.

Confidentiality and Non- Disclosure Agreement You are about to access patients’ protected health information (PHI). The system should only be accessed by authorized users. By logging in and accessing PHI, you acknowledge that you are doing so in accordance with HIPAA and your organization’s policies and procedures. Access is monitored and you will be held accountable for any activity on your login.

Organizational information may include, but is not limited to, financial, patient identifiable, employee identifiable, intellectual property, financially non-public, contractual, of a competitive advantage nature, and from any source or in any form (i.e. paper, magnetic or optical media, conversations, film, etc.), may be considered confidential. Information’s confidentiality and integrity are to be preserved and its availability maintained. The value and sensitivity of information is protected by law and by the strict policies of your organization. The intent of these laws and policies are to assure the confidential information will remain confidential through its use, only as a necessity to accomplish your organization’s mission.

While the first 3 are general policies for privacy, they are the same rules that my team and I follow when it comes to handling health data, and are also the same guidelines all health care professionals in our counterparts in other countries are using. Although not comprehensive, it makes it clear to us how to collect, process, store and destroy health data that we encounter. We also ensure to comply with local policies/guidelines set forth by the Department of Health (ex. policies on data retention and destruction). The general rule is that local laws supersede those of the company’s. In addition, since we are a private company, we have partner service providers/institutions that handle our employee’s health data. Examples are clinics where the employee’s perform their annual physical examinations. While we do not have direct control over how they handle data, we ensure that we do regular audits on said providers. We assess and verify if they are compliant with Philippine and company standards when it comes to managing health data. If they fail the audit, we discontinue our partnership with them.

As for the last example in the table above, it is the only guideline that is specific to the protection of health data. The agreement is posted at the login page of the electronic medical record. There was mention of the Health Insurance Portability and Accountability Act or HIPAA since our EMR was developed in the United States. The “policies of your organization” it was referring to are the first 3 policies that I have already discussed above.

The company policies, even though they are general policies on privacy and information, are acceptable in terms of safeguarding the privacy and confidentiality of health information of the employees. By following additional international and local policies on health, our practices on privacy and confidentiality are strengthened. I feel that considering our company’s primary business is not the delivery of healthcare, our operations in terms of health data privacy and confidentiality are comparable to those hospitals and clinics with the best standards of care.

Comments, as always, are welcome. Let me know your thoughts!



Clinical Decision Support Systems – How Can They Impact Healthcare?

Let’s skip the intro and dive right into this week’s assignment. The driving question that we needed to answer was…

“How can Clinical Decision Support Systems (CDSS) improve the quality of healthcare?”

Aside from the question above, we were tasked to think of a clinical scenario and suggest a clinical decision support system embedded within CHITS to address this.

A clinical decision support system or CDSS, according to Jaspers et. al (2010) is a tool that provides “clinicians or patients with computer-generated clinical knowledge and patient-related information, intelligently filtered or presented at appropriate times, to enhance patient care.” Another definition was provided by Souza et. al (2011) which describes CDSS as “computerized matching of an individual patient’s characteristics with a knowledge base that then provides patient specific recommendations to healthcare providers.” Common examples of CDSS are those that check for drug-drug interactions among the medications of a patient or those that check for possible drug-disease precautions or contraindications, reminder and recall systems for immunizations, prompts for  clinicians to initiate smoking cessation interventions, blood pressure screening, or laboratory/radiology testing among others. CDSS can exist independent of electronic medical records (EMRs) or may be incorporated into them. The idea is that CDSS will provide decision support to users at the time they make decisions, which should result in improved quality of care. For example, it can alert a physician that his/her medication of choice has a drug-drug interaction with a patient’s existing medication. Or it could also alert the healthcare practitioner (HCP) that his/her choice of medication can potentially aggravate a patient’s condition. Other examples are reminders such as the need for mammographic screening in women older than 40 or 45 years old, or the recommended vaccinations for an infant who is 14 weeks old. In the paper by Bates et. al (2003), they identified 10 “commandments” for an effective CDSS. I will enumerate and briefly explain them below.

  1. Speed is everything. As mentioned above, the overall goal of CDSS is to provide decision support at the time the decision is being made. Bates et. al has found that the speed of an information system is the parameter that users value most.  A good IS, therefore, will less likely be seen as helpful if it takes time for decision support to be shown or accessed. I imagine this would be more applicable to settings wherein there is a long queue of patients who need attention.
  2. Anticipate needs and deliver in real time. This pertains to making the necessary information available to clinicians at the time they need it. An example of which is emphasizing high potassium levels in a patient receiving a potassium-sparing diuretic in a patient with hypertension or congestive heart failure.
  3. Fit into the user’s workflow. In one of my earlier blogs, I mentioned that one of involvement of the end users as early as the planning or design phase is one of the determinants for success of a health information system. Part of involving users is making sure that the proposed IS will work well with their current workflow. A new software (or CDSS in particular), even when equipped with excellent guidelines, will likely meet resistance when it significantly changes the workflow of the end users (unless the workflow is the actual problem and it NEEDS to be changed).
  4. Little things can make a big difference. This sounds cliché to me but its applicability, even to CDSS, cannot be ignored. Little things in the CDSS can spell the success or failure of the system. For example, requiring a physician to enter his/her diagnosis using ICD codes (with a drop-down button) as opposed to entering it in free text will better help in ensuring that diagnoses for the patients are entered in a standard way. If part of the CDSS, then, is checking for drug-disease interactions, the system will be more accurate in delivering such information because the diagnoses are standardized.
  5. Recognize that physicians will strongly resist stopping. For example, your CDSS tells the physician that no further tests are recommended for the patient. However, the physician has been used to ordering a chest x-ray for similar cases. Since the CDSS only mentioned to stop but did not offer an alternative, the physician will most likely override the said recommendation and continue to order the chest x-ray. The same is applicable for medications, such that giving no or an undesirable alternative to the physician prescribing the medication will most likely make him/her prescribe the medication he had intended to.  
  6. Changing direction is easier than stopping. This is in relation to the previous number. An example of change would be changing the default dose and frequency of a drug when a physician orders it. Unless the physician has specific reason to change the dose and/or frequency, he/she will be more likely to use the suggested/default dose/frequency.
  7. Simple interventions work best. An alternative to this statement would be less is more. The most important guidelines for a medication, for example, should fit in the HCP’s screen. It might be helpful to have it linked to a more comprehensive or complete list of guidelines, which should also be readily accessible to the clinician with a few clicks.
  8. Ask for additional information only when you really need it. In CDSS that are integrated into the EMR, there are patient data that are already available for use by the CDSS to be able to give decision support. If the data is insufficient, the HCP will be asked to enter additional data. In stand-alone CDSS, most data will have to be entered by the HCP. According to Bates, et. al, “the likelihood of success in implementing a computerized guideline is inversely proportional to the number of extra data elements needed.” Therefore, it would be best if the least amount of data is asked of the HCP to be able to provide meaningful decision support, as a system that requires an HCP to enter several data will be something that a clinician is less likely to use, especially considering the usually limited amount of time HCPs have in dealing with their patients.
  9. Monitor impact, get feedback, and respond. How likely are clinicians to accept the suggestions of the CDSS? How often do they overlook the suggestions? How do their actions impact process flow, or more importantly, patient care and patient outcomes? It is essential to know the answers to these, and make corrective actions even mid-course to improve the CDSS.
  10. Manage and maintain your knowledge-based systems. CDSS suggestions are most often based on local/international guidelines. Since medicine is dynamic (and so are the guidelines), CDSS should also be able to keep up with the changes. A decision support with outdated guidelines will defeat the purpose. It is also helpful to track the response of the users to the CDSS and evaluate the reports on a regular basis.

Now that we know more about clinical decision support systems, let us discuss CHITS. CHITS stands for Community Health Information Tracking System. It was developed by the National Telehealth Center (NTHC) to improve health information management at the rural health unit level. It was described as an “EMR for the health workers, by the health workers” since it was developed alongside health workers and was designed in such a way that it features a workflow that is similar to what is currently being employed in local health centers. It uses an open source software making it more flexible to the needs of both the RHU and the DOH. It was built to improve data-gathering at the RHU level to be able to generate more accurate reports, which will be later used to plan programs and effect changes on both local and national public health levels.

I was a student nurse rotating in the local health centers (in Metro Manila and Batangas) from 2006-2009 and I was a medical intern doing community rotation from 2012-2014. I have never encountered CHITS in any of the health centers I rotated at. There is limited information on what CHITS is and what is available so far (based on my internet search), so I will assume that my suggestions below are still non-existent.

In this scenario, barangay health worker (BHW) Dela Cruz is on duty at a rural health center. It’s vaccination day and Mommy Anna comes in with her children Karen and Nina, who are 2 years old and 9 months old, respectively. BHW Dela Cruz  briefly interviews Mommy Anna and gets pertinent data regarding her children. During the interview, she found out that Mommy Anna had just moved into the barangay and that her daughters have never received any type of vaccination. She was then asked by the mother which vaccines her daughters should receive. In the brief period that Dela Cruz has been a BHW, she has never actually encountered an infant or toddler who is naive to any type of vaccination.

I think that a useful CDSS in this scenario would be something that guides a healthcare worker (HCW) on the vaccinations a patient, particularly a pediatric patient, should receive. The minimum data required would be the patient’s birthday (the age should be computed automatically). When the software determines that the patient is a pediatric patient, the recommended vaccinations for patient based on age should be displayed. The HCW can then enter the date the vaccines were received (if any and if they were received elsewhere). It is at this point that any previous reactions to vaccines should also be documented. If there are none, as in the scenario above, the CDSS should show the recommended vaccines arranged by priority. The basis for the recommendation would be the guidelines based on DOH’s expanded program on immunization (EPI). Contraindications for vaccines in general or for a specific vaccine could also be shown. A trained barangay health worker (BHW) should be able to do a simple assessment, enter the birthdate, and identify which vaccinations a patient should receive. Once the vaccine has been administered, it is documented in the software. Ideally, if the vaccine is part of a series, the date for the next dose should be shown so that the BHW could inform the patient (or his/her guardian) on when to come back. The same CDSS should also be able to generate reports such as the type and quantity of vaccinations given on a daily, weekly, monthly, quarterly or annual basis or how many children are considered fully immunized. These types of reports could be married with statistics from the local government to determine the vaccine coverage in the area to assist in procurement of additional vaccines and to help plan for program that are related to vaccination.

Again, I have to admit that I am not aware if this is already being done in the RHUs. Considering the lack of healthcare professionals in the rural health units, particularly the geographically isolated and disadvantaged areas, this type of CDSS would be very helpful to the RHU healthcare workers and in helping attain the main goal of DOH’s EPI, which is to reduce the mortality and morbidity among children against the most common vaccine-preventable diseases.

I personally am using a vaccination application on my smart phone that was created by the Centers for Disease Control (CDC). It has recommendations based on age group or based on special populations (pregnant, person with HIV, etc.). As a standalone app, it has been very helpful to my in my practice and for my own personal use. Something similar could be incorporated to CHITS to help implement the immunization program of DOH.

That is it for week 11 of HI 201! Can you think of other clinical decision support systems that could benefit people especially in the remote areas where there is often limited access to healthcare? What do you think are pitfalls of CDSS?

As always, let me know in the comments below. I would love to hear and learn from you!



Personal Health Records – The Patient Tool

We’re more than halfway through the semester and I can honestly say that this course has been very enlightening so far. Over the first half of the semester, my preconceived notions about health informatics especially in the Philippines was basically shattered, and I am discovering that there is so much more to learn from this course than what I initially thought.

That being said, let us now dive into this week’s topic – personal health records.

The question we were asked was…

“What features are considered critical or most useful by users of Personal Health Records?”

In last week’s blog, I discussed electronic health records (EHR). In researching for that topic, it was only then that I realized that EHRs are not synonymous with electronic medical records (EMRs). I also learned that automated health records (AHRs) and computer-based patient records (CPRs) are also different. Now we will be adding patient health records (PHRs) to the mix.

According to, a personal health record or PHR is an “electronic application used by patients to maintain and manage their health information in private, secure and confidential environment.” The key phrase here is “used by patients”, since that is the main distinguishing feature of the EHR from the AHR, CPR, or EMR (Ideally in EHRs, there should be a component where patients can manage their data as well). Through PHRs, a patient can be more involved or proactive in the management of his own health since it allows him to enter, view and modify health data into the application. Aside from being a static repository of data, the more advanced PHRs have decision-support capabilities that assist patients in managing their conditions. They have the potential for to help analyze a patient’s health profile, identify health threats or deviation from normal at an earlier time which leads to prevention or early intervention, or provide improvement opportunities based on analysis of drug interactions, gaps in current medical care, and identification of medication errors. When the PHR is also made accessible to the clinician or health care provider, it facilitates communication between provider and patient for continuous exchange of health data.

With the rapid developments in technology also come numerous attempts at personal health record softwares or systems. However, PHRs have not received the same attention as EHRs and EMRs. There are several issues that arise when it comes to its adoption, and I believe that the two main issues are:

  • Quality of data – Since in PHRs patients are mostly the ones who enter the data, then how accurate are the data? Are they entered using medical or laymen terminology? Are the diagnoses accurate? Are the medications accurate? What about the laboratory and diagnostic results? Are they entered correctly? Abundant but poor-quality data defeats the purpose of the PHR.
  • Security and privacy of data – Most PHRs are web-based or mobile applications that were developed for commercial distribution and use. Unlike EHRs and EMRs with more robust security features since they are usually linked to bigger institutions, PHRs are, as mentioned, often web- or mobile-based. Data contained in a mobile app, for example, may only stored in the mobile device. If there is an option to store it elsewhere, it usually in a cloud-based storage (which is often another application not primarily intended to store medical data). Or the data could be exported as a PDF or Excel or Comma Separated Values file, and then sent to an intended user (ex. physician) via email. The transfer is usually not encrypted and therefore vulnerable to breach or exposure.

What, then, are the criteria for a good personal health record system or application? Kim and Johnson (2002), in their paper Personal Health Records: Evaluation of Function and Utility, reviewed and evaluated several web-based PHRs that were available the time based on several criteria. Under function, they evaluated the website application in terms of access, medical conditions, medications, laboratory test, diagnostic tests, and immunization. As for utility, they assessed whether the application could incorporate data to manage conditions at a basic and more comprehensive level of representation. The overall conclusion of the study was that the PHRs available then had limited functionality and therefore had limited ability to serve as adequate representations of medical information for use in clinical practice.

Basing on Kim and Johnson’s paper, the identified barriers to adoption and on my personal experience as well, I developed a scoring system for the evaluation of PHRs. This, in a way, also helps answer the driving question for this week “What features are considered critical or most useful by users of Personal Health Records?”


Each criterion is will be scored from 1 to 5, with 1 being the lowest and 5 the highest. The rating per category will be averaged at the end, and the overall score will serve as basis if the app will be recommended or not. PHRs that scored 5/5 will be highly recommended, 3-⅘ as recommended, and 1-⅖ as not recommended.

To explain further the scoring system I created, I signed up for personal health record. I was not able to find a PHR that was made or based in the Philippines. I settled for the top hit in Google, which is the application My Medical.

See slide presentation below for my review of the application.

I, personally, am very interested in PHRs because aside from the fact that I am a neat freak and I want to keep things organized, I am also a patient (under the care of multiple health care providers). I actually have a big binder at home documenting my health since 2007. It is a pain to carry it around whenever I have to visit my doctors, and after 9 years, the method is just not efficient anymore. The app I reviewed above will work for me because it appears more to be a static repository of data, which I prefer. However, non-medical personnel or laymen who want to use this to gaina more proactive role in the management of their health might find some of the features lacking, because it has limited decision-support capabilities and the means for communicating the health data contained in the app to a health care provider is also limited.
Disclaimer: The application is not sponsored and I paid for the app with my own money.
And that is it for this week’s blog! Do you agree with the scoring system I made? Are there other features you are looking for in a personal health record that were not part of my criteria? Given the features I showed above, is the app something you would consider using as well? Or have you tried other PHR applications?
As always, let me know in the comments below. Your input will be very much appreciated.


Electronic Health Records – What Are The Issues and Challenges of Implementation?

It’s week 8 of our health informatics class which means we’re halfway through the semester! 🙂

So for this week’s driving question, we were asked…

What are the issues and challenges in implementing electronic health records in primary care?

I have discussed the Philippine Health Information Exchange program (read it here) and have also broken down the components of the electronic medical records we use in our own company (read it here).

I can honestly say that this is one of the more relatable posts that I had to do, aside from the blog where I had to trace a patient’s steps as he consulted as an outpatient until he was admitted to the hospital. As a designated superuser of an electronic medical record system in a third-world country but working for a private, multinational first-world company, I have had my share of issues and challenges with EMRs. Being an initial end-user and then later being assigned as a superuser (my tasks include administrative components aside from plain use of the EMR for delivering primary health care), I have definitely encountered some of the difficulties and challenges in the implementation of the EMR.

Unlike the previous posts, however, I shall answer the driving question with the short presentation below:

To be honest, I was initially one of those who was (slightly) resistant to change when the EMR system was rolled out in the company, because I felt we were not adequately prepared for such a comprehensive system. I also have the same issues when it comes to ready availability of data (although my concern is more on the availability of statistics for reporting) given the system that we have. On the contrary, however, I am highly confident when it comes to the privacy and security of our system, since the company has always emphasized the importance of data privacy, even those data not related to health.
Let me know what you think! As always, comments, suggestions and questions will be appreciated. Let us discuss and learn together!



Philippine Health Information – How Can It Be Accessed and Exchanged?

Of the blogs I have had to publish in the last 5 weeks, I think this is the one I was most excited to do because the task relates to something I experience on a regular basis.

The question were were asked was…

How can patients access their data from different health care providers as they transfer care?

We were assigned to also draw a flowchart that details the information collected at every step for a patient with diabetes with a non-healing wound who consults at outpatient patient but subsequently admitted in the hospital.

Currently, there are only very few institutions in the country using electronic medical records. Most hospitals, clinics and centers, even the most advanced, still rely heavily on paper charts. While some components are through eHealth (laboratory results can be checked online, etc.), the actual patient encounters are still documented through paper and pen. No national program has been implemented that allows for transfer of and/or access to data among institutions, especially those between the private and public sectors.

For a patient, then, who will seek consultation in an outpatient clinic for the first time, the process can be tedious. Aside from providing general data, he/she will have to relay his/her entire medical history to the attending health care professional. Although the prudent thing to do, especially for physicians seeing patients for the first time, is to do a comprehensive history and physical examination, the process can be complicated as well. More often than not, patients – especially the elderly – are unable to give an accurate past medical history. Unfortunately, they also tend to be the ones with several comorbidities. They may not remember all the illnesses they were diagnosed with, the medications they are taking (especially the dose), the exact operations they underwent and in what year, etc., and some of those data can significantly impact their care. Afterwards, if they need to be admitted to a hospital where a different physician will have to attend to them, the whole process of eliciting the biographic data and entire medical history (from diagnosis to procedures to medications) has to be repeated. Generally speaking, manual systems like the one described above are inaccurate, cause delay, non-standardized, and use different terms for the same meaning or have different meanings for the same terms (Herbosa, 2015).

But if there was a standardized system data from different institutions (whether private or public) that can be accessed by health care providers attending to a singular patient, then the process would look something like the one shown below.


Assuming the diabetic patient has not had any previous consults, or his previous consults were done when there was still no standardized interoperable system, upon initial consult at the the outpatient clinic, he/she will be asked to register. The biodata entered should be able to generate a unique identifier for the patient, which will be used for future reference. An alternative would be using the Unified Multipurpose ID, which is a government-issued card that can be used for different government agencies (SSS, PAG-IBIG, PhilHealth and GSIS). This will be associated with a singular electronic medical record (EMR) for the patient, where all information will be in a single view at the point of care. The physician’s evaluation and management will then be documented in the EMR, from his complete medical history, physical examination, assessment and management plan. Ideally, the EMR should also be equipped with decision support tools and knowledge based information to guide the health care provider in managing the patient. If the patient needs to be admitted, he will only have to indicate his unique identifier code or present his UMID, which should allow the health care team in the hospital to pull up his EMR. Instead of doing the entire process and trying to elicit the entire history, what the inhospital physician could do is verify what was already written in the EMR. Not only does this save time and effort on both ends, but more importantly it allows for more accurate “endorsement” of medical care, since the physician could review the notes of the previous physician. While in the hospital, the patient’s course will be documented in the same EMR. After discharge, it is common especially for patients who have chronic illnesses to follow-up. During this time, the use of a unique identifier or UMID will help facilitate pulling up of records and enable continuity of medical care.

As I mentioned earlier, there is still no national program that has been implemented that allows for transfer of and/or access to data among institutions. However, efforts towards this have been in the works for several years.

The Department of Health (DOH) and Department of Science and Technology (DOST) have signed a Joint National Governance on eHealth. These two departments are the leads in attaining the vision of the Philippine eHealth Strategic Framework and Plan (PeHSFP).

The main purpose of the PeHSFP is to describe how the eHealth vision will be achieved to guide national coordination and collaboration, as well as set a clear direction and guidance to the ongoing future eHealth activities in the country.  And that vision is that …

By 2020, eHealth will enable widespread access to health care services, health information, and secure share and exchange patients’ information in support to a safer, quality health care, more equitable and responsive health system for all Filipino people by transforming the way information is used to plan, manage, deliver, and monitor health services.

In particular, one of the tools to achieve the vision will be through the Philippine Health Information Exchange (PHIE), which I already briefly discussed in this blog post. The key words here are standards and interoperability because the PHIE is a platform that allows authorized users to gain access to health information and share it across geographical and health sector boundaries. It is also a means for implementation of innovative ways to deliver health services and information. As long as the data are entered via a standardized format, they can be integrated into the system and later accessed. Examples of information which could be exchanged through the PHIE are demographics, health profiles, care plans, prescriptions, test orders and results, referrals, etc. Basically, it integrates all the different sources of health data (from the different EMRs – whether from private or public institutions, from urban or local areas – and different databases, etc.) into a national platform that is accessible to health consumers, health care providers, health care managers, policy makers, and researchers.


Health Information Exchange Diagram (DOH, 2014)

Specific to the health consumers, the idea is also for them (i.e. patients) to have controlled access to their individual health data, and for them to have the capacity to manage their health records. This step, I think, is crucial for empowering the Filipino people when it comes to taking charge of their health, since they will be more active players.

I sincerely hope that we achieve the eHealth vision by 2020. In particular, I’m very much interested in the full scale deployment of the PHIE because I think it would be a game changer in the way health care is delivered to the Filipino people.

That concludes this week’s blog post. It actually excites me to think that this is the direction we are headed. As a health consumer and a health care provider, I feel that the planned programs are promising.

As always, comments are welcome. Leave them down below and let’s discuss, yes?