HI 201 Journey – A Look Back

It has been a rollercoaster of a semester for me. I entered this course not fully understanding what I was getting myself into, but at the same time I was very hopeful that I would find my niche. And after 16 weeks of blogging and learning about the basics of this course, I can honestly say that I feel I belong here. I’m still struggling and I know there is still much to learn; however, I can now also see that there are so many opportunities for me in this field, opportunities which I am excited to explore.

Before moving on to the next semester, l’d like to look back at what has transpired over the last few months. Below are the highlights of each blog:

Week 2: Informatics, Global Health and eHealth
HI 201 - W2 Concept Map
Driving Question:
What is the relevance of informatics to global health and eHealth?

Highlights: Introduction to the very basic concepts which I had previously confused with. These concepts served as the foundation for this course.


Week 3: Health Informatics in the Philippines
HI 201 - W3 - Infographic
Driving Question:
How can we advance the field of health informatics in the Philippines?

Highlights:  I was honestly surprised when I discovered all the progress our country has had in terms of eHealth. It was my first introduction to RxBox, CHITS, and other local initiatives. Prior to this I was somehow pessimistic about the state of healthcare in the Philippines.



Week 4: Health Information Systems in Developing Countries
HI 201 - W4 - Mind Map Ver. 2
Driving Question:

How can health information systems be sustainable in developing countries?

Highlights: I was introduced to the concept of hybrids and learned about the ITPOSMO dimensions of health information system design-reality gap.


Week 5: Governance and Management in Health Informatics
Driving Question: 
Why are governance and management important in health informatics?

Highlights: I learned about the COBIT 5 business framework and how it relates to governance and management.



Week 6: Establishing the Philippine Health Information Exchange 
Driving Question: 
How can patients access their data from different healthcare providers as they transfer care?

Highlights: I learned more about the Philippine Health Information Exchange, which I thought was a very promising initiative and something which I hope I can actively get to be part of when I graduate this course.

Week 7: Enterprise Architecture in Healthcare
Driving Question: 
In a multistakeholder, multicomponent health information system, how can you ensure that all the players are doing their part?

Highlights: This assignment was a struggle for me and I had a difficult time understand what EA was, but I eventually got there! *happy dance*

Week 8: Electronic Health Records: Issues and Challenges
Driving Question: 
What are the issues and challenges in implementing electronic health records in primary care?

Highlights: This, for me, helped reinforced what I already knew about EMRs (not EHRs yet) since we are using one in the company I am working for.


Week 9: Personal Health Records
Driving Question: 
What features are considered critical or most useful by users of Personal Health Records?

Highlights: I was able to develop a scoring system for a PHR and use it to evaluate an app I bought from iTunes.


Week 10: Standards and Interoperability
Driving Question: 
How can healthcare institutions adopt standards to ensure interoperability?

Highlights: I learned about significance of standards and interoperability, and the role they will play in the successful implementation of the PHIE.


Week 11: Clinical Decision Support
chitsDriving Question: How can Clinical Decision Support Systems (CDSS) improve the quality of healthcare?

Highlights: Learning about the 10 commandments for CDSS was interesting for me. It was also fun trying to come up with a CDSS that can incorporated into CHITS, although it was challenging at the same time since I’m not really familiar with it.

Week 12: Knowledge Management and Information Retrieval
screen-shot-2016-11-28-at-12-12-25-amDriving Question: How can knowledge management improve access to healthcare research?
Highlights: I liked how the concepts above was explained. I used to mix up the concepts of data, information and knowledge. Answering this assignment also led me to the dengue vector eradication efforts in Pangasinan, which I thought was really interesting.

Week 13: Privacy, Confidentiality, Security and Trust
data-privacyDriving Question: What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Highlights: This assignment helped me educate myself further on the policies that were in place that protected the privacy rights of the Filipino patient. It was the perfect jumping board for the next blog, which had to do with the Data Privacy Act of 2012.

Week 14: Legal and Regulatory Issues in eHealth
Driving Question: 
Is the Data Privacy Act adequate to protect confidential health information?

Highlights: I have a couple of cousins who are lawyers, and it was enlightening discussing this Act with them. After reviewing this Act and its IRR, I have a couple of reservations as to how effectively this can be implemented. But I think it’s good that something like this exists, considering we are in the age where information and communication technologies are integral to the processes of many businesses, including healthcare.

Week 15: Telehealth
Driving Question: 
How can telehealth support healthcare delivery in the Philippines?

Highlights: I reviewed House Bill 4199 or the Telehealth Act of 2014 for this assignment. After reading the very comprehensive Data Privacy Act of 2012, I felt that this fell short in terms of comprehensiveness. I think this Act needs a lot of improvement before it can be implemented.

Week 16: mHealth

barriers_to_mobile_healthDriving Question: How can mobile applications be useful in primary care?

Highlights: I think that by the time I did this assignment, I was more or less convinced that my niche in health informatics is more of helping out the private sector, particularly the corporate world. While the general public, especially the underserved and the underprivileged need to be attended to, a population that also needs attention are the workers, especially those in the BPO or in similar industries. They present with unique health challenges, and this is what I would like to explore more in the future.

It was an incredible journey, indeed. I hope my blogs were informative enough. If you are medical student or an allied medical professional and you’re reading this, I hope I convinced you enough to give this field a shot. We need more like us!

As always, comments and questions are very much welcome. Leave them in the box below.



Telehealth – How Can It Change the Landscape of Health Care Delivery in the Philippines?

It’s the second to the last blog before the end of the semester. This week’s topic is all about telehealth. The question we were asked was…

How can telehealth support healthcare delivery in the Philippines?

To help answer this question, we were tasked to read and evaluate the Telehealth Act of 2014, and to suggest revisions, if any.

Telehealth, according to the Center for Connected Health Policy (n.d.) is “a collection of means or methods for enhancing health care, public health, and health education delivery and support using telecommunications technologies.” It is not a specific service but a term that describes the variety of technology and tactics to deliver virtual medical, health, and education services.

The practice of the use of telehealth services is more common in developed countries such as the US. In the Philippines, however, it is not as popular. Quite frankly, I finished nursing school and medical school without encountering a lecture on what it is and how it can be applied to our setting.

The Philippines is an archipelago composed of more than 7,600 islands. Our geography, while it has blessed us with incredible sights and natural wonders, has also made it more difficult for healthcare to be accessed and delivered. It is the same geography that constitutes the physical factors that characterize geographically isolated and disadvantaged areas or GIDAs. GIDAs are communities with marginalized population that are physically and socio-economically separated from mainstream society. They physical factors are mainly to geography and also includes difficult access due to weather conditions. Socio-economic factors, on the other hand, include high poverty incidence, presence of vulnerable sector, communities in or recovering from situation of crisis or armed conflict (Department of Health, n.d.).

With telehealth, the population that could potentially most benefit are those residing in GIDAs. The idea is that since they have difficulty access to healthcare, healthcare will be brought to them. This is one of the objectives of the Telehealth Act of 2014.

House Bill No. 4199, also known as the Telehealth Act of 2014, declares that “the State shall protect and promote right to health of the people and instill health consciousness among them. Henceforth, it is the intent of the Legislature to recognize the practice of telehealth as a legitimate means by which an individual may receive health care services from a health care provider without in-person contact with health provider. Telehealth or Telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize delivery of health care services in a setting or in a manner not otherwise authorized by law.”

Aside from the objective I mentioned above, other objectives of this Bill are to reduce the costs, set standards and establish regulations regarding the field, and strengthen the health system and infrastructure.

There are 20 sections to this Act. I have chosen the following to evaluate.

Section 9. Database. – All telehealth center and originating sites shall coordinate with DOH for consolidation of pertinent databases. DOH shall maintain and manage a national database for consults on clinical cases as well as health and medical education exchanges. Considering how important documentation is especially for something like this, I feel as if this section is severely lacking.

Having read the comprehensive IRR of the Data Privacy Act of 2012 in the previous blog, this, to me, needs further details. At the very least, the basic contents of the database should be enumerated. I would like to know if there are other types of data that should be gathered/documented when a consultation is done via telehealth.

Section 16. Standard of care. – The standard of care is the same as regardless whether a health care provider provides health care services in person or by telemedicine. Telehealth or telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize the delivery of health care services in a setting, or in a manner, not otherwise authorized by law. Telehealth shall not replace health care providers or relegate them less important role in the delivery of health care. The fundamental health care provider-patient can not only be preserved, but also augmented and enhanced. While I agree that the standard of care should be the same whether the consult is done in person or via telehealth, I think the Bill fails to capture the limitations on this type of service. Granted that the scope of medicine (or allied medical services) will not change in terms of what a doctor can do, it should also acknowledge that that the things a doctor cannot do. There  is a science to the practice of medicine (and other disciplines) that simply cannot be done via a video call or similar means. Section 5. Scope can be elaborated further to include limitations. Or limitations could be in a whole new section together, and in that section include what can and cannot be penalized. The way I see this Bill so far is that it is not healthcare provider-friendly. The providers are not protected the same way the patients are.

Overall, a good portion of the Bill, in my opinion, needs further refinement apart from the 2 sections I stated above. But the fact that it exists is promising, as this legitimizes the practice of telehealth (or telemedicine). This field will open up a lot of opportunities especially for patients and will help in positively changing the landscape of healthcare delivery to the Filipinos.

Have you read the Telehealth Act of 2014? What do you think? How open are you to the idea of using telehealth services? How do you think will that impact the way we practice medicine in the Philippines? Let me know in the comments below.



Data Privacy Act of 2012 – Is It Enough To Protect the Health Information of the Filipinos?

The countdown begins. Three more blogs to go before this semester closes. So for the 2nd to the last blog assignment (before the final paper/blog), we were asked this question…

Is the Data Privacy Act adequate to protect confidential health information?

There was supposed to be a debate about this. Due to lack of time, however, we were unable to conduct one. Nevertheless, let us discuss this latest law on data privacy.

In my previous blog, privacy was defined by Merriam-Webster (n.d) as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008),” and is declared under Section 3 of the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”

The latest law implemented relating to privacy is Republic Act (RA) 10173, otherwise known as the Data Privacy Act of 2012. Its implementing rules and regulations were promulgated last August 24, 2016. Under Section 2. Declaration of Policy, it states that “it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).”

Since we want to evaluate this law in terms of its adequacy in terms of protecting confidential health information, below are some definitions based on the RA.

  • Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
  • Sensitive personal information refers to personal information:
    • (2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings
    • (3) Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns

The Act encompasses to processing of all types of personal information; hence, it protects the processing of health information. However, I wanted to see if there were specific clauses related to health. They are as follows.

  • SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
    • (d) The processing is necessary to protect vitally important interests of the data subject, including life and health
    • (e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate
  • SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:
    • (c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing
    • (e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured

Since health information are classified under sensitive personal information, all clauses in this Act are applicable to a Filipino patient’s health information, even if there specific clauses related to health are only in Sections 12 and 13.

I have read the both the Act (read it’s entirety here) and the IRR (read its entirety here), and I think that it is sufficient to safeguard the health information of the Filipino people.

I’d like to emphasize the Rule VIII. Rights of Data Subjects. It enumerated several rights of the data subject under it, including: right to be informed, right to object, right to access, right to correct, and right to rectification, erasure or blocking. I believe that these in particular, especially when applied to health information, will highly empower the patients because it explicitly states their rights on what can and cannot be done for their health information.

Now that we are shifting towards the use of technology for the delivery of health, it appears as if there are more threats to the privacy and confidentiality of patients. With the use of electronic medical records, for example, health information is now more accessible not just to patients but to a whole new group of people (ex. developers of the software, administrators, other clinic staff) who would not have had the same access if we were still using paper charts. In the Act, Section 47. Registration of Personal Data Processing Systems states that “The personal information controller or personal information processor that employs fewer than two hundred fifty (250) persons shall not be required to register unless the processing it carries out is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes sensitive personal information of at least one thousand (1,000) individuals.” This is very important because as mentioned above, we are in the era where health technology is on the rise. With registration of systems (especially in major institutions), registration of data processing systems provides an additional layer of protection for the patients since institutions will now be liable to the Commission especially in the event of data breaches. Personal information controllers and processors will be identified and held liable, and the Commission will be able to monitor said institutions or organizations.

While I think that the Act is sufficient, I feel that more specific clauses on processing of health information should have been included and explicitly stated. Categorizing them all under sensitive personal information is not enough. For me, health information requires more special consideration. For example, the right of the data subject (i.e. patient) to correct, rectify, erase or block his/her health data will not be as easily done compared to changing demographic data. Several factors come into play like the professional opinion or assessment of the healthcare personnel who inputted and/or processed the data. Differing opinions from different professionals may also make it appear like the data is inconsistent or false in the eyes of a data subject who may not fully understand his/her health status. In conclusion, I believe this Act can be improved to better fit the rapidly changing health information needs of the Filipino people.

What do you think about this law? How to do think this impact the health landscape in the Philippines? Does it make you feel more secure about your personal information in general, knowing that this Act is now in place? Let me know what you think in the comments below.



Privacy and Confidentiality – What Policies Are In Place?

We are nearing the end of the semester. For this blog, I am going to talk about privacy and confidentiality. The driving question we were asked was:

What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Additionally, we were tasked to pick a hospital evaluate their document on privacy and confidentiality, if they had any.

As always, let’s define a couple of things first.

Merriam-Webster (n.d) defines privacy as “freedom from unauthorized intrusion.” As a constitutional right, it refers to “to make certain crucial decisions regarding their well-being without government coercion, intimidation, or interference (West’s Encyclopedia of American Law, 2008).”

Confidentiality, on the other hand, is defined as the “nondisclosure of information except to another person” (Mosby’s Medical Dictionary, 2009). In healthcare, it is often referred to the “principle in medical ethics that the information a patient reveals toa  health care provider is private and has limits on how and when it can be disclosed to a third party” (Dorland’s Medical Dictionary for Health Consumers, 2007).

In the Philippines, there are several policies in place which protects the Filipino patient’s privacy and confidentiality. Under the Bill of Rights in the 1987 Constitution (Official Gazette, n.d.), the right to privacy is declared under Section 3, where it states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.” There are additional laws that expound on and further protect this right, specific to privacy and confidentiality of health-related information. The table below is adapted from the paper of Antonio, Patdu and Marcelo (2013) on Health Information Privacy in the Philippines: Trends and Challenges in Privacy and Practice. It includes excerpts on the statutes and rules of court and administrative rules pertaining to the patient’s right to privacy in relation to the healthcare system.

The Medical Act of 1959

Republic Act No. 2382

(June 20, 1959)

Section 24. Grounds for reprimand, suspension or revocation of registration certificate. Any of the following shall be sufficient ground for reprimanding a physician, or for suspending or revoking a certificate of registration as physician:

(12) Violation of any provision of the Code of Ethics as approved by the Philippine Medical Association.

Philippine AIDS Prevention and Control Act of 1998

Republic Act No. 8504

(February 13,1998)

Section 2. (b) (1) The State shall extend to every person suspected or known to be infected with HIV/AIDS full protection of his/her human rights and civil liberties. Towards this end, the right of privacy of individuals with HIV shall be guaranteed.

Section 3. (n) Medical Confidentiality – refers to the relationship of trust and confidence created or existing between a patient or a person with HIV and his attending physician, consulting medical specialist, nurse, medical technologist and all other health workers or personnel involved in any counselling, testing or professional care of the former; it also applies to any person who, in any official capacity, has acquired or may have acquired such confidential information

Section 30, Article VI: Medical Confidentiality. – All health professionals, medical instructors, workers, employers,recruitment agencies, insurance companies, data encoders, and other custodians of any medical record, file, data, or test results are directed to strictly observe confidentiality in the handling of all medical information, particularly the identity and status of persons with HIV.

Section 31, Article VI: Exceptions to the Mandate of Confidentiality

Medical confidentiality shall not be considered breached in the following cases:

(a) when complying with reportorial requirements in conjunction with the AIDSWATCH programs provided in Section 27 of this Act;

(b) when informing other health workers directly involved or about to be involved in the treatment or care of a person with HIV/AIDS: Provided, That such treatment or care carry the risk of HIV transmission: Provided, further, That such workers shall be obliged to maintain the shared medical confidentiality;

(c) when responding to a subpoena duces tecum and subpoena ad testificandum issued by a Court with jurisdiction over a legal proceeding where the main issue is the HIV status of an individual: Provided, That the confidential medical record shall be properly sealed by its lawful custodian after being double-checked for accuracy by the head of the office or department, hand delivered and personally opened by the judge: Provided, further, That the judicial proceedings be held in executive session.


Dangerous Drugs Act of 2002

Republic Act No. 9165

(June 7, 2002)

Section 36. Authorized Drug Testing. The following shall be subjected to undergo drug testing:

(a) Applicants for driver’s license.

(b) Applicants for firearm’s license and for permit to carry firearms outside of residence.

(c) Students of secondary and tertiary schools.

(d) Officers and employees of public and private offices.

(e) Officers and members of the military, police and other law enforcement agencies.

(f) All persons charged before the prosecutor’s office with a criminal offense having an imposable penalty of imprisonment of not less than six (6) years and one (1) day shall have to undergo a mandatory drug test; and

(g) All candidates for public office whether appointed or elected both in the national or local government shall undergo a mandatory drug test.

Section 40. Records Required for Transactions on Dangerous Drug and Precursors and Essential Chemicals.

(a) Every pharmacist dealing in dangerous drugs and/or controlled precursors and essential chemicals shall maintain and keep an original record of sales, purchases, acquisitions and deliveries of dangerous drugs,

Section 60. Confidentiality of Records Under the Voluntary Submission Program. – Judicial and medical records of drug dependents under the voluntary submission program shall be confidential and shall not be used against him for any purpose, except to determine how many times, by himself/herself or through his/her parent, spouse, guardian or relative within the fourth degree of consanguinity or affinity, he/she voluntarily submitted himself/herself for confinement,treatment and rehabilitation or has been committed to a Center under this program.

Section 64. Confidentiality of Records Under the Compulsory Submission Program. – The records of a drug dependent who was rehabilitated and discharged from the Center under the compulsory submission program, or who was charged for violation of Section 15 of this Act, shall be covered by Section 60 of this Act. However, the records of a drug dependent who was not rehabilitated, or who escaped but did not surrender himself/herself within the prescribed period, shall be forwarded to the court and their use shall be determined by the court, taking into consideration public interest and the welfare of the drug dependent.

Anti-Violence Against Women and Their Children Act of 2004 Republic Act No. 9262

(March 8, 2004)

Section 44. Confidentiality. – All records pertaining to cases of violence against women and their children including those in the barangay shall be confidential and all public officers and employees and public or private clinics to hospitals shall respect the right to privacy of the victim.
Revised Rules of Evidence, Rules of Court

(March 14, 1989)

Section 24 (c), Rule 128: Disqualification by reason of privileged communication. The following persons cannot testify as to matters learned in confidence in the following cases: A person authorized to practice medicine, surgery or obstetrics cannot in a civil case, without the consent of the patient, be examined as to any advice or treatment given by him or any information which he may have acquired in attending such patient in a professional capacity, which information was necessary to enable him to act in capacity, and which would blacken the reputation of the patient.
Department of Health Guidelines in the Planning and Design of a Hospital and other Health Facilities (2004) Auditory and Visual Privacy

A hospital and other health facilities shall observe acceptable sound level and adequate visual seclusion to achieve the acoustical and privacy requirements in designated areas allowing the unhampered conduct of activities.

Philippine Health Insurance Corporation Benchbook Self-Assessment and Accreditation Process Manual 3.b.1 Standard: The organization documents and follows policies and procedures for addressing patients’ needs for confidentiality, privacy, security, religious counseling and communication.

Criteria: The hospital systematically determines, monitors and improves the extent to which patients’ needs for confidentiality, privacy, security, counseling and communication are addressed.

1.5.b.1 Standard: The organization’s personnel discharge their functions according to codes of ethical behavior and other relevant professional and statutory standards.

Criteria: The organization identifies and monitors personnel compliance with the code of ethics relevant to their respective disciplines.

Note: Some clauses were edited for length. Violations for the policies were no longer included in the text.

Aside from the laws stated above, we also have the Data Privacy Act of 2012. Under Section 2. Declaration of Policy, it states that “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected (Official Gazette, 2012).” Its implementing rules and regulations were released in August 2016, and there are clauses there that also pertain to privacy of health information. This Act will be discussed further in the next blog.

Now that we are aware of some of the policies that are in place to protect the Filipino patient’s privacy and confidentiality of health information, let us proceed to answering the task.

Unfortunately, I was not able to secure a privacy and confidentiality document from a hospital. However, since I am currently working as a medical officer, I have decided to review our privacy policy of our company.

There are several policies in place which aim to protect the privacy of the employees. Although there is no dedicated policy for health information except for the confidentiality and NDA for the electronic medical record (see below), the existing policies already include them.

To start, the company has defined personal data as “information that can directly or indirectly identify an individual, including employees, contractors, directors, shareholders, customers and anyone else with whom [the company] does business.” Sensitive personal data (SPD), on the other hand, is defined as a subset of Personal Data that has the potential of causing harm to an individual and therefore requires heightened protection and care. SPD should only be collected or handled when there is a specific legal, regulatory, or compelling business requirement and may require registration with local Data Processing authorities. SPD requires heightened security, and it should only be collected or processed when there is a specific legal, regulatory, or compelling business requirement.” Data collected for medical purposes (ex. pre-employment/periodic medical exams, consultations, etc.) are classified under sensitive personal data.  

Before discussing the policies, let me briefly enumerate 3 of the most important privacy imperatives of the company:

  • Only collect the personal data you need.
  • Only use personal data for the reason it was collected.
  • Don’t share personal data with anyone who doesn’t need it.

Now let us proceed to examples of policies/agreement that relate to information and privacy.

Data Privacy Within the normal course of business operations, the Company collects and processes personal data of individuals with whom the Company has business relationships. These personal data either identify a person or provide characteristics of an identifiable person. The Company respects the sensitivity of personal data; it is corporate policy that personal data be collected, processed, protected, transferred, stored, disclosed and disposed of in accordance with applicable laws and Company approved procedures.

It is the Company’s policy to:

  • Collect personal data in a legal manner and for specified legitimate business purposes only.
  • Process personal data only as necessary for the specified purposes.
  • Collect and process personal data by lawful and fair means and, where required, with the knowledge or consent of the individual.
  • Keep personal data as accurate and complete as possible for their intended purpose.
  • Permit individuals to review their personal data and to request correction of factual inaccuracies in accordance with and subject to Company standards, procedures and appropriate verification.
  • Secure personal data by reasonable and appropriate information protection safeguards as set forth by corporate policy on Information Protection.
  • Retain personal data in accordance with the corporate policy on Information Retention and when no longer required for the stated purpose or by law, destroy personal data in a manner which protects the confidentiality of the data.
  • Comply with all data privacy laws and regulations applicable to our business operations.
  • Integrate data privacy principles into our business activities, including, as necessary, agreements and arrangements with third parties, Joint Ventures and other companies with whom we have a business relationship.
  • Institute and maintain processes to coordinate enterprise-wide data privacy compliance activities, recognizing that many aspects of data privacy compliance can be implemented only at the local level.
  • Where appropriate, review and comment on proposed data privacy legislation, regulations or policies that may significantly impact our business; cooperate with appropriate government agencies to facilitate timely, reasonable and business-oriented solutions for data privacy issues that may arise.
  • Audit conformity with this policy through a comprehensive compliance program, including self-assessments and internal audits.
Information Protection The information assets of the Company are vital resources. These resources include information in any form, whether acquired or developed by the Company, and any systems that store, process, or transmit information. It is the policy of the Company to ensure the availability, integrity, and confidentiality of these resources in a manner that is consistent with risk and business value. All [company] Corporation employees and contractors have responsibility for properly protecting these resources.

It is the Company’s policy to:

  • Comply with all information protection laws and regulations.
  • Integrate information protection principles into every aspect of its business activities, including the structure of agreements and business arrangements with its Joint Venture, Alliance, and third party relationships.
  • Take cost-effective measures to ensure the availability, integrity, and confidentiality of Company information assets, considering current, as well as emerging, business needs and technology.
  • Ensure that processes are in place to manage enterprise-wide information protection issues, recognizing that some aspects of information protection can only be addressed at the Reporting Unit level.
  • Comply with established standards, follow good safeguarding practices and guidelines, and apply principles of risk assessment to ensure that Company information protection activities are conducted responsibly.
  • Participate in the formulation of information protection legislation, regulation, or policy issues that may significantly impact our business. Work actively with the appropriate governmental agencies to ensure timely, reasonable, and cost-effective solutions for issues wherever possible.
  • Ensure conformity with this policy through a comprehensive compliance program, including a self-assessment process.
Information Retention It is the Company’s policy to retain information for the minimum period necessary to:

  • Satisfy the Company’s operating requirements
  • Substantiate the Company’s holdings
  • Protect the Company’s interest in asserting and defending claims and lawsuits
  • Assure compliance with the retention requirements of applicable Government, Federal, State, and local laws and regulations

If a document or other form of information does not satisfy any one of these criteria, then it is not a Company “Record” and is not subject to retention and should not be retained.

Confidentiality and Non- Disclosure Agreement You are about to access patients’ protected health information (PHI). The system should only be accessed by authorized users. By logging in and accessing PHI, you acknowledge that you are doing so in accordance with HIPAA and your organization’s policies and procedures. Access is monitored and you will be held accountable for any activity on your login.

Organizational information may include, but is not limited to, financial, patient identifiable, employee identifiable, intellectual property, financially non-public, contractual, of a competitive advantage nature, and from any source or in any form (i.e. paper, magnetic or optical media, conversations, film, etc.), may be considered confidential. Information’s confidentiality and integrity are to be preserved and its availability maintained. The value and sensitivity of information is protected by law and by the strict policies of your organization. The intent of these laws and policies are to assure the confidential information will remain confidential through its use, only as a necessity to accomplish your organization’s mission.

While the first 3 are general policies for privacy, they are the same rules that my team and I follow when it comes to handling health data, and are also the same guidelines all health care professionals in our counterparts in other countries are using. Although not comprehensive, it makes it clear to us how to collect, process, store and destroy health data that we encounter. We also ensure to comply with local policies/guidelines set forth by the Department of Health (ex. policies on data retention and destruction). The general rule is that local laws supersede those of the company’s. In addition, since we are a private company, we have partner service providers/institutions that handle our employee’s health data. Examples are clinics where the employee’s perform their annual physical examinations. While we do not have direct control over how they handle data, we ensure that we do regular audits on said providers. We assess and verify if they are compliant with Philippine and company standards when it comes to managing health data. If they fail the audit, we discontinue our partnership with them.

As for the last example in the table above, it is the only guideline that is specific to the protection of health data. The agreement is posted at the login page of the electronic medical record. There was mention of the Health Insurance Portability and Accountability Act or HIPAA since our EMR was developed in the United States. The “policies of your organization” it was referring to are the first 3 policies that I have already discussed above.

The company policies, even though they are general policies on privacy and information, are acceptable in terms of safeguarding the privacy and confidentiality of health information of the employees. By following additional international and local policies on health, our practices on privacy and confidentiality are strengthened. I feel that considering our company’s primary business is not the delivery of healthcare, our operations in terms of health data privacy and confidentiality are comparable to those hospitals and clinics with the best standards of care.

Comments, as always, are welcome. Let me know your thoughts!



Knowledge Management – What Is Its Role in Healthcare Research?

This week, we are diving into knowledge management, another new concept we can both learn together.

The driving question is…

How can knowledge management improve access to healthcare research?

To answer the question above, we were tasked to pick a local public health problem and answer the driving question in relation to the public health problem.

Let me break it down and introduce a few concepts first.

Knowledge management (KM) is a concept that was first introduced roughly around the 1990s (Koenig, 2012). According to the Association of State and Territorial Health Officials or ASTHO (2005), is defined as “a process used by organizations and communities to improve how business is conducted by leveraging data and information that are gathered, organized, managed, and shared.” The Gartner Group (2016) defined it as “business process that formalizes the management and use of an enterprise’s intellectual assets. [Knowledge Management] promotes a collaborative and integrative approach to the creation, capture, organization, access and use of information assets, including the tacit, uncaptured knowledge of people.” Its goal is to move from “not knowing what you know” and using that knowledge to improve organizational effectiveness and efficiency (ASTHO, 2005). The building blocks of KM are data, information and knowledge, which are represented by the figure below:


Data is defined as “unprocessed representations of raw facts, concepts or instructions that can be communicated, interpreted, or processed by humans or automatic means (ASTHO, 2005).” An example of data is the number of dengue cases in a region. When meaning is assigned to data or when data is categorized, filtered or indexed, it now becomes information. In the dengue scenario, an example of information would be the number of dengue cases per district or barangay in the region. Finally, when processes like critical thinking, evaluation, structure or organization are applied to support decisions or understand concepts, information becomes knowledge. Knowledge is dynamic and evolving. It also has two types, namely: explicit and tacit. The former is also known as ‘book knowledge’ and refers to the “ordering of data and information according to well-defined, formalized procedures or rules.” On the other hand, the later refers to knowledge that is informal and that which is gained through experience and training. An example of knowledge in the dengue scenario is understanding the patterns of illness well enough to adjust preventative measures in a particular area.

When pieces of information are linked in meaningful ways, the information’s relevance to the problem at hand is established, and the information at hand is understood in larger context, there is translation of information to knowledge. This can then lead to knowledge translation which occurs when knowledge is put into action. (Straus et. al, 2011). The concept of knowledge translation is especially important because despite the abundance of evidence-based data, it has been found that there is still large gap between what is known and what is used in practice. In addition, there is a failure to use health research evidence in making informed decision related to healthcare.

For an organization to adapt the KM approach, the following components must be examined: culture, content, processes and technology (ASTHO, 2005). Culture is the organization’s shared set of beliefs, values, and understandings, and therefore varies from one organization to another. It is reflected by how and organization envisions, measures, and carries out its mission and responsibilities. Content refers to resources of the organization, which can range from data to information to skills to expertise. Meanwhile, processes are methods by which an organization manages data and information. They can be formal or informal. The processes are in place to ensure that content is created, assessed, management and disseminated effectively. Finally, technology has to be assessed in the context of why and how effectively it is used in an organization.

The role of knowledge management in public health is critical. To do their jobs, public health practitioners require accurate data and the ability to access data quickly from different sources and transform said data into useful information and knowledge. The officials, in particular, need up-to-date information for them to conduct analyses, report and generate vital information, and to collaborate with other agencies. In addition, the knowledge generated will guide decision-making in addressing public health concerns. Through KM, there can be an efficient way of developing and disseminating best practices and of continually assessing said practices for improvement.

In order to illustrate KM further, let us use dengue as a public health concern as an example. The dengue epidemic has plagued the Philippines since 1953 and continues to be a significant public health concern (Interhealth Worldwide, 2016) despite the many efforts of the Department of Health.

There was a recent article published, however, that featured the elimination of dengue cases through the combined efforts of a data analyst, professor, and local agency director. The story was a feature piece in Manila Bulletin and the subheadline mentioned that the answer to the dengue problem was not medicine but big data. It recounted how Wilson Chua, a big data analyst, was able to analyze the raw data on the dengue cases in Pangasinan provided to him by the Department of Health. He noted that the district of Bonuan had the highest number of cases in Pangasinan for 3 consecutive years, and that most of those infected were children aged 5-15. In doing his research, he found out that there were two public schools in the area (specifically Barangay Bonuan Boquig) with large pools of stagnant water in between, which were assumed as the source of the dengue vector.  Once he was able to identify the problem, he crowdsourced through social media (Facebook in particular) and got in touch with Professor Nicanor Melecio, the project director of the e-Smart Operation Center of Dagupan City Government, and Wesley Rosario, director at the Bureau of Fisheries and Aquatic Resources. Their solution to the problem was two-pronged, which was release of mosquito dunks and mosquito fish. They were able to implement this through the help of the local government. Thirty days after intervention, there was still no report of dengue cases in the area (you can read the full story here).

This article caught my attention for several reasons. One, I found it amazing that they were able to find a solution that could help address the dengue problem in the country. While I am aware that their solution is not applicable to other areas (ex. urban poor areas where large pools of water are not present and mosquito fish release is not feasible), it still impresses me how they were able to collaborate and come up with a solution. Two, the initial efforts were not made by a public health professional but by an analyst who just happened to have a personal interest in the situation. Third, his collaborators were not from the Department of Health. Fourth, DOH gave him raw data. (It was mentioned in the article that he was given an file with 81,000 rows of data. Aren’t there data privacy concerns?) Lastly, it mentioned that ‘big data’ was the solution.

Let me take a quick detour and discuss that last point. Big data, according to Tech Target, is a term that refers to a voluminous amount of structured, semi-structured, or unstructured data that has potential to be mined for information. There is no consensus on what ‘voluminous’ equates to in terms of volume or size, although it often refers to terabytes, petabytes, or exabytes of data captured over time. It is often characterized by extreme volume of data, wide variety of data types, and the velocity with which the data must be processed.

Going back, it now makes me wonder about how DOH has handled the massive amount of data that they have. Have they thought of Mr. Chua and his team’s interventions before? Based on the article by Lomibao (2013) in the Philippine Inquirer, Mr. Rosario mentioned that mosquito fish has been in the country for decades. Mosquito dunks are also not a new concept. But is the two-pronged approach new? If it showed promising results in Pangasinan, are there efforts to disseminate the information and replicate it in regions with similar topography? Is further research being done to address the feasibility of this solution and its long-term effects?

Recalling the 4 components of KM, I’ll now discuss how each of those components would play a role in improving access to healthcare research given the scenario above. Organization in the following paragraph will refer to the Department of Health.

The ideal culture in an organization is one where leadership plays a strong role in establishing the cultural will to support and maintain practices such as data documentation and dissemination of results. Considering the nature of public health, leadership should also be able to effectively communicate and coordinate with other organizations. It will help in understanding how the practices of others might be leveraged. First, recognizing the efforts of Mr. Chua is imperative. Given his and his collaborators’ success, a more wide-scale feasibility study should be done on the intervention that they did. Long-term effects of said intervention should likewise be performed, since the Department of Environment and Natural Resources’ Protected Areas and Wildlife Bureau (PAWB) has already expressed their concern over the potential negative and irreversible impact on our fragile biodiversity (Lomibao, 2013). At least for this particular aspect of dengue vector control and management, the DOH should work with BFAR, PAWB and the local government.

For content, one of the most significant challenges is capturing tacit knowledge, which means making it easy for individuals to share what they know through training, collaborative opportunities, networking, and other personal interactions. Mr. Chua can be considered as a potential content resource of the organization. I assume that there are already people employed by the DOH who do what Mr. Chua does, but he can help by sharing his knowledge on how he analyzed the data that was given to him.

As for processes, the ideal scenario is that the data and information management processes that exist in the organization are driven by the needs identified from the agency’s business activities. Given the nature of the public health sector, the data it collects is usually shared with external organizations aside for its intended personal use. Because of this, data and information management processes should make it possible for the DOH to share their data in a way that is understable and meaningful to other sectors, such as the local government or BFAR.

Lastly, for technology, it is already a reality that the public health sector has been increasingly using electronic technology to collect, store, access, analyze, visualize and communicate data. However, there remains a gap in the availability of personnel who both have an expertise in information technology and in public health, or the so-called hybrids. If the gap in hybrids cannot be addressed for now since it needs specialized training, the DOH could continue its efforts to collaborate with experts in different fields to address the problem.

If the above core components are present in an organization such as the Department of Health, knowledge on dengue and means for vector control would be more accessible. It will also encourage and allow for further research to be done. 

That is it for week number 12 of HI 201. I have a couple of questions for you.

First, do you agree that big data was indeed the answer to the dengue problem (at least for Pangasinan)? Second, do you think your organization (if you belong to one) is ready to adopt knowledge management approach?

Let me know in the comments below.


Clinical Decision Support Systems – How Can They Impact Healthcare?

Let’s skip the intro and dive right into this week’s assignment. The driving question that we needed to answer was…

“How can Clinical Decision Support Systems (CDSS) improve the quality of healthcare?”

Aside from the question above, we were tasked to think of a clinical scenario and suggest a clinical decision support system embedded within CHITS to address this.

A clinical decision support system or CDSS, according to Jaspers et. al (2010) is a tool that provides “clinicians or patients with computer-generated clinical knowledge and patient-related information, intelligently filtered or presented at appropriate times, to enhance patient care.” Another definition was provided by Souza et. al (2011) which describes CDSS as “computerized matching of an individual patient’s characteristics with a knowledge base that then provides patient specific recommendations to healthcare providers.” Common examples of CDSS are those that check for drug-drug interactions among the medications of a patient or those that check for possible drug-disease precautions or contraindications, reminder and recall systems for immunizations, prompts for  clinicians to initiate smoking cessation interventions, blood pressure screening, or laboratory/radiology testing among others. CDSS can exist independent of electronic medical records (EMRs) or may be incorporated into them. The idea is that CDSS will provide decision support to users at the time they make decisions, which should result in improved quality of care. For example, it can alert a physician that his/her medication of choice has a drug-drug interaction with a patient’s existing medication. Or it could also alert the healthcare practitioner (HCP) that his/her choice of medication can potentially aggravate a patient’s condition. Other examples are reminders such as the need for mammographic screening in women older than 40 or 45 years old, or the recommended vaccinations for an infant who is 14 weeks old. In the paper by Bates et. al (2003), they identified 10 “commandments” for an effective CDSS. I will enumerate and briefly explain them below.

  1. Speed is everything. As mentioned above, the overall goal of CDSS is to provide decision support at the time the decision is being made. Bates et. al has found that the speed of an information system is the parameter that users value most.  A good IS, therefore, will less likely be seen as helpful if it takes time for decision support to be shown or accessed. I imagine this would be more applicable to settings wherein there is a long queue of patients who need attention.
  2. Anticipate needs and deliver in real time. This pertains to making the necessary information available to clinicians at the time they need it. An example of which is emphasizing high potassium levels in a patient receiving a potassium-sparing diuretic in a patient with hypertension or congestive heart failure.
  3. Fit into the user’s workflow. In one of my earlier blogs, I mentioned that one of involvement of the end users as early as the planning or design phase is one of the determinants for success of a health information system. Part of involving users is making sure that the proposed IS will work well with their current workflow. A new software (or CDSS in particular), even when equipped with excellent guidelines, will likely meet resistance when it significantly changes the workflow of the end users (unless the workflow is the actual problem and it NEEDS to be changed).
  4. Little things can make a big difference. This sounds cliché to me but its applicability, even to CDSS, cannot be ignored. Little things in the CDSS can spell the success or failure of the system. For example, requiring a physician to enter his/her diagnosis using ICD codes (with a drop-down button) as opposed to entering it in free text will better help in ensuring that diagnoses for the patients are entered in a standard way. If part of the CDSS, then, is checking for drug-disease interactions, the system will be more accurate in delivering such information because the diagnoses are standardized.
  5. Recognize that physicians will strongly resist stopping. For example, your CDSS tells the physician that no further tests are recommended for the patient. However, the physician has been used to ordering a chest x-ray for similar cases. Since the CDSS only mentioned to stop but did not offer an alternative, the physician will most likely override the said recommendation and continue to order the chest x-ray. The same is applicable for medications, such that giving no or an undesirable alternative to the physician prescribing the medication will most likely make him/her prescribe the medication he had intended to.  
  6. Changing direction is easier than stopping. This is in relation to the previous number. An example of change would be changing the default dose and frequency of a drug when a physician orders it. Unless the physician has specific reason to change the dose and/or frequency, he/she will be more likely to use the suggested/default dose/frequency.
  7. Simple interventions work best. An alternative to this statement would be less is more. The most important guidelines for a medication, for example, should fit in the HCP’s screen. It might be helpful to have it linked to a more comprehensive or complete list of guidelines, which should also be readily accessible to the clinician with a few clicks.
  8. Ask for additional information only when you really need it. In CDSS that are integrated into the EMR, there are patient data that are already available for use by the CDSS to be able to give decision support. If the data is insufficient, the HCP will be asked to enter additional data. In stand-alone CDSS, most data will have to be entered by the HCP. According to Bates, et. al, “the likelihood of success in implementing a computerized guideline is inversely proportional to the number of extra data elements needed.” Therefore, it would be best if the least amount of data is asked of the HCP to be able to provide meaningful decision support, as a system that requires an HCP to enter several data will be something that a clinician is less likely to use, especially considering the usually limited amount of time HCPs have in dealing with their patients.
  9. Monitor impact, get feedback, and respond. How likely are clinicians to accept the suggestions of the CDSS? How often do they overlook the suggestions? How do their actions impact process flow, or more importantly, patient care and patient outcomes? It is essential to know the answers to these, and make corrective actions even mid-course to improve the CDSS.
  10. Manage and maintain your knowledge-based systems. CDSS suggestions are most often based on local/international guidelines. Since medicine is dynamic (and so are the guidelines), CDSS should also be able to keep up with the changes. A decision support with outdated guidelines will defeat the purpose. It is also helpful to track the response of the users to the CDSS and evaluate the reports on a regular basis.

Now that we know more about clinical decision support systems, let us discuss CHITS. CHITS stands for Community Health Information Tracking System. It was developed by the National Telehealth Center (NTHC) to improve health information management at the rural health unit level. It was described as an “EMR for the health workers, by the health workers” since it was developed alongside health workers and was designed in such a way that it features a workflow that is similar to what is currently being employed in local health centers. It uses an open source software making it more flexible to the needs of both the RHU and the DOH. It was built to improve data-gathering at the RHU level to be able to generate more accurate reports, which will be later used to plan programs and effect changes on both local and national public health levels.

I was a student nurse rotating in the local health centers (in Metro Manila and Batangas) from 2006-2009 and I was a medical intern doing community rotation from 2012-2014. I have never encountered CHITS in any of the health centers I rotated at. There is limited information on what CHITS is and what is available so far (based on my internet search), so I will assume that my suggestions below are still non-existent.

In this scenario, barangay health worker (BHW) Dela Cruz is on duty at a rural health center. It’s vaccination day and Mommy Anna comes in with her children Karen and Nina, who are 2 years old and 9 months old, respectively. BHW Dela Cruz  briefly interviews Mommy Anna and gets pertinent data regarding her children. During the interview, she found out that Mommy Anna had just moved into the barangay and that her daughters have never received any type of vaccination. She was then asked by the mother which vaccines her daughters should receive. In the brief period that Dela Cruz has been a BHW, she has never actually encountered an infant or toddler who is naive to any type of vaccination.

I think that a useful CDSS in this scenario would be something that guides a healthcare worker (HCW) on the vaccinations a patient, particularly a pediatric patient, should receive. The minimum data required would be the patient’s birthday (the age should be computed automatically). When the software determines that the patient is a pediatric patient, the recommended vaccinations for patient based on age should be displayed. The HCW can then enter the date the vaccines were received (if any and if they were received elsewhere). It is at this point that any previous reactions to vaccines should also be documented. If there are none, as in the scenario above, the CDSS should show the recommended vaccines arranged by priority. The basis for the recommendation would be the guidelines based on DOH’s expanded program on immunization (EPI). Contraindications for vaccines in general or for a specific vaccine could also be shown. A trained barangay health worker (BHW) should be able to do a simple assessment, enter the birthdate, and identify which vaccinations a patient should receive. Once the vaccine has been administered, it is documented in the software. Ideally, if the vaccine is part of a series, the date for the next dose should be shown so that the BHW could inform the patient (or his/her guardian) on when to come back. The same CDSS should also be able to generate reports such as the type and quantity of vaccinations given on a daily, weekly, monthly, quarterly or annual basis or how many children are considered fully immunized. These types of reports could be married with statistics from the local government to determine the vaccine coverage in the area to assist in procurement of additional vaccines and to help plan for program that are related to vaccination.

Again, I have to admit that I am not aware if this is already being done in the RHUs. Considering the lack of healthcare professionals in the rural health units, particularly the geographically isolated and disadvantaged areas, this type of CDSS would be very helpful to the RHU healthcare workers and in helping attain the main goal of DOH’s EPI, which is to reduce the mortality and morbidity among children against the most common vaccine-preventable diseases.

I personally am using a vaccination application on my smart phone that was created by the Centers for Disease Control (CDC). It has recommendations based on age group or based on special populations (pregnant, person with HIV, etc.). As a standalone app, it has been very helpful to my in my practice and for my own personal use. Something similar could be incorporated to CHITS to help implement the immunization program of DOH.

That is it for week 11 of HI 201! Can you think of other clinical decision support systems that could benefit people especially in the remote areas where there is often limited access to healthcare? What do you think are pitfalls of CDSS?

As always, let me know in the comments below. I would love to hear and learn from you!



Standards and Interoperability – How Can These Be Adopted?

This week, we are diving further into the basics of health informatics. Our focus would be on interoperability, with the driving question…

How can healthcare institutions adopt standards to ensure interoperability?

We were tasked to pick among messaging, terminology, and imaging – the three broad categories of standards – and to prepare a master plan for its adoption in a government setting.

As always, let me start by defining some terms.

Standardization is defined by Investopedia as “a framework of agreements to which all relevant parties in an industry or organization must adhere to ensure that all processes associated with the creation of a good or performance of service are performed within set guidelines.” Adebesin, et. al. (2013) stated that this is the key to interoperability. eHealth Interoperability, in particular, is defined as the “ability of two or more systems or components and the business processes they support to exchange information and to use the information that has been exchanged.”

While there remains no consensus on the levels of interoperability, the European Telecommunication Standards Institute has identified 4 levels, namely: technical, syntactic, semantic, and organizational. Technical interoperability enables heterogeneous systems to exchange data. Syntactic interoperability, on the other hand, guarantees the preservation of the clinical purpose of the data during transmission among healthcare systems. Meanwhile, semantic interoperability is that which enables multiple systems to interpret the information that has been exchanged in a similar way through predefined meaning of shared concepts. Finally, organizational interoperability, the highest level of interoperability, facilitates the integration of business processes and workflows beyond the boundaries of a single organization.

I would like to focus on semantic interoperability. To me, when simply put, this means that different systems understand each other. It’s like different people speaking and understanding each other using English, for example, despite the fact that they have different nationalities. Of the three broad categories of standards, semantic interoperability focuses on terminology.

One example of a terminology standard is SNOMED-CT. The International Health Terminology Standards Development Organisation (IHTSDO) owns and distributes SNOMED-CT. The claim is that it is the world’s most comprehensive multilingual clinical healthcare terminology that enables consistent, processable representation of clinical content in electronic health records. Its goal is to facilitate the accurate recording and sharing of clinical and health-related information and the semantic interoperability of health records. The way it works is that the content is represented using three types of components – content, description, and relationship. First, the concepts in SNOMED-CT, which represent clinical thoughts, have a corresponding unique identifier. Each concept is also associated with a single unambiguous Fully Specified Name (FSN) that contains the semantic tag and identifies the hierarchy to which the concept belongs. A concept can have one or more descriptions, and descriptions also have a unique description identifier. Finally, relationships link concepts together and provide formal definitions and other properties of the concept. Below is an example of how the components are interrelated:

screen-shot-2016-10-25-at-11-32-46-pmIn more plain and basic terms, SNOMED-CT is like a comprehensive dictionary where health data are defined, and at the same time functions as a thesaurus where synonyms of terminologies can be found (although SNOMED-CT is definitely more than this).

When incorporated into an electronic health record, for example, it allows uniform entry and interpretation of data. The encoded data can later be reused and presented for a variety of purposes. For example, clinical records represented using SNOMED-CT can be processed and presented in different ways to support direct patient care, clinical audit, research, epidemiology, management, and service planning.

IHTSDO has been working with other standards bodies like the ISO and HL, and they map from and to other code systems. As mentioned earlier, it is also multilingual. These ensure not only the applicability of SNOMED-CT to different disciplines but it also reinforces its global applicability. At the same time, it is also scalable and flexible and could adjust to local requirements, if necessary.

In the local setting, part of the Department of Health has already outlined the Philippine eHealth Strategic Framework and Plan (PeHSFP) 2014-2020. We are developing our own National Health Data Dictionary, which will function similar to SNOMED and will be integral to the implementation of the Philippine Health Information Exchange (PHIE).

hie-2The above image illustrates the PHIE. Note that on the upper right corner, under health data standards, is terminology. This is where the National Health Data Dictionary comes in. It will be used to ensure good data quality among the different systems that will be integrated in the PHIE.

If a government hospital, then, needs to adopt this standard, how will they do so? In a previous blog, I enumerated and briefly described the 7 components of eHealth projects according to the PeHSFP, namely: (1) governance; (2) legislation, policy, and compliance; (3) standards and interoperability; (4) strategy and investment; (5) infrastructure; (6) human resource, and; (7) eHealth solution.

Because we are talking about a government hospital, most of the components will be coming not just from the board or the hospital administrators but through mandates of the national and local government. For example, the creation of the National Governance Steering Committee and Technical Group on eHealth and the National eHealth Governance Implementing Policies, Procedures and Guidelines will be through creation of administrative orders. The same applies for other mandates that will come from the national government. Examples of which are the National Implementation of Health Data Standards for eHealth Standardization and Interoperability, the Implementation of Software Data Compliance to National Health Data Reporting, Implementation of Philippine Health Information Exchange and its Implementing Policies, Procedures and/or Guidelines, and creation and updating of the National Health Data Dictionary. To comply, a government hospital would then implement said administrative orders. The electronic health system they will use will most likely be a software that was developed for government hospitals in the Philippines. In that scenario, the said system would also have already been compliant with the parameters set forth by the Software Data Compliance Body. In addition, encoding of data would also make use terminologies of the National Health Data Dictionary.

Let’s say, however, that a government hospital, for whatever reason, was not required to be part of the PHIE but would like to become one. It still has to start with governance, who will decide on the kind of eHealth system that the hospital will use. They should create the necessary policies and implementing orders for the said project, which would be better handled by a specialized team dedicated to creating, implementing, and maintaining the system. Part of the planning and design for the project would already involve sourcing for funds for the project, hiring and training the right people, and ensuring that the system has adequate infrastructure to run the software. Specific to terminology and in effect, ensuring data quality, is integrating the coded terminologies under the National Health Data Dictionary into the software. This will make the software interoperable with the other systems that are likewise part of the PHIE.

In ensuring interoperability in general, there has been a lot of discussion on the use of open source software. As the name implies, open source in terms of software development and licensing means that the source code is accessible and modifiable by the end user. This is in contrast to proprietary software wherein the source code is confidential and the end user can access and execute only the machine code. The argument, according to Reynolds and Wyatt (2012), is that “open source software (OSS) licensed HIS provide a key opportunity for the promotion of effective systems by enhancing clinical engagement in software development, fostering innovation, improving system usability, and reducing costs, and should therefore be central to a rational HIS procurement strategy.” With OSS, there will be lower entry barriers and developers would have to compete with implementation of the same standards. The ultimate beneficiary of these would be the consumers, since use of OSS would encourage innovation and lowered cost from developers. There would also be no fear of lock-in, and the consumers can freely switch to another product without losing their data. A real-life example of this would be the use of the Android operating system. The Android operating system is based from the Android Open Source Project (AOSP). There are a variety of mobile phones operating using Android OS, and a user can switch from one brand of cellphone to another and bring their data along with them, since there are numerous applications that run using the said OS. In the healthcare setting in the Philippines, this would translate to developers using the same source code in the development of their eHealth systems. The health data would be structured in the same way, even if different softwares are used. With the use of a common health data dictionary to code for the data to be entered into the system, the terminology would be the same as well. This means that even if a healthcare institution discontinues the use of a particular software and later on switches to another one, as long as the said software used is running on a similar source code or is compliant with the standards set forth by the PHIE, migration would be possible.

And that is it for this week’s blog! I had a rather difficult time understanding the concepts but I hope I was able to make some sense. I feel that as the course progresses and as I make more blogs, things are starting to become more cohesive. It’s also the reason why I’ve been referring to the content of previous blogs more often (especially that of PHIE). Let me know your thoughts and I hope we can discuss!



Personal Health Records – The Patient Tool

We’re more than halfway through the semester and I can honestly say that this course has been very enlightening so far. Over the first half of the semester, my preconceived notions about health informatics especially in the Philippines was basically shattered, and I am discovering that there is so much more to learn from this course than what I initially thought.

That being said, let us now dive into this week’s topic – personal health records.

The question we were asked was…

“What features are considered critical or most useful by users of Personal Health Records?”

In last week’s blog, I discussed electronic health records (EHR). In researching for that topic, it was only then that I realized that EHRs are not synonymous with electronic medical records (EMRs). I also learned that automated health records (AHRs) and computer-based patient records (CPRs) are also different. Now we will be adding patient health records (PHRs) to the mix.

According to HealthIT.gov, a personal health record or PHR is an “electronic application used by patients to maintain and manage their health information in private, secure and confidential environment.” The key phrase here is “used by patients”, since that is the main distinguishing feature of the EHR from the AHR, CPR, or EMR (Ideally in EHRs, there should be a component where patients can manage their data as well). Through PHRs, a patient can be more involved or proactive in the management of his own health since it allows him to enter, view and modify health data into the application. Aside from being a static repository of data, the more advanced PHRs have decision-support capabilities that assist patients in managing their conditions. They have the potential for to help analyze a patient’s health profile, identify health threats or deviation from normal at an earlier time which leads to prevention or early intervention, or provide improvement opportunities based on analysis of drug interactions, gaps in current medical care, and identification of medication errors. When the PHR is also made accessible to the clinician or health care provider, it facilitates communication between provider and patient for continuous exchange of health data.

With the rapid developments in technology also come numerous attempts at personal health record softwares or systems. However, PHRs have not received the same attention as EHRs and EMRs. There are several issues that arise when it comes to its adoption, and I believe that the two main issues are:

  • Quality of data – Since in PHRs patients are mostly the ones who enter the data, then how accurate are the data? Are they entered using medical or laymen terminology? Are the diagnoses accurate? Are the medications accurate? What about the laboratory and diagnostic results? Are they entered correctly? Abundant but poor-quality data defeats the purpose of the PHR.
  • Security and privacy of data – Most PHRs are web-based or mobile applications that were developed for commercial distribution and use. Unlike EHRs and EMRs with more robust security features since they are usually linked to bigger institutions, PHRs are, as mentioned, often web- or mobile-based. Data contained in a mobile app, for example, may only stored in the mobile device. If there is an option to store it elsewhere, it usually in a cloud-based storage (which is often another application not primarily intended to store medical data). Or the data could be exported as a PDF or Excel or Comma Separated Values file, and then sent to an intended user (ex. physician) via email. The transfer is usually not encrypted and therefore vulnerable to breach or exposure.

What, then, are the criteria for a good personal health record system or application? Kim and Johnson (2002), in their paper Personal Health Records: Evaluation of Function and Utility, reviewed and evaluated several web-based PHRs that were available the time based on several criteria. Under function, they evaluated the website application in terms of access, medical conditions, medications, laboratory test, diagnostic tests, and immunization. As for utility, they assessed whether the application could incorporate data to manage conditions at a basic and more comprehensive level of representation. The overall conclusion of the study was that the PHRs available then had limited functionality and therefore had limited ability to serve as adequate representations of medical information for use in clinical practice.

Basing on Kim and Johnson’s paper, the identified barriers to adoption and on my personal experience as well, I developed a scoring system for the evaluation of PHRs. This, in a way, also helps answer the driving question for this week “What features are considered critical or most useful by users of Personal Health Records?”


Each criterion is will be scored from 1 to 5, with 1 being the lowest and 5 the highest. The rating per category will be averaged at the end, and the overall score will serve as basis if the app will be recommended or not. PHRs that scored 5/5 will be highly recommended, 3-⅘ as recommended, and 1-⅖ as not recommended.

To explain further the scoring system I created, I signed up for personal health record. I was not able to find a PHR that was made or based in the Philippines. I settled for the top hit in Google, which is the application My Medical.

See slide presentation below for my review of the application.

I, personally, am very interested in PHRs because aside from the fact that I am a neat freak and I want to keep things organized, I am also a patient (under the care of multiple health care providers). I actually have a big binder at home documenting my health since 2007. It is a pain to carry it around whenever I have to visit my doctors, and after 9 years, the method is just not efficient anymore. The app I reviewed above will work for me because it appears more to be a static repository of data, which I prefer. However, non-medical personnel or laymen who want to use this to gaina more proactive role in the management of their health might find some of the features lacking, because it has limited decision-support capabilities and the means for communicating the health data contained in the app to a health care provider is also limited.
Disclaimer: The application is not sponsored and I paid for the app with my own money.
And that is it for this week’s blog! Do you agree with the scoring system I made? Are there other features you are looking for in a personal health record that were not part of my criteria? Given the features I showed above, is the app something you would consider using as well? Or have you tried other PHR applications?
As always, let me know in the comments below. Your input will be very much appreciated.


Enterprise Architecture – What Is It and How Can It Be Applied to HIS?

It’s week 7 for Health Informatics 201 and this week, the driving question we were asked was…

In a multistakeholder, multicomponent health information system, how can you ensure that all the players are doing their part?

The assignment is for us to also answer the question, “What enterprise architecture frameworks are available and which one is the best for the health sector?”

Before diving into the driving question, let’s tackle enterprise architecture first.

What is enterprise architecture? Enterprise architecture (EA), according to Sessions (2007), is a field that emerged to answer two major problems – system complexity and poor business alignment. The use of IT systems in businesses, while they contributed to success and competitiveness, also came with increasing cost and complexities. EA aims to reduce those problems while increasing business value and effectiveness.

There are 4 methodologies that are most commonly used in EA and they are: 1) Zachman Framework for Enterprise Architectures, 2) The Open Group Architectural Framework, 3) The Federal Enterprise Architecture, and 4) The Gartner Methodology. I will be briefly discussing each below.

The Zachman Framework, as described by its creator, is a “logical structure for classifying and organizing the descriptive representations of an Enterprise that are significant to the management of Enterprise, as well as to the development of the Enterprise’s system.” He proposed that there are 6 descriptive foci (data, function, network, people, time, and motivation), and six player perspectives (planner, owner, designer, builder, subcontractor, and enterprise). When all are plotted against a grid, each focus will have six perspectives; conversely, each perspective will have six foci. Through the use of this framework, it will be easier to show a stakeholder’s perspective from all angles; it will also be easier to see who is assigned to what, as the relationships are more clearly defined. The downside of this system, however, is that while it shows relationships or categories, it doesn’t show process for creating the enterprise architecture.

On the other hand, The Open Group Architectural Framework or TOGAF, gives us what Zachman doesn’t – methodology. It describes the process for creating the categories. It has what it calls an Enterprise Continuum – a continuum of architectures ranging from the highly generic to the highly specific. The most generic of the levels is Foundation Architectures. As you go along the continuum, from Common Systems Architectures to Industry Architectures and finally to Organizational Architectures, the architectural principles become more specific. The process that drives the movement from the most generic to the specific level is the Architecture Development Method (ADM). ADM consists of eight phases that are cycled after preliminary phase, and they are: 1) architecture vision, 2) business architecture, 3) information systems architecture, 4) technology architecture, 5) opportunities and solutions, 6) migration planning, 7) implementation governance, and 8) architecture management. I will not discuss the phases individually but what is important to point out is that there are tasks/deliverables for each phase. After implementation (phase 7) and modification of the architectural change-management process (phase 8), the cycle is repeated. One of the main goals of ADM is the transfer of information, so that as more iterations of the cycle are completed, there will less and less need to involve the TOGAF enterprise architect.

The third framework is the Federal Enterprise Architecture or FEA. This was created in an attempt to unify the different agencies and functions under the federal government. It is a combination of the two previous frameworks I discussed, Zachman and TOGAF, as this includes both categories and processes. It has five reference models for performance, namely – business, service, components, technical, and data. The purpose of the interrelated reference models is to establish common language to have standard terms and definitions; consequently, communication, cooperation, and collaboration across political boundaries will be facilitated. FEA is also composed of segments that are considered subsets for the overall enterprise (ie. a government agency is considered a segment under the enterprise that is the federal government). By using the FEA framework, architectures are created for each segment, which should contribute to the realizing the vision for the overall enterprise.

The last of the frameworks I am going to discuss is that of Gartner. Unlike the last three where it is more focused on either categorization or methodology or both, this framework focuses on practice and strategy. Gartner believes that enterprise architectures must start with a vision of where the organization is headed and not where it currently is. Consequently, it is imperative that the constituents – business owners, information specialists, and technology implementers – understand and share that same vision. Once everybody is on board, they can now begin to discuss the implications of their vision on the business, technical, information, and solutions architecture of the enterprise. Gartner, however, does not propose a methodology or step-by-step process with which to achieve this vision.

With all that being said, I feel that the framework that best applies to the health, at least for the public sector, is the FEA. Especially if we’re considering the Philippine Health Information Exchange (PHIE) which I talked about in this blog post, I feel like the FEA framework would work best. I see the FEA as a more complete and comprehensive framework, one that incorporates the advantages of both Zachman and TOGAF. In our setting, the PHIE would correspond to the overall enterprise, under the direction of the DOH. Under PHIE will be the various programs such as iHOMIS, CHITS, RxBox, etc. under the different government agencies that would serve as the segments. The FEA reference models would also serve as the basis for standards and interoperability, which was also emphasized as one of the keys factors for success of the PHIE.

Lastly, to answer the driving question, I think that the best way to ensure that all players in a multistakeholder, multicomponent HIS are doing their parts is to first make sure that all players know their parts (which is what the Zachman framework specifically offers). Each stakeholder, whether they are the businessmen, the governance board or management team, the developers, and so forth, must know their roles and responsibilities in the enterprise. There should be no ambiguity about it, and it would be best if said roles and responsibilities are in black in white so that even when new leader, users or developers arrive, they would know what exactly is expected of them. Another important thing to ensure is that the different stakeholders are not only aware of the vision of the HIS, but also understand and agree with it (as in Gartner’s framework, which would then more likely lead to their commitment to the HIS). Third, the development process should also be dynamic and flexible (recall TOGAF’s  architecture development method) and have several iterations so that there is continuous engagement of the different stakeholders involved. Finally, a framework for measuring HIS (as an enterprise) success should also be in place. The FEA framework has a Federal Enterprise Architecture Program EA Assessment Framework, which is used to rate the different agencies or segments in three main categories – completion (maturity level of the architecture), use (how effectively the segment uses the architecture to drive decision-making), and results (benefits being realized by using the EA framework). The ratings would be a good way to assess and monitor how a segment is doing and in a way also assess if stakeholders are doing their parts right (although stakeholders may do things right and still not be successful), and also provide a means to objectively give feedback to a segment regarding their performance and how that particular segment is doing in terms of achieving the overall vision of the HIS.

That is it for week 7 of HI 201. To be honest, this has been the most challenging assignment so far. Enterprise architecture feels so Greek to me. I hope that I was able to at least shed a little light on the different frameworks (as I’m still struggling to understand them).

As always, questions, clarifications, comments are very much welcome. Let us discuss so that we could learn together.



Health Information Systems in Developing Countries – How Can We Sustain It?

It’s week 4 of our HI 201 class. Time has been flying! Or maybe it’s the opposite. It feels like it’s been over a month since I wrote a blog, when in fact that was just last week.

Anyway, for this week we were tasked to answer the question…

How can health information systems be sustainable in developing countries?

We were likewise asked to present a mind map, and below is what I came up with:

HI 201 - W4 - Mind Map Ver. 2

Before I answer the question and discuss my mind map, let me first define the following – health information systems and sustainability.

Health information systems, according to Pacific Health Information Network, refer to “any system that captures, stores, manages or transmits information related to the health of individuals or the activities of organizations that work within the health sector.” Meanwhile, sustainability has several definitions, depending on context. Reynolds and Stinson said that the term implies maintaining something that already exists over time. In IT in particular, it implies the ability to identify and manage risks threatening the long-term viability of IT (Korpela, et. al, 1993). But for our purpose, the most fitting definition is the  one presented by the Australian Agency for International Development. They defined sustainability as “the continuation of benefits after major assistance from a donor has been completed.” Notice that the emphasis was on the term benefits and it did not specify that the project or program per se should be sustainable. They argued that sustainability should be an ongoing process, and that it needs review and revision as the circumstances change and lessons are learned from experiences.

So why do HIS fail in the first place? A model that could best answer this is the ITPOSMO dimensions of health information system design-reality gap. The acronym refers to information, technology, process, objectives and values, staffing and skills, management systems and structures, and other resources. This model presents the seven dimensions between design and reality, and the basic premise is that the bigger the gap, the more likely it is for a HIS to fail. This model is applicable to HIS in all countries.

However, things are more complex in developing countries. In terms of stakeholders (see orange boxes above), usually two out of the three are international players. The donors who provide funding are commonly international organizations, such as the World Health Organization, or are first-world countries. Developers of the HI system may be brought in as well from other countries. Because of this, they are likely not familiar with the many aspects of the developing country (referred to as user organization; may refer to either private or public organizations, whether at the local or national level) they are trying to help.

Kimaro and Nhampossa (2007), in their paper The Challenges of Health Sustainability of Health Information Systems in Developing Countries: Comparative Studies of Mozambique and Tanzania, mentioned several examples of why HIS failed (refer to green items in mind map above). The use of top-down development approach is one, whereby ownership and control of the project rest on the donors and top-level managers. This excludes the end-users who are ultimately going to regularly use the planned project/proposed system. Another is the lack of ownership and responsibility of the user organization, which may happen when the donor prioritizes the needs and requirements of the donor rather than the user organization. Third is the absence of an explicit sustainable strategy. Since donor funding is usually short-term, not having an explicit sustainable strategy can lead to early failure of the HIS when user organizations are unable to continuously fund the project. In relation to this, lack of training for and long-term support for users who are expected to utilize the system can also lead to failure.

In contrast, examples of factors that can lead to success of a HIS are mainly through addressing the gaps between design and reality. For example, the use of iterative approach in the implementation of the system, either through modules or increments, or even though pilot-and-scale-up, help reduce the amount of change that the users must endure at any one time. This is better combined with effective two-way communication among the key actors/stakeholders, in particular the developers and end-users. It can be a learning process whereby the current design and reality are examined and emergent gaps are readily addressed.  It can also help the users better understand the design, and the designers to better understand the reality. Prototyping can also lead to HIS success because it allows for all stakeholders to get an overall sense of the design-reality gap. A final example is having the right people, with a special mention on hybrids. The hybrids are also referred to as bridgers or spanners, and are of central importance because they understand both the world of the developer and the world of the user.

I especially mentioned the hybrids because that, in particular, is what I am hope to be once I have completed my masters in health informatics. I want to be the bridge between the developers and the users, and hopefully positively impact the field of health informatics in the Philippines, particularly in the development of health information systems.

Anyway, so to answer this week’s question, let me briefly run through what I have put in the mind map. I want to focus on the lower half depicting the process which I think is essential to developing a successful HIS.

The first step is initiation. It is at this time that stakeholders are identified. Aside from donors, user organizations and developers, they can also refer to politicians or law-makers, or any key player that could significantly influence the new project or program. The main problem must be identified and afterwards alignment of resources, interest and responsibilities should be aligned. It is important to do this at the onset because conflicting interests will ultimately lead to failure of the HIS.

In the planning phase, I separated bottom-up approach to put more emphasis on it. This is in contrast to the top-down approach that I mentioned earlier, which usually only involved top-level managers. With this bottom-up approach, end-users are involved. I strongly feel that they should be part of the process even in the planning because their current reality and experiences will affect how they understand, accept, and integrate the project. They are key to sustainability long after the donors and developers are gone, and should therefore be involved at the very latest in the planning phase. As for the second part, I incorporated the project management body of knowledge categories mentioned in Satzinger’s System Analysis and Design. They are: 1. scope (functions to be done by system, what will be done by team); 2. time frame (detailed schedule of tasks); 3. cost (initial expenses, cost/benefit analysis); 4.  quality (quality plan and control activities for each phase of the project); 5. human resource (recruiting and hiring of project members); 6. communications (establishing team communications); 7. risk (reviewing risks for failure and developing plan for mitigation); 8. procurement (developing request for proposals, writing contracts); and 9. integration. They hybrids (aka. me in the future) are highlighted under human resource because they will be an important asset in the success of the HIS. I also put the design-reality gap model as a means for assessing the risk and feasibility of the proposed project. Finally, I added planning sustainability analysis and strategy because I have the impression that planning for integration is more focused on how the project will be initially rolled out and not how it will be maintained.

In design and development, several things must be considered. For example, is there a current HIS? What is the current HIS offering? Will the proposed HIS be similar, different, or complementary? What do the top-level managers think of the proposed project? What about the end-users? Are they amenable to it? How important will this system be to the users? Can the users sustain the proposed system once it is turned over to them? As development of health information systems usually require a lot of resources in terms of money, time and manpower, we do not want to create a system that will be inefficient, complicated, or deemed as something that yes, has benefits, but are not worth it.

For the execution and control phase, the system may be better implemented in steps. It can be rolled out in one module at the a time or in increments, or pilot-tested in one department or location and then scaled up. As mentioned earlier, this will decrease the amount of change users have to endure at any one point in time. By implementing it this way, every step of the process can be readily evaluated for gaps and the gaps can be addressed early on. In addition, this will better help with institutionalization, since it will be easier for the system to be absorbed and integrated within organizational structures and routine activities. Moreover, those types of delivery, compared to the “big bang” approach (or implementing it all at once), will also facilitate the better belief in, acceptance of, and understanding of the system for the users. While the project is being executed, building local capacity should be done as well. In preparation for the transition or closing, the people who will ultimately manage and use the system, whether they are managers or end-users or IT staff who will do technical support, should be trained to handle the system once they are on their own.

Finally, the closing is when the program is turned over to the user organization. Typically this is when donor funding ceases and the developers end their contract as well. However, it might be better if some form of technical support will still be provided for the users while they continue to navigate the new system, especially if local capacity building was insufficient.

Personally, I truly believe that involvement of the end-users (or at least a core group of them) is one of the keys to having a successful HIS. That and the continued training and knowledge-sharing will help sustain any HIS. I am currently using an EMR software that was developed way before I entered into the company I am working at. I couldn’t have been part of the planning process, but as an end-user now, I can see the many gaps that need to be addressed. Our system is neither a success nor a failure at this point because it hasn’t been fully rolled out to all the international clinics/offices. But interacting with other end-users like myself, I can see why some of them are disappointed and some of them find it difficult to work with the current system. I feel that even though the medical staff see the value of the system, it is very complicated and not user-friendly. It also does not address some important healthcare needs (like generating reports for government-compliance purposes), so users like myself are burdened with using the program along with continuing the old system (aka. paper charts, manually generated reports). It was actually one of the reasons that sparked my interest in Health Informatics, since I wanted to know what else could be done to improve the system.

That concludes my post for this week! It was a lengthy one (I apologize if I’m too rambly), which will most likely be the way the rest of my succeeding posts will be.

I have no question for this week, but I’d love to hear your thoughts on whatever was written above. Leave a comment down below and let’s discuss and learn together.