| American Standard Code for Information Interchange | ASCII | ISO standard, every character is an 8-bit binary |
| Unicode | Each character is 16-bits (most of world's language) | |
| Hexadecimal | HEX | compact way of relaying binary information (8-bit binary ASCII -> 2-digit HEX) |
| Bit | single binary digit, also convenient for logical and algebraic information | |
| Byte | 8 bits | |
| Digital Logic Gate (transistors) | Digital circuits can mimic Boolean algebra | |
| Boolean operators | AND, OR, NOT, XOR (exclusive OR: true if either A or B is true, but not both), NAND (NOT AND: true unless both A and B are true), NOR (NOT OR: returns true only when both A and B are FALSE) | |
| Half adder | simple digital circuit, most basic boolean algebra example using logic gates: A XOR B -> S (20) A AND B -> C(21). So CS is sum. | |
| Transistors | fundamental building block for electronics (replaced vacuum tubes); silicon semiconductor that makes a switch with no moving parts that can be controlled with a small current. By combining them, resistors, diodes, capacitors, you can build logic gates. Usually prepackaged on integrated circuits (ICs) eg smartphone 100M, PC 1B, each is 22 nm wide | |
| Floating-point Operations Per Second | FLOP | gigaFlop (GFLOP) is billion floating point operations per second (costs 69 trillion times less than 50 yrs ago) |
| Machine Code | Unique to the CPU, not intended to be human interpretable | |
| Assembly language | Shortcut mnemonics for machine language routines; still tedious to use, not readable | |
| High level programming languages | English-like phrases; must be compiled before execution (souce code -> object code, usually assembly language or machine code) eg C/C++, Java, VisualBasic. | |
| Fourth-generation languages | Further abstract complex tasks (Mathematica, SPSS, MatLab, other task or domain-specific languages) | |
| CPU Time | Performance (seconds/program) = instructions/program * cycles/instruction * seconds/cycle | |
| Reduced Instruction Set Computer | RISC | Reduces clock cycles per instruction (shorter instructions, but more of them); instructions are fixed in length |
| Complex Instruction Set Computer | CISC | Reduces # of instructions per program (longer instructions, variable length, but less of them) |
| RISC vs CISC | RISC programs are longer and so more RAM needed to store assembly language instructions; compiler has to do more work to convert higher level languages into shorter RISC insturctions; hardware optimization: fewer transistors, performance enhancements like pipelining, hardwiring for maximum speed. These days the difference are blurred. Low-end / mobile systems tend to have RISC processors (ARM) because of better battery life but here are high-end examples (MIPS, SPARC, IBM Power PC); original X86 Pentium processors were CISC but modern X86 processors eg Intel Core i7 have features of both RISC and CISC) |
| Programming paradigms | Distinct styles of programming that influence performance, maintainability, length of code, memory requirements etc. Features of various programming languages determine which paradigm(s) they belong to | |
| Imperative programming | allows side effects; state the order in which operations take place, with constructs that explicity control that order. (lots of GOTOs for example) | |
| Structured programming | Units of work broken down, et for loop, if ... And piece of code (function) can be reused | |
| Procedural programming | Groups code into functions. Structured programming that is not object-oriented | |
| Imperative or procedural languages | eg COBAL, FORTRAN, BASIC, Pascal, C, C++: programs are a list of tasks, subroutines; like a recipe each step is a sequenced instruction; allow programmer to define functions, subroutines and reuse throughout the program. Most imperative programming is structured. | |
| Declarative paradigm | does not state the order in which operations execute; supply a number of operations that are available in the system, along with the conditions under which each is allowed to execute. Implementation of the language's execution model tracks which operations are free to execute and chooses the order | |
| Declarative languages | non-imperative style in which programs describe their desired results without explicity listing commands or steps that must be performed (eg SQL) | |
| Object-Oriented paradigm | A form of structured programming, groups code together with state the code modifies; most object-oriented languages are also imperative languages | |
| Object-oriented program languages | OOP | Java, Objective-C, C++, C#, Ruby, VisualBasic.NET: imperative in style, but added feature to support objects; objects can have independent functions, characteristics, and states; Class is a 'blueprint' for an object: describes the functions and characteristics that all objects in that class share in common; specific member of a class is an instance |
| OOP terminology | Attributes (adjectives), Methods (verbs); Instantiation (creating a new object and set initial parameters for the attibutes and methods); Encapsulation (objects keep their atributes and method private; control access to other parts of the program; either allow or restrict external invocation / modifiaction); Composition (objects can be composed from smaller objects); Inheritance (objects can inherit their structure from parent objects and extend their functionality); Polymorphism (objects can override their parents attributes/methods); Accessors ('getters': methods used to retrieve variable state); Mutators ('setters': methods used to change variable state) | |
| Functional paradigm | does not allow side effects | |
| Logic paradigm | patricular style of execution model coupled to a particular style of syntax and grammar | |
| Interface | group of related methods with empty bodies; form a contract between the class and the outside world | |
| Hash functions | Algorithm that maps data of arbitrary length to data of fixed length, an example of 'binning'; returned value is 'hash value', 'hash code', 'hash sum', 'checksum'; uses in data integrity (check that a file was not tampered with or downloaded incompletely 'MD5 Hash"), check that a keystroke error did not occur (NPI and Luhn algorith where last digit is a checksum); uses in crytography (website stores encrypted or hashed password ideally); uses in indexing (takes text strings and via a hash places them into buckets so no need for full table scan when retrieving) |
| Qualitative data | Nominal (categorical: mutually exclusive, unordered, discrete categories of data; mode is only measure of central tendency) vs Ordinal (categorical data with natural ordering eg Likert scale; can measure median and mode) | |
| Quantitative data | Interval (data where the intervals between values represent the same distance eg year temp; arithmetic mean, median, mode) Ratio (allows for additional comparison because zero means something and is not arbitrarily chosen; eg area, distance, Kelvin; geometric mean, arithmentic mean, median, mode) | |
| Data transformation | Interval -> Ratio (year diagnosed with cancer --> year since diagnosis); Interval --> Interval or Ratio --> Ratio; Interval --> Ordinal ("Binning" smooths effects of minor observation errors) | |
| Data structures | Primtiives (Boolean, Char, Float/Double, Int), Array & Composite structures, Strings, Date, Time | |
| Control structures | way for programs to control flow of data, assignment of variables, etc: Primitive (line labels, GOTO statements, subroutines), Choice (If - Then - Else; Case statments), Loop (count controlled loop with iterator, ie FOR - NEXT; condition-controlled loop, ie WHILE; Collection-controlled loops (FOR EACH IN...) |
| Software Development Life Cycle | SDLC | Planning (gather/analyze requirements, determine scope and priority of work); Designing & Implementing (actual development process); Testing (verification/validation); Documentation (critical for future enhancements, debugging, maintainability); Deployment (install, customize, train, evaluate); Maintenance (process to collect new defects or enhancements, support user in ongoing fashion) |
| Verification vs validation | Verification: are you building the software right, does it meet design specifications? Validation: are you building the right software? Does it meet needs of user? Verification find bugs in the software; validation finds problems in design or requirements gathering | |
| Waterfall | Traiditional method: move to next phase only when prior phase is done; option to revisit decision, but usually go through a formal change control process; highly structured, relatively inflexible; defects are found sooner when they're less costly; late-breaking requirements can be expensive or prohibitive; good for small project where requirements are complete and unlikely to change | |
| Iterative | antithesis of Waterfall; minimal planning; develop in short cycles of planning/development/testing; good fo shifting user needs and changing enviroments; end up focusing on immediate rather than long-term goals | |
| Spiral | combines Waterfall and Iterative methodlogies. 'risk driven software development; highest risk is tackled early on when change is less expensive; eg risk = poorly understood requirements; development broken into smaller efforts (analysis, evaluation, development, planning) | |
| Agile | a variety of rapid cycling sofware development in which development, testing, and requirements gathering are closely fused; similar to Spiral but with more flexibility and less preplanning of cycles. Flexible methodology focused on iterative small steps ('sprints'); extreme program (XP) and Scrum are two variations; feedback provides regular testing and release of software; good for larger projects where requirements are loosely defined | |
| Scrum | an agile methodology: need owner, development team, scrum master (enforcer of rules and remover of impediments), sprint (basic unit of development, predefined in duration and scope (typically <30d), chosen from list of backlog); daily scrum (what happened yesterday? what will happen today? obstacles?) Extremely flexible; assumes clients will change requirements and is equipped to adapt to unpredicted challenges |
| System integration | process of linking subsystems; requires a combination of software, hardware, and interface skills. Facilitated by strong understanding of standards and organizational structure | |
| Vertical Integration | integrating subsystems according to functionality; group systems by function into silos; integrate wihin a silo but not necessarily between | |
| Star Integration | unique connection to each system that requires it; high overhead for complex systems | |
| Common Data Format | application-indepenent data format to convert application specific data into common formats and vv | |
| Enterprise Service Bus | ESB | software architecture model used for designing and implementing communication between interacting software apps in a SOA; a variant of the client-server model and promotes agility/flexibility. HL7 standards beneficial |
| Horizontal Integration | via ESB : one connection per system to ESB; ESB handles downstream connections; replacing a single system is much easier | |
| THERAC-25 | radiation therapy (1980s); 6 accidents/3 deaths due to overdoses. Failure to detect 'race condition' in software (when specific segment of software receives 2 simultaneous and conflicting instructions = failure to test adequately); poor design of error messages; personnel didn't believe patients complaints |
| Quality | reliability (ability to function under stated conditions for a specified period of time), efficiency (high performance), security (low potential for breaches), mantainability (transferable, portable to other developers; clean code), size (lines of code or value delivered), identifying critical errors | |
| Static testing | reviewing code itself | |
| Dynamic testing | apply test cases to code | |
| Test case development approaches | White Box (tests inner workings of a program with full access/awareness of the internal state of the program, eg code coverage: programmer develop a set of test conditions for all scenarios, all variables, all possible inputs with awarenss of the internal design of the system); Black Box (test functionality from end-user standpoint eg specification testing: which may be insufficient to capture all defects) | |
| Levels of testing | Unit testing (an individual function of the software, white box, code coverage, developer driven, can be semi-automated); Integration testing (white box, Interfaces/APIs, developer-driven); System testing (black box, test against documented requirements (verification)); Acceptance testing (black box, request for user sign-off ie validation, eg beta testing) | |
| Regression testing | Regression is a new defect revealed with the addition of a new functionality; regression testing: add new functionality, go back and repeat all prior tests (unit tests) and retest all previously reported and fixed defects |
| Information systems design and analysis (eg logical schema, normalization/denormalization, process modeling) | abstraction, refinement, modularity, archictecture, control hierarchy, partitioning, data structure, software procedure, information hiding, compatiiblity, extensibility, fault-tolerance, reusability, robustness, performance, portability, scalability |
| Architecture | methodologic development of models, specs, and guidelines of IT systems; focuses on the system as a whole; requires governance, innovation, IT strategy, technology standards, defined data and information flows | |
| Systems architecture | conceptual model that defines the structure, behavior and views of a system. Has three design types: Conceptual (high-level, how components and pieces fit together); Logical (conceptual + all major components and relationships and data flows); Physical. | |
| Multi-tier architecture | data-management, application processing, presentation processes are logically separated into different tiers, eg MVC | |
| Unified Modeling Lanaguage | UML | standard toolset for describing aspects of databases, software, and business processes. Includes graphic notation techniques to help visualize models for object-oriented software-intensive systems |
| UML diagrams | Class (describe object-oriented classes, attributes, methods, inheritance); Activity (show process flowchart, stepwise description of decisions, consequences); Use Case (show actors, goals dependencies); Entity-relationship (ER, describe objects and their relationships; can be used to define RDBMS logical schema) | |
| Service-Oriented Architecture | SOA | paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains; provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations. Has a service consumer, a service provider, and a service directory. |
| Universal Description, Discovery and Integration | UDDI | XML-based standard for describing, publishing, and finding web services; defines specifications for a web service registry |
| Web Services Description Language | WSDL | describes a web service's functionality using an XML interface-based language |
| Simple Object Access Langugage | SOAP | lightweight protocol for the exchange of information in a decentralized, distributed environment. Defines envelope, encoding rules, communication styles |
| Distributed systems | contain components on networked computers that coordinate and communicate; harness the power of many computers working together to solve complicated problems requiring computing power | |
| Centralized systems | terminals attached to a central computer where computing is done; program through which users acess centralized resources is a thin client; vs thick client (eg MS word) programs provide functionality independent of a central server | |
| Relational systems | built using data and information on the relationships between data, eg RDBMS | |
| Object-oriented systems | built with objects, classes, etc; determines how to break elements of software into discrete pieces and how these pieces integrate with each other | |
| Data warehouses | store DBs (via ETL) into a format that is optimal for reporting / analysis / queries (eg Epic EHR runs on Intersystems Cach_ Object DB for transactional processing); has a nightly process to push data into an RDBMS | |
| Extract/Transform/Load | ETL | Staging layer (stores raw data extracted from data source); integration layer (transforms staging layer and stores it in an operational data store DB); data warehouse DB (where data is loaded and arranged into hierarchical groups) |
| Data Mart | access layer of the data warehouse ie how users can pull data (ETL) from a data warehouse; smaller collection of related tables and data derived from the warehouse for a specific purpose, usually for analysis, report generation, spreadsheet, performance dashboards etc. |
| Features of network protocols | handshake'; acknowledgement; payload; multiple protocols exist for multiple purposes; distinguish the network protocol from the data or encoding standard | |
| Open Systems Interconnection | OSI | ISO effort (1977) to standardize computer networking |
| Four-layer TCP/IP Model | Link, Internetwork, Transport, Application. An implementation model: provides guidance for those who build TCP/IP compatible network hardware or software. | |
| OSI Seven Layer Model | Abstract model that can be used to understand a wide range of network architectures. 1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application | |
| Physical Layer (1) | Transmission of bits via copper wire, coaxial, fiberoptic, cables, wireless; transport of data across a single link. Defines the shapes of the connectors and types of media which can be used, how to encode bits | |
| Data Link Layer (2) | Transmission of frames within network via Ethernet or PPP; LLC. How systems using a physical link cooperate with one another. Framing (datagram encapsulated in link layer frame (data field and header fields); Link access (MAC protocol coordinates frame transmission of many nodes); Reliable delivery (guarantees to move each datagram across the link without error, eg wireless (prone to error), wired may not be reliable for low bit-error links); Error detection (error-detection bits sent, error check by receiver - can correct). Implemented at the host's network interface card | |
| Media Access Control address | MAC | link layer address, aka physical address (6 bytes long (pairs of hexadecimal numbers)) for each host and router network adapter; Does not change |
| Logical Link Control | LLC | upper data link layer protocol that acts as interface between MAC sublayer and the network layer |
| Point-to-Point Protocol | PPP | establishes direct connection between two nodes; provides connection authentication, link encryption and compression |
| Address Resolution Protocol | ARP | maps IP addresses into MAC addresses |
| Network Layer (3) | Transmission between hosts on different networks of packets via IP, DNS server, through routers; deals with global assignment of routable addresses; governs how routers forward packets across multiple hops to get from source to destination. Does not attempt to be error free as lost data will be detected and retransmitted at the transport layer | |
| Internet Protocol | IP | IPv4 (32-bit), IPv6 (128-bit written in hexadecimal) |
| Domain Name System | DNS | matches IP addresses to domain names |
| Dynamic Host Control Protocol | DHCP | Network layer protocol used to assign IP address to hosts eg when you connect to a wireless hotspot |
| Network Address Translation | NAT | method of remapping one IP address space into another by modifying network address information in IP datagram |
| Internet Control Message Protocol | ICMP | used by network devices like routers to send error messages indicating, eg that a requested services is not available or that a host or router could not be reached |
| Transport Layer (4) | Transmission of data between end users and ensures successful transfer via TCP, UDP; manages packet loss and retransmission as well as flow control and window size | |
| Transmission Control Protocol | TCP | reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a LAN, intranet or the Internet |
| User Datagram Protocol | UDP | does not require acknowledgement (eg video streaming); allows apps to send datagrams to other IP hosts without prior communication |
| Session Layer (5) | handles establishing connections between applications; deals with ports so that connecting client application can find the correct server application on a particular system; eg Web Conference | |
| Lightweight Directory Access Protocol | LDAP | session layer protocol, for authenticating users against X.500 directories; Commonly used to provide a 'single sign-on' where one password for a user is shared between many services |
| Presentation Layer (6) | how data is represented and encoded for transmission across the network eg character encoding in ASCII and data encryption/decryption | |
| Secure Sockets Layer | SSL | provides security over the Internet using cryptography. Session and presentation layer in OSI model; between Transport and Application in TCP/IP model |
| Application Layer (7) | client and server applications; data transmission of messages vis HTTP, SMTP, FTP | |
| Hypertext Transfer Protocol | HTTP | foundation for communication of the Internet |
| Post Office Protocol & Internet Message Access Protocol | POP3/IMAP | standards for email retrieval |
| Simple Mail Transfer Protocol | SMTP | standard for email transmission |
| File Transfer Protocol | FTP |
| Object-Relational Mapping | ORM | Object-oriented class <--> DB relation; Instance <--> Tuple (row); Attribute <--> Attribute (column); Method (accessors, mutators) <--> CRUD functions |
| Hierarchical DB | optimized for rapid transaction of hierarchical data; makes it easy to know 'every attribute about one thing' (vs relational: every thing about one attribute); computationally easy to traverse the tree: can only traverse tree from parent node; child nodes can only have 1 parent | |
| States of data | Data at rest, Data in motion, Data in use | |
| Database | DB | Any collection of related data |
| Database Management System | DBMS | Allows users to interact with DB and maintaing structure, integrity: define data types, structures, constraints; construct data tables, store data in tables on a storage medium ; manipulate data (CRUD); share data via permissions, user access control; controls concurrency; protect against inappropriate access, hardware/software failure; maintain & optimize data structures |
| Create, Retrieve, Update, Delete | CRUD | |
| Atomicity, Consistency, Isolation, Durability | ACID | defines reliable transactions: atomicity (transaction is indivisible; either happens or it doesn't), consistency (transaction meets all constraint rules ie data must be valid), isolation (must be able to sequence simultaneous transactions), durability (system must be tolerant to failure in memory, power fails ie committed transactions will not be lost) |
| Data definition language | DDL | Creates and describes structure/constraints; contains metadata (data about the data) |
| Data dictionary | not just FK/PK, constraints, but also definitions of each field and its intended use | |
| Schema | description of the relation, its attributes, and the data types associated with the relation; a specific table that uses that schema is an instance of that schema; adding new relations as easy as adding a table, add an attribute by adding a column | |
| Relational DBMS | RDBMS | Defines association within and between relations (tables, singular names); Each attribute (column) corresponds to a domain in the relation; each tuple (row) describes an ordered list of elements; data elements (cells) have data type that is consistent across that attribute; attributes can have constraints (eg non NULL, auto-incrementing, cascading delete, primary key, foreign key) beyond the type constraint; MySQL, Oracle, SQL Server, PostregreSQL |
| Nonrelational DBMS | NoSQL | eg MongoDB, Cassandra, CouchDB, Redis, Druid |
| Flat file DB | eg Excel, SQLite; may require redundant data, cant represent 1-to-many relationships; limited ability to enforce data integrity, incomplete data represented as blank cells | |
| Object-Oriented DBMS | OODBMS | data are represented as objects; support for more data types (graphics, photo, video, websites); usually integrated into the programming language so accessing data doesnt require complex driver configuration; increased use recently with development of web applications, most web app frameworks support interaction with OODBMS; eg Intersystems Cach_ the OODBMS behind the Epic EHR |
| Object-Relational DBMS | Hybrid between RDBMS and OODBMS | |
| MGH Utility Multi-Programming System | MUMPS | imperative programming language also comprises most commonly used hierarchical DB; 1969; flexible interface (eg lab systems, notes, variable output format); variable length text-handling; hierarchical design to support complexity of clinical data and update/retrieval methods; multi-user access capability (fault-tolerant: ACID transactions); large storage capacity, low CPU usage, high-level programming language to make interface design less time-consuming more efficient. Renamed "M" in 1993 and recognised by ANSI in 1995; derivatives like Intersystems Cach_ are among most widely used (Epic); design anticipated NoSQL and schema-less DB movement. Global variables are designated by_ or ^ |
| Structured Query Language | SQL | family of related languages with different dialects specific to RDBMS (eg MS-SQL, Oracle SQL, MySQL); English-like with key words that allow for all functions common to DBMS; ANSI and ISO standard. |
| Primary Key | PK | table column (or cominbation of columns) designated to uniquely identify all table records; must contain a unique value for each row of data; cannot contain null values |
| Foreign Key | FK | a field (or collection of fields) in one table that uniquely identifies a row of another table, ie it refers to the primary key in another table |
| Superkey | combination of columns that uniquely identifies any row with a table | |
| Candidate Key | a column or set of columns in a table that can uniquely identify an record , eg the PK. The superkey reduced to the minimum number of columns required to uniquely identify each row | |
| Non-Prime Attribute | An attribute that does not occur in any candidate key | |
| Normalization | techniques to reduce redundancy and dependency between tables; goals are: to free the collection of relations from undesirable insertion, update, and deletion dependencies; reduce the need for restructuring the collection of relations as new types of data are indtroduced, thus increasing the lifespan of apps; make the relational model more informative to users; make the collection of relations neutral to the query statistics where these statistics are liable to change as time goes by. A database is normalized if it is in 3NF | |
| First Normal Form | 1NF | Each cell contains a single value; each row is unique |
| Second Normal Form | 2NF | table meet all criteria for 1NF and every non-key attribute is dependent on the primary key |
| Third Normal Form | 3NF | 1NF+2NF and no non-key column determines another non-key column |
| Boyce-Codd Normal Form | BCNF | Higher from of normalization |
| Denormalization | Requires PK/FK join logic, to generate a report; a high performance RDBMS denormalized schema may be preferable to allow single-table lookup functions with an index (increased performance). To aggregate data into meaningful groups; This is why you have reporting tools, analytics, data marts | |
| Database controls | Access (limit who can access and control DB), Integrity (maintain accuracy of data and ensure proper use), Security (encrypt and protect in case of breach), Audit (unique timestamp on every transaction), Physical (physical copies or virtual backups) |
| Networks | series of nodes connected by communication paths (links) |
| Topologies | Patterns of links between elements of a computer network; logical (how data flows) and physical (how components are arranged) topologies; determines fault tolerance, redundancy, and scalability; either centralized (eg star, tree) or decentralized (mesh) | |
| Point-to-Point topology | simplest topology, link between two endpoints (eg phone call) | |
| Bus topology | nodes connected in linear sequence of buses; information goes down backbone until it finds its destination. Network shut down if line severed so best for small networks | |
| Ring toplogy | transmits data around a ring utnil it reaches destination; every node acts as a repeater; every node is a critical link | |
| Star topology | centralized topology where each node is connected to central hub, ie every node acts as a repeater and every node is a critical link; easy to add new device, simple. | |
| Tree toplogy | centralized topology uses a hierarchical structure to connect nodes using point-to-point links; easily scalable | |
| Mesh toplogy | each node relays data and cooperates in distributing data in the network. Usually in wireless networks (physical connections impractical); value = n(n-1)/2 | |
| Metcalfe's Law | The value of a network is proportional to the square of the number of connected users of the system. |
| Telecommunications | networks contain: transmitter, transition medium, receiver, analog or digital network, channels, switches, repeaters, modulators | |
| Personal Area Network | PAN | located on your person, usually connect through Bluetooth |
| IEEE 802.15 | Wireless PAN and derviatives (Bluetooth, Infrared data association (IrDA) | |
| Local Area Network | LAN | interconnected computer networks that are distinct, generally small, cost-effective, and efficient |
| Widel Area Network | WAN | interconnected computer networks that are generally large |
| Medium-range wireless local area network | WLAN | |
| 802.11b | Max 11Mbps, interferes with other 2.4Ghz devices like microwaves, Bluetooth, cordless phones. Popularized WiFi | |
| 802.11g | Max 54 Mbps, same band as 802.11b, same interference concern | |
| 802.11n | uses both 2.4Ghz and 5 Ghz spectrum for max speeds of 54 Mbps/600 Mbps. Speed enhanced by MIMO. | |
| 802.11ac | gigabit wifi - 1 Gpbs | |
| Multiple Input, Multiple Output | MIMO | to parallelize the transmission of data |
| Radiofrequency Identification | RFID | One way; uses radio waves to broadcast data from an electronic tag mounted on an object to a scanner/reader; some can be read from several meters away and beyond the line of sight of the reader; bulk reading is possible; US passports and many other items now have RFIDs. Passive RFID: does not use battery. Active RFID: has on-board battery always broadcasts its signal. Battery-assisted passive (BAP) RFID small battery on board activated when in the presence of a RFID reader will retain signal for about 10s after it gets pinged |
| Near-Field Communication | NFC | Two way; eg Apple Pay |
| Long-range wireless standards | WiMax, CDMA, 3G, 4G, LTE | |
| Wireless applications | IP Telephony ('vocera'), SMS text messaging, RFID/NFC tagging of medical devices, patients |
| Security | Threat assessment, asset list, policy, education, technical measures | |
| Security Layers | Physical (intrusion, fire, power, seismic protection); Network (Firewalls, WEP); Social (phishing, malware, spoofing); Software (design, updates, authentication); Data (backup, restore, redundancy) | |
| Administrative controls | Polices and procedures designed to clearly show how the entity will comply with the act, eg Acceptable internet use policy, Password mgmt policy, Use & protection of SSN in clinical research data, BAA, Privacy procedures plan, Internal audits | |
| Physical controls | Physical measures, policies, procedures to protect a CE's electronic information systems from natural and environmental hazzards as well as unauthorized intrusion. Badge based entry, Cameras, Dual lock systems | |
| Technical controls | Firewalls, Encryption, IDPS, NAC, VPN, DLP, Authentication, Authorization, Audit logs, Patching, Up-to-date rules in antivirus | |
| Authentication | any process of verifying the identiy of an entity that is the source of a request or response for information in a computing environment. Can be something you have (eg key, card), something you know (eg password, PIN), something related to who you are (eg fingerprint, voiceprint), something indicating where you are located | |
| Authorization | What you can do (vs authentication: who you are) | |
| Intrusion detection and prevention systems | IDPS | a network level security technical control |
| Network access control | NAC | a network level security technical control |
| Data leakage protection | DLP | a network level security technical control |
| Hacks | Eavesdropping/sniffing/snooping (intercepts communication between two points); Data modification; Identity / IP address spoofing; Password-based attacks; Denial of Service (DoS) / Distributed Denial of Service (DDoS) flood site with traffic so valid users cannot access); Man-in-the-middle attack (middleman captures data between two communicators, can reroute and change); Sniffer attack (software installed to read network packets and data exchanges) |
| The HIPAA Security Rule and other government regulations | CEs must ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit (does not apply to paper/oral PHI); identify and protect against reasonably anticipated threats to the security or integrity of the information; protect against reasonably anticipated impermissable uses or disclosures; ensure compliance by the workforce | |
| Confidentiality | ePHI is not available or disclosed to unauthorized persons; should only be used by authorized persons | |
| Integrity | ePHI is not altered or destroyed in an unauthorized manner; should not be changed inappropriately | |
| Availability | ePHI is accessible and usable on demand by an authorized person; should be available when it is needed | |
| Breach | unauthorized acquisition, access, use or disclosure of unsecured PHI which compromises the privacy, security, or integrity of the PHI | |
| Breach Notification | Notification of individuals within 60d. If > 500 records, must notify public media, HHS; provide secretary HHS with an annual report of breaches; enforced by OCR. | |
| Security Risk Assessment | Added by ARRA: conduct or review a security risk analysis and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Methods: self-assessment of asset owners, assessed by internal group or external group (eg ethical hackers, auditors); Measurement (qualitative or quantitative); Management (risk acceptance, risk mitigation, risk transference); 45 CFR 164.308 (a)(1) |
| Firewalls | A set of hardware components (router, hosts, and combinations) and networks with appropriate software to restrict network traffic to conform to the security policy of the site |
| Virtual private networks | VPN | virtual network built on existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between networks; can facilitate the secure transfer of sensitive data across public networks |
| Encryption | A method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm. If info is encrypted there is low probability that anyone other than the receiving party who has the key would be able to decrypt the text | |
| Data Encryption Standard | DES | original, can be hacked |
| Triple DES | 3DES | being slowly phased out |
| Rivest, Shamir, Adleman | RSA | public and private keys; asymmetric: the standard for data sent over the internet |
| Advanced Encryption Standard | AES | encryption method used by US government |
| Secure Hash Algorithm | SHA | encryption method |
| Message-Digest Algorithm | MD5 | encryption method |
| Hash Message Authenication Code | HMAC | encryption method |
| Internet Protocol Security | IPSec | protocol suite for secure IP (authenticates and encrypts each IP packet) |
| Wired Equivalent Privacy | WEP | encryption method |
| Wi-Fi Protected Access | WPA | encryption method |
| Public Key Encryption | information encrypted with a public key (widely distributed) can be decrypted by a second private key (avoids needing to send key to sender) | |
| Private (symmetric) Key Encryption | Same key used to encrypt and decrypt message | |
| Kerberos | network security system based on secret key cryptography | |
| Secure Shell | SSH | is encrypted (vs Telnet) |
| Data | basis of historical record, support communication among providers, anticipate future health problems, record standard preventive measures, coding and billing, provide a legal record, support clinical research | |
| Aspects of data | circumstances of observation, uncertainty, time, imprecision (normal variance) vs inaccuracy (bias) | |
| Coding of clinical data | historically by a Clinical Coding Specialist (CCS); major purpose is reimbursement. Tradeoffs: stadardization of language vs freedom of expression; time to narrate vs code. Other difficulties: creating and maintaining coding systems; structuring coding systems to capture meaning | |
| Data entry | free-form (writing/dictation/typing); structured (menu-driven); speech recognition/scribes | |
| Structured / menu-driven data entry | via mouse, pen, typing. Benefits: data codified for easier retrieval and analysis; reduces ambiguity if language used consistent. Drawbacks: more time-consuming; requires exhaustive vocabulary; requires dedication to use by clinicians | |
| Speech recognition | narration most commonly; many established systems are on the market that operate on front end (used by clinician, instant availability) or back end (process dictations, editing transferred from clinician to transcriptionist). Challenges : output lags behind user input; require area with minimum of background noise and where patient privacy protected; enunciation errors from mispronunciation, dictionary errors from missing terms, suffix errors from misrecognition of appropriate tenses of a word, added or deleted words, homonym errors. Recent review: report turnaround faster, human transcription more accurate slightly; macros and templates improve turnaround time, accuracy, and completeness | |
| Data Flow Diagram | DFD | graphical respresentation of the flow of data through an information system, modeling its process aspects |
| Integrity | Data provenance (where does data come from), Data completeness & correctness | |
| Physical Integrity | ensures data can be written to or read from disk | |
| Logical Integrity | ensures transactions are complete and data is correct and rational (sometimes a problem with copy & paste) |
| Mapping | The process of associating concepts or terms from one coding system to concepts or terms in another coding system and defining their equivalence in accordance with a documented rationale and a given purpose | |
| Source data model | original data model from which you're mapping | |
| Target data model | data model you're trying to find the relationships and equvalence in | |
| Forward mapping | maps an older data model to a newer data mdoel | |
| Reverse or backward mapping | maps newer data model to an older data model | |
| Equivalence | degree to which data models map to one another |
| Data Manipulation Language | DML | SELECT, INSERT INTO, UPDATE, FROM, WHERE, GROUP BY, HAVING |
| Data Description Language | DDL | CREATE, DROP, DELETE/TRUNCATE, ALTER, RENAME |
| Data Control Language | DCL | GRANT, REVOKE |
| SQL joins | Inner (only includes rows that match both tables) vs Left Outer (inclues all rows in the left table, displays blanks from right) vs Right Outer (includes all rows in the right table, displays blanks from left) vs Full Outer (includes all rows in both tables, blanks in both) vs Cartesian (rare, gives you cross product of both tables, usually a mistake) | |
| Nested subquery | mimic an inner join; substitute results of a subquery for 'where [column] in' clause in place of a list | |
| Data reporting | formatted results of a query that are useful for making decision and analyzing data |
| Representation and types | Narrative, Numerical Measurements, Coded, Textual, Recorded Signals, Pictures, Metadata |
| Warehousing | Data flows into EHR; some then flows into data warehouses (with admin data) which may then flow to an HIE | |
| Registries | Limited form of EHR; can be separate from EHR or an extract of data from it. Typically oriented to one or a small number of diseases, most often chronic diseases. Usual functions: patient reports, exception reports (outliers, overdue for care), aggregate reports (how is care team delivering care) |
| Data mining and knowledge discovery (Knowledge Discovery in Databases) | KDD | process of discovering patterns (knowledge) in large databases |
| Data mining process | Determine the problem; Select data; Pre-processing/transformation/evaluation (simple stats); Model building; Mining (anomaly detection, associations, clustering, classfication, regression, summarization); Intepretation, Evaluation, Validation; Update models | |
| Data mining algorithms | C4.5 (decision trees); k-means algorithm, Support Vector Machines (SVM); Apriori algorithm; EM algorithm; PageRank; AdaBoost; k-nearest neighbor classifcation (KNN); Naive Bayes; Classification and Regression Trees (CART) | |
| Mining model | stores information derived from data processing such as results from data analysis using mining algorithms; has two properties: algorithm property (which algorithm will be used) and usage property (how each column of data is used by the model) | |
| Accuracy | how well the model correlates an outcome with the attributes in the data that has been provided | |
| Reliability | the way the model performs on different data sets; does it generate the same predictions regardless of the test data? | |
| Usefulness | does the model provide useful information? | |
| Data analytics | the extensive use of data, statistical and quantitative analysis, explanatory and predictive models, and fact-based management to drive decisions and actions | |
| Levels of analytics | Descriptive (what our data shows, eg alerts, query/drill-down, reporting), Predictive (what might happen based on past trends, eg simulation, forecasting, preditive modeling), Prescriptive (using data to optimize systems and achieve the best outcome) | |
| Challenges of analytics | volume of information can be challenging; forecasting always difficult in healthcare; quality and completeness of data, especially in any one organization's clinical systems is incomplete and can lead to biases in data |
| Integration vs interfacing | Integration: merge data from multiple sources into integrated whole; Interfacing: how data must be transformed to allow real or virtual integration | |
| Integration | merging data from multiple sources (IT systems) into integrated whole | |
| Interfacing | creating a shared boundary where systems can exchange information (logically separate) | |
| interchange format | translates each source schema into the target schema using scripts | |
| eXtensible Markup Language | XML | a set of rules for encoding documents in a format that is human and computer readable |
| JavaScript Object Notation | JSON | a lightweight, pouplar web-based data exchange format |
| Resource Description Framework | RDF | a framework for conceptual description or information modeling in web resources |
| Web Ontology Language | OWL | formal semantics; builds on RDF but adds semantics; expressed in triples |
| Gellish | A controlled natural language that uses numeric unique identifiers to general natural expressions; can be used with SQL, RDF, XML |
| Dealing with multiple identifiers | Identifier errors compromise quality of care (correct, duplicate, overlaid); high cost more likely to be associated with missed abnormal test results; adding DOB helps; variable policies for preventing, detecting, removing duplicate records |
| Anonymization of data | 87% of US population uniquely identified by 5-digit zip code, gender, and DOB! Genomic data can aid re-identification in clinical research studies; SSNs can be predicted from public data; dates and results in lab data facilitate re-identification | |
| Mitigating re-identification | Data suppression (certain features of the data are removed); Data generalization (data is abstracted to more generalized data); Data pertubation (values are replaced by different but equally specific values) |
| Human Factors Engineering | HFE | seeks to identify and promote the best fit between people and the world within which they live and work, especially in relation to the technology and physical design features in their work environment |
| Usability | the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use |
| Models, theories, and practices of human computer (machine) interaction (HCI) | Explanatory theories (explain behaviors through models); Predictive theories (allow system designers to predict how users will interact with the system); Generative theories (provide useful guidelines/principles to system designers) | |
| Human Computer Interaction | HCI | The study of people and computers; combines computer science, behavioral science, psychology, design, human factors analysis, and more. Increasing awareness that HCI limitations are responsible for medical errors; cognitive overload, 'alert fatigue' is one of the 'grand challenges' facing CDS |
| HCI / Usability-Related Errors | Wrong Patient (user has 2 charts open, enters orders on the wrong one); Wrong Mode For Action (user tries to enter 100mg but accidentally enters 100 mg/kg); Inaccurate Data Display (lab value is truncated in a report causing user to come to incorrect conclusion); Incomplete Data Display (summary view of vital signs only shows last value per shift, user overlooks the max value within that shift); Non-Standard Measurement, Convention Or Term (weight-based medications calculated using metric units but order entry screen shows weight in English units); Reliance on User Recall (vaccine administration documentation screen requires a lot number; lot number is visible on previous screen but not on this one; users mis-type info or type in nonsense data as a result); Inadequate Feedback (user attempts to order med requiring 0.1cc precision and submits incorrect dose becuase system silently rounds dose to nearest 0.5cc; calculation not transparent to user); Corrupted Data Storage (user enters orders in discharge workflow then clicks 'next' but orders are not submitted because user did not click 'sign before proceeding to next step) | |
| Fitt's Law | Predictive Model. Describes how much time it will take to move a mouse to a target area depending on the distance and size of target : T = a + b log2(1 + D/W) | |
| Hick-Hyman Law / Hick's Law | Predictive Model. Predicts user response to hierarchical menus, response to finding correct option among an unfamiliar list (like a non-QWERTY keyboard); expresses user response time as a function of the number of possible responses. T = b*log2(n+1) | |
| Goals, Operators, Methods, Selectors model | GOMS | Predictive model for observing HCI; breaks down a user's ineraction into four main components. Allows observers to measure interactions with litte effort, cost and time; does not account for user unpreditability; tasks requiring problem solving cannot be predicted by GOMS |
| Keystroke-Level Model | KLM | Predictive Model; a simplified version of GOMS that track time it takes to complete actions. The time to task completion is the sum of the time spent key-stroking, pointing, homing, drawing, mental operator (thinking), system response operator (waiting). Used to anticipate which functions are most amenable to shortcuts and 'hotkeys'; estimates how much time it takes to complete data input using a keyboard and mouse |
| Buxton's Three-State Model of Graphical Input | Descriptive Model. Exhaustive description of the states and transitions involved in using a mouse. Three stages: 1. Out of range 2. Tracking 3. Dragging | |
| Guiard's Model of Bimanual Skill | Descriptive Model. Hands are not used equally. Each hand, because of single hand dominance, has distinct roles. The model describes, eg why left handed users are ill-served by modern 101-key keyboards. 'Acknowledge' buttons on modal dialogues are on the bottom right | |
| Activity Theory | analysis and design for a particular work practice with concern for qualifications, work environment, division of work; analysis and design with focus on actual use and the complexity of multiuser activity; focus on development of expertise and of use in general; active user participation in design, focus on use as part of design | |
| Information processing theory | humans dont respond to stimuli they process and analyze information they receive; ie mind is like computer | |
| Rehabilitation Act of 1974, Section 508 ammendment | requires all electronic and information technology to be accessible to those with disabilities; applies only to public facing federal sites |
| Usability Evaluation | Testing (coaching, thinking-aloud, eye-tracking/click-tracking, performance); Inspection (cognitive walkthrough, heuristic evaluation); Inquiry (field observation, focus groups/interviews, surveys, usage logs) | |
| Usability testing | How usable the software is by testing it on users. Coaching method (user asked to perform a task, allowed to ask any questions); Thinking-aloud (user attemps to complete a task and speaks aloud each step he is doing); A/B Testing; Expert Review; In-Person or 'Hallway' Testing; Remote Testing; Heat-Mapping / Eye/click-Tracking; Performance measurement (5-8 user attempts to complete a specified set of takss; evaluator measures performance statistics eg how long, how often, failure rate, recovery rate) | |
| Mental models | explanations of a person's thought process regarding how something in the real world works; a basic way for us to understand the world around us and develop approaches to problem solving and work. | |
| Cognitive Walkthrough | low-fidelity paper models or wireframe (incomplete mockup); will the users try to achieve the right effect eg will use know to enter weight; will user notice correct action is available; will user associate correct action with the effect to be achieved; if correct action performed will the user see progress is being made |
| Nielsen's Heuristics | View visibility of system status; match between a system and the real world; offer user control and freedom (undo redo exit); maintain consistency and standards; prevent errors (built-in); rely on recognition rather than recall; demonstrate flexibility and efficiency of use; have an aesthetic and minimalist design; help users recognize and recover from errors; offer help and documentation | |
| User-centered Design | UCD | an iterative, multidisciplinary process of product design and evaluation that considers and designs to support people's tasks, skills, abilities, limitations, creativity, needs, and preferences; based on a clear understanding of users and actively involves them or their representatives in the evaluation of products (user testing) and sometimes in their design (participatory design) |
| Value Sensitive Design | VSD | takes into account the values of the end-users of the product, as well as those who are directly or indirectly affected by the product |
| NIST 2012 Recommendations | provide standards for testing and validation of EHR usability: 1. EHR application analysis (who are users, what is their work environment? what do they do? what does the interface look like? what mistakes? what evaluation has been done?) 2. EHR user interface expert review (two-person heuristic review); 3. User Interface Validation Test (performance measurement, post-testing interview) |
| Usability engineering | combines concepts from HCI, usability testing and standards, psychology, human factors, to create, assess, and make recommendations to improve usability | |
| Usability components (Nielsen) | Learnability, Efficiency (speed), Memorability ('get back on the bike'), Errors, Satisfaction | |
| Discount usability engineering (Nielsen) | Method of HCI eval that does not require large number of personnel or budget; minimum of 5 testers perform a modified verison of testing and inspection; modified think-aloud; heuristic evaluation; low-fidelity prototypes to test one process at a time, rapid iterations | |
| Object-Action Interface | OAI | user first selects object then action; vs Action-Object Interface (AOI) the other way |
| Bidrectional Interface | information flows in both directions; can be symmetrical (information exchanged in both directions is the same eg ADT message) or asymmetrical (information flows in both directions, but type of information is different eg orders/results) | |
| Foundational Systems | ADT, MPI, Registration, Materials mgmt, Workforce mgmt | |
| Admission/Discharge/Transfer | ADT | |
| Master Patient Index | MPI | ensures 1 record for every 1 patient |
| Departmental Systems | Laboratory (clinical/anatomic path, blood bank), Radiology (PACS, RIS), Pharmacy (Unit dose, Retail), Cardiology (ECG, echo, cath, PACS), Dietary, Neurology (EMG, NCV), Pulmonary (PFT), GI endoscopy | |
| Laboratory Information System | LIS | One of the largest contributors of objective data into an EHR; larger laboratories are highly automated; all laboratories are highly regulated by federal law; interface with EHR via HL7 messages. |
| Picture Archiving and Communication Systems | PACS | Can accept an association from a fluoroscopic unit with PACS hostname, application entity title, and TCP |
| Radiology Information System | RIS | handles departmental workflow and the lifecyle of an interpretation of an image |
| Financial Systems | Facility Billing, Professional Fee, Financial and Strategic Decision Support | |
| Layers of Infrastructure | Power, HVAC; Network, fixed and wireless; Point-of-care devices; EMR with interfaces; Results review, documentation, CPOE; Care delivery, clinical mission, quality | |
| Heating, Ventilating, and Air Conditioning | HVAC | |
| Data Center | dedicated and protected facility with specific requirements of electricity, humidity, and air conditioning. Usually one per campus per institution; houses hundreds of servers, appliances, and disk storage; placed on racks and physically measured in 'rack units'; physically protected, electrically fed | |
| Data Center Classes | tiers reflect differences in protection against loss of services: Tier I (Basic): single path for power and cooling distribution without redundancy (99.671%); Tier II (Redundancy): single path for power and cooling distribution (99.741%); Tier III (Concurrently maintainable): multiple active power and cooling paths, but only one path active; has redundancy (99.982%); Tier IV (Fault tolerant): multiple active power and cooling distribution paths; has redundancy (99.995%) | |
| Data Center Issues | UPS provide 30 minute of backup power; fully loaded rack may weight 2000 lbs: 100 racks require ensuring proper structural integrity; too many physical servers and other equipment --> virtualization (share hardware resources between processes); Expensive to build, hence often outsourced where space and electricity are cheaper; Redundancy in air conditioning, power, networking; Heat - fully loaded rack may consume 20 kW and require 6 tons of cooling. 100 racks require 2MW electricity and water-cooled air conditioning (chillers) | |
| Uninterruptible Power Supply | UPS | |
| Network Design | network switches distribute network serving a workstation at bedside <-- dual-homed (2 network interfaces) switch-routers <-- redundant backbone core switch-routers <-- WAN or server farm (may be far away). | |
| Data closet | room where cabling ends are connected to switches and other pathways; smaller space, typically on each floor which houses networking equipment and cable ends (needs UPS) | |
| Cable plant | topographical layout of physical cables connecting desktops to the equipment in the closets and cables interconnecting closets and the data center | |
| Institute of Electrical and Electronics Engineers | IEEE | example of an SDO |
| Cabling issues | Closets may not have adequate HVAC; cables are laid, old ones are almost never taken out - a weight issue; fire codes must be followed going floors and buildings; new cables in ICU and OR require utmost caution; cables can be outdated, unable to support higher bandwidth; labor costs of cabling outweighs other hardware and software purchases; security of closets and cables are suspect; closets may be shared | |
| Client Server | desktop client is focused on handling user interaction but server handles data requests | |
| Thin Client | simple user device that runs application software which is connected to powerful server | |
| Application Service Provider model | ASP | Business that provides computer services over the internet |
| Integrated Systems | Patient data exists in the same database used by all clinical applications (eg VistA) eg LIS as an integrated module/component of the EHR (shares tables); internal LIS is one in which LIS and EHR are both owned and managed by the same health care entity | |
| Interfaced Systems | Data are communicated between separate applications, usually by means of an interface using HL7 protocol. | |
| Interface Engines | aka message broker, application-level router; is a middleware application used to transform, route, clone and translate messages. A HL7 interface engine is an interface or integration engine built specifically for the healthcare industry. Can 'play back' messages when unavailable receiving system comes back online. | |
| Point-to-Point Interfaces | number of connections when every node connected: n(n-1)/2 but with interface engine only need n connections (each to the engine) | |
| Unidrectional interfaces | information flows in one direction only: drive workflow (eg specimen labels); faxes and printed jobs; movement of specimens down a line; can be problematic when broken | |
| Laboratory automation | HL7 interfaces, used to communicate information between two databases; real-time for clinical care activities. For billing and datawarehousing, can send nightly | |
| LIS interfaces | 1:M EHRs, 1:M outside LIS (reference lab, outreach lab), 1:M middleware servers (automation line, point of care device, blood typing, autoverification); many lab instruments, billing systems | |
| Automation line | Robotically operated specimen track which moves specimens from point of entry to the instrument that will perform the test: scans specimen label barcode, uses accession # from barcode to query LIS for pending orders, sends the sample to the appropriate instrument for testing | |
| Autoverification | Process whereby computer-based algorithms automatically perform actions on a defined subset of lab results without the need for manual intervention by a medical technologist, laboratorian or pathologist. Results that fall within certain reference ranges may be automatically verified by the middleware; can do 10x as many lab tests with the same number of employees; when it isn't working, volume may quickly outpace staff's ability to keep up | |
| Barcodes | Code used to represent alphanumeric characters, like an accession number or encounter number; can be 'read' by a barcode scanner and deocded into the original data. Advantages: reduces manual typing errors, improves speed of data entry. Strong recommendations supported by guidlines: ensure that the human-readable version of the encoded data is always printed next to the barcode. Linear barcodes are 1D (Code 39, Code 128A, 128B, 128C(double data density - numbers only)), space intensive for the amount of data encoded; damage and misprints can result in substitution errors (data decoded is not what was intended for printing) at an alarmingly high rate (1/88K); no way to know what piece of data was encoded into the barcode (MRN? MPI?). 2D barcodes represented in 2D (stacked 1D eg PDF417; Matrix eg QR code, DataMatrix, Aztec), can encode redudancy and error correction algorithms, data integrity check (128 does too but only 100 possible checksums) | |
| Errors in Barcodes | Unrecognized character error rate (manual: 1/300 keystrokes; 1D barcode 1/90K to 37M; 2D barcode 1/1021) | |
| Application Server | eg Citrix, connects end-user application with EMR | |
| Methods to improve partial interoperability between HIT systems | Interfaces (eg HL7); Communicate results on paper- scan into foreign EMR; Reciprocal access; Embedded applications (take appearance of one application and put them within the EMR of the other organization); Context sharing-CCOW; Build separate application with data from both |
| Types of settings where systems are used | Ambulatory, surgical center, ER, OR, nursing facility, acute care facility, home, inpatient (acute care, psych, rehab, ICU: trauma/surgical, pulmonary, cardiology, neurology, neonatology, remote) | |
| Clinical Laboratory Improvement Amendments of 1988 | CLIA | overhaul of CLIA (1967); generated in reponse to public fury (false neg pap smears); pertains to every laboratory in the US. Requirements for reporting and notification of laboratory results; regulates labs not EHRs which must be certified by CMS and state |
| CLIA regulations | must have adequate manual or electronic system in place to ensure test results and other patient-specific data are accurately and reliably sent from the point of data entry to final report destination in a timely manner. Test report must indicate patient identification, name/address of lab, date, test, specimen source, test result, units of measurement; reference intervals or normal values must be available to authorized person who ordered test. | |
| CLIA maintenance | every two years (or CLIA-deemed agency); college of American Pathologists accredits most labs in the US (more strict). Gen.48500: there is a procedure to verify that patient results are accurately transmitted | |
| Patient Access Rule | Revises CLIA and HIPAA / supercedes all state laws; patient can request copy of lab results directly from lab (has 30d to provide); requirements to comply with request are the same as for health care entities; labs can refer patient to medical records if all results available and HIPAA compliant; no requirement for lab to interpret or to notify ordering provider | |
| Transfusion systems | Regulated by the FDA; considered high risk (Class III) medical device. Guidance on software validation available | |
| Digital Imaging | Pixel (smallest component of an image; print vs digital); Image Size (overall size of image in its final form, width by height; contains no information on image resolution; important to know if need to decide on resolution) | |
| Image resolution | aka pixel density, commonly referenced as DPI. Gross images --> low resolution OK; microscopic images --> high resolution desired. Balance resolution against the final image size desired (small image size : low res; large : hi) | |
| Dots per inch | DPI | number of pixels per inch per screen/print medium; DPI = 96 on average computer screen; printed DPI = 300 variable |
| Image Compression | Reduces the amount of memory that an image occupies by various mathematical algorithms; lossy or lossless | |
| Lossless image compression | memory (file size) reduced but original image data can be recovered, eg PNG, GIF | |
| Portable Network Graphics | PNG | |
| Graphics Interchange Format | GIF | |
| Lossy image compression | some original data in the photo is gone forever; amount of compression is proportional to the amount of loss; well designed --> substantial data reduction without obvious loss to the end-user; eg JPG | |
| Joint Photographic Experts Group | JPEG | |
| Tagged Image File Format | TIFF | can use either type of compression |
| Mutliple-image Network Graphics | MNG | can use either type of compression |
| Electronic health / medical records systems as the foundational tool | EMR | Evolution from department-focused to patient-focused; tab metaphor for data remains common; goal of problem-oriented medical record remains largely elusive; most visible system to clinicans and patients; target of federal incentive programs |
| EMR core functionalities (IOM) | health information and data, results mgmt, order entry/mgmt, CDS, e-communication and connectivity, patient support, administrative processes, reporting & population heatlh mgmt | |
| EMR functionality 1 | Message box (proprietary names vary but functionality similar); Results review (lab, path, imaging, notes); Documentation (direct entry, structured/unstructured, dictation, mixed); Order mgmt; Patient summary displays; MAR/BCMA | |
| Medication Administration Record | MAR | |
| Bar Code Medication Administration | BCMA | |
| EMR functionality 2 | Patient lists, schedule, rounding/handoff tools; patient monitoring review; quality metrics, dashboards; Billing; Patient support; Administrative; E-communication (with team, patients); Population health, external resources, Compliance & Decision Support (permeates all the other functionalities) | |
| HIMSS EMR Adoption Model | commonly used: 8 stages, each has features that add to one below it; different sequences possible | |
| Documentation Using EMRs | Satisfaction = f (time efficiency, availability/accessibility, expressivity, quality) | |
| EMR Issues | Time spent writing notes: 4-14 min; 'electronic notes are harder to understand'; copying and pasting; note loss, notes in wrong chart, notes with wrong title, notes on wrong encounter; billing & compliance | |
| Study on EMRs copying and pasting | 1-6 scale of harm/misleading/risk. 1/10 charts contained an instance of high-risk copying; clear policies, practitioner consciousness-raising and devlopment of effective monitoring procedures are recommended | |
| Documentation Tools | Structured (codes, needs training) vs Unstructured (narrative text, easier to learn) | |
| Order Sets | collection of pre-configured orders; time savings; reduce errors and increase accuracy during order entry; increase completeness of orders; 'built-in' decision support and evidence driven care; reduce variability and enhance compliance with best practices. Protocol is built of orders sets is built of preconfigured orders is built from order dialog. |
| Telemedicine | communication of voice or appearance of patient is important to delivery of care (psych, derm, path, ENT, retinography); teleradiology, telesurgery, remote imaging/monitoring, remote ICU, remote procedures | |
| Synchronous Teleconferencing | Dedicated hardware, broadly available tools (eg Skype, conferencing applications) | |
| Asynchronous Telemedicine | Store & forward; email, other | |
| Telepathology | has a specific meaning compared to all other forms of digital pathology; diagnosis which results in a report is rendered from a digital microscopic image ONLY. Static telepathology : entire image is caputred then transmitted; transmission can be in toto or in pieces (tiling). Dynamic telepathology : live video feed, with or without remote control of scanner. Hybrid telepathology do both | |
| Telepathology regulations | vary from state to state; not the same as for teleradiology; CLIA applies; CAP has additional standards for accredidation; whole slide imaging device are FDA Class III (requires premarket approval) |
| Clinical Data Standards | promote consistent naming of individuals, events, diagnoses, treatments etc; allow better use of data for patient care as well as secondary uses, such as QA, research public health etc; enhance ability to transfer data among applications, allowing better system integration; facilitate interoperability among information systems and users | |
| Standard | A standard document established by consensus and approved by a recognized body that provides for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the optimum degree of order in a given context |
| Standards development approaches (Hammond) | 1. ad hoc (groups come together and agree to use a common but informally developed specification eg DICOM); 2. De facto standards emerge as one earns a critical mass of adopters to make its system the standard (eg .DOC format); 3. Mandated standards by government agencies, eg US certificate of death; 4. Consensus, closed or open (preferred) | |
| Standards development process (Hammond) | identification, conceputalization, discussion, specification, early implementation, conformance, certification | |
| American National Standards Institute | ANSI | private nonprofit organization, developed a formal consensus process with open balloting and public review as well as an accreditation program for SDOs; coordinates US standards with international standards so American products can be used worldwide |
| Health IT Standards Committee | HITSC | charged with making recommendations to ONC on standards, implementation specifications, and certification criteria for electronic exchange and use of health information. Lately : increasing interoperability. 'JASON Group' of scienctists that advises US government - move to more modern API-based approaches; JASON task force developed recommendations: interoperability vision and framework --> Argonaut Project (2014, details of implementation); Standards advisory (2015) deemed ready for use |
| Standards Development Organization | SDO | has overall responsibility and ownership of a standard; employs a multistep process in producing standards to ensure quality, integrity, and input |
| American Society for Testing and Materials | ASTM | SDO responsible for many healthcare standards eg the CCR |
| International Organization for Standardization | ISO | International standard-setting group; ANSI is the US representative |
| European Committee for Standardization | CEN | CEN/TC 251 is health informatics standards body for Europe |
| National Institute of Standards and Technology | NIST | Information standards organization (not an SDO, exists to foster, promulgate and coordinate standards) |
| International Health Terminology Standards Development Organization | IHTSDO | based in Denmark. Maintains SNOMED-CT |
| Clinical and Laboratory Standards Institute | CLSI | Intl SDO for labs, consensus-driven (reflects equal representation from govt, industry, health care pros) |
| National Electrical Manufactuers Association | NEMA | maintains DICOM |
| National Council for Prescription Drug Programs | NCPDP | VD.0, standard for pharmacy claims transactions. |
| NCPDP Medicaid Subrogation Version 3.0 | standardization of the Medicaid pharmacy subrogation transaction process (claim from a Medicaid agency to a payer for the purpose of seeking reimbursement from the responsible health plan for a pharmacy claim the State has paid on behalf of a Medicaid recipient.) | |
| NCPDP Batch Standard Version 1.2 | Similar to D.0 but in a batch enviroment |
| Standards and Interoperability Framework | S&I | standard initiative of ONC |
| Unique Patient Identifier | UPI | yet to come to fruition despite being mandated in original HIPAA; should be unique, nondisclosing, permanent (will never be reused), ubiquitous (everyone had one), canonical (each person has only one), invariable (will not change over time). There are probabilistic matching algorithms to link records. ?Globally unique identifier eg Record@Hospital : combine local MPI plus holding institution identifier - could be unique, permanent, nondisclosing, ubiquitous; once in place develop a 'Reocrd Locator System' to achieve linkage |
| Unique Device Identification | UDI | 2014-2020 FDA mandate? |
| National Provider Identifer | NPI | 10-digit numeric identifier issued by the NPS (of HHS) replaced UPIN in 2007 and is required for medical billing. 10th digit a Luhn algorithm checksum |
| National Provider System | NPS | Issues NPI to all US physicians |
| Universal Physician Identifier Number | UPIN | mandated in HIPAA |
| National Standard Employer Identifier | EIN | |
| Health Plan Identifier | HPID | mandated in ACA |
| Other Entity Identifier | OEID | mandated in ACA |
| Medical Information Bus | MIB | aims to develop standards for control and linkage of information from medical devices; most implementations just transfer data, but there is capability to issue commands eg change settings of an IV pump |
| Transaction standards | standardized electronic exchanges involving data transfer between two parties for specific reasons | |
| Electronic data interchange | EDI | covers transactions involving claims and encounter information, ERA, claim status, eligibility, enrollment and disenrollment, referrals and authorizations, and coordination of benefits and premium payment |
| Electronic Funds Transfer | EFT | under ACA physicians can require payers to use EFT. Medicare requires physicians to use EFT |
| Electronic payment & Remittance Advice | ERA | |
| ASC X12 Version 5010 | mandated in HIPAA to encourage electronic commerce for health claims: eligibility, claim status, EFT, ERA | |
| Context Inspired Component Architecture | CICA |
| Continuity of Care Record | CCR | ASTM patient health summary standard; the most relevant and timely facts about a patient's condition; goal was for use when patient was referred, transferred, or discharged. Not compatible with existing standards so HL7 and vendors created CCD which is richer |
| Health Level Seven International | HL7 | ANSI accredited international SDO with 2,300+ members across 500 corporations representing ~90% of IS vendors. Provides a framework for the exchange, integration, sharing, and retrieval of electronic health data ie major messaging standards. |
| HL7 versions | V2.1 (1987) through V2.8 (2014), syntactic-oriented, loose guidelines can be built in ad hoc fashion, backwards compatible with other V2 versions but not V3, each message type has a set of segments delimited by | consisting of a three character identifier and values. Version 3 (2005), semantic interoperability, stricter more consistent standards, plug-and-play, built upon RIM in XML, not compatible with V2.x, more expensive | |
| Reference Information Model | RIM | Object-oriented model to define healthcare interactions based on five abstract classes : 1. Entity 2. Role 3. Participation 4. Act 5. Act relationship. All clinical, administrative, financial activities of healthcare can be expressed in 'constraints' to model |
| Structured Product Labeling | SPL | HL7 XML document markup standard that specifies the structure and semantics of the content of authorized published information that accompanies any licensed medicine |
| Clinical Document Architecture | CDA | most widely recognized HL7 version 3 component; a standard for specifying the XML-based standard structure and metadata of clinical documents; templated and object-oriented; much healthcare information is in 'documents' required for human reading, but still want computable structure. Templates are reusable, computable components of CDA documents; unstructured documents can be 'wrapped' in a CDA framework. Level 1: specification of document; Level 2: adds document types with allowable structures; Level 3 adds mark-up expressible in RIM |
| CDA usage | CDA defines building blocks which can be used to contain healthcare data elements that can be captured, stored, accessed, displayed and transmitted electronically for use and reuse in many formats; sets of these CDA standardized building blocks can be arranged for whatever needs exist; this approach offers tremendous flexibility; it allows for the creation of a comprehensive variety of clinical documents which share common design patterns and use a single base standard; arranging (or constraining) the CDA elements in defined ways using templates produces clinical documents | |
| CDA Structure | Header; Body>>Section>>Narrative Block; Entry. Every document must have at least a header (sets context) and one section (contains one narrative block (human readability; rendered for viewing) and 0-many coded entries(machine-readability). | |
| Consolidated CDA | C-CDA | document templates for common clinical notes (discharge summary (CCD), diangostic imaging report, consultation note, H&P, op note, progress note, procedure note, unstructured document), which are based on Section templates and Entry templates |
| Continuity of Care Document | CCD | HL7 XML specification for structuring in a static form the many data elements that are needed to record clinical encounters; based on HL7v3 and CDA. The core data set of the most relevant administrative, demographic, and clinical information facts about a patient's healthcare. Required to have : US Realm Header, Allergies, Medications, Problem, Results sections in body |
| Clinical Context Object Workgroup | CCOW | HL7 protocol designed to enable disparate applications to synchronize in real time and at the user-interface level; manages context of caregivers who may need to access different computer applications in process of care; oft-stated goal is 'single sign-on' across applications, network etc. |
| Electronic Health Record - System Functional Mode | EHR-S FM | outlines important features and functions that should be contained in an EHR system |
| Digital Imaging and Communications | DICOM | international medical imaging messaging standard for handling, storing, printing, and transmitting across a specified network communications protocol with a specific file format definition; maintained by NEMA |
| NCPDP SCRIPT | SCRIPT | NCPDP standard for electronic communications between prescriber and pharmacy; MU requires for e-prescribe |
| CEN ISO / IEEE 1073 | standard that dictates how medical, wellness, and healthcare devices communicate with external computer systems: allows fo 'plug-n-play' use of healthcare devices. | |
| EHR-Laboratory Interoperability and Connectivity Standards | ELINCS | goal to standardize laboratory ordering from and reporting to EHRs; relies on HL7v2 and LOINC |
| Blue Button Initiative | Public-private partnership to empower consumers with easy and secure access to their health records from a variety of sources in a format they can use. Began with the VA --> led to ONC launching Blue Button Toolkit to facilitate development | |
| Substitutable Medical Apps, Resuable Technologies | SMART | an ONC SHARP project : create a platform for app development accessing store of information. Some vendors are pursuing platforms (Surescripts, Allscripts launched open architecture platform HELIOS, EPIC has developed API for accessing data and services) |
| terminology | set of terms representing the system of concepts of a particular subject field | |
| synonym | different term for same concept | |
| polysem | term that means more than one concept | |
| dictionary | concepts plus meaning | |
| thesaurus | groups synonyms by concept | |
| nomenclature | system of terms elaborated according to established naming rules | |
| vocabulary | concepts and terms in a domain | |
| classification | system that organizes like or related entitties | |
| semantics | insertion of meaning via relationships | |
| term | designation of a defined concept in a special language by a linguistic expression | |
| Nomenclatures, vocabularies, and terminologies | benefits of computerization of clinical data depend upon its 'normalization'. Clinical language is inherently vague, which is at odds with the precision of computers. Use cases: information capture, communication, knolwedge organization, information retrieval, decision support | |
| concept | thing or idea, expressed in one or more terms |
| ontology | A framework for representing knowledge (web). A controlled vocabulary expressed in an ontology representation language thereby creating a formal representation (structuring of concepts and relationships between them) of definitional information of a domain in a way that allows it to support automatic information processing. The grammar contains formal constraints (e.g., specifies what it means to be a well-formed statement, assertion, query, etc.) on how terms can be used together. Like thesauri but different because there are often no preferred terms and the concepts and relationships are described in machine readable ways thereby supporting semantic interoperability. Generally adheres to either RDF or OWL XML-based standards. | |
| taxonomy | practice and science of classification; taxonomies add structure to unstructured information to make it easy to search and filter. (tree with branches) | |
| Predication relationship | A.1 is a certain type of A (what a statement says about its subject) | |
| Conditional relationship | All A.1 are A | |
| International Classification of Diseases | ICD | international standard and disease ontology published by the WHO originally for morbidity reporting; ICD-10 defined in 1990 (69k codes, 3-7 characters, first character alpha), now standard as of 10/1/15 (ICD-10-CM, maintained by the CDC) ICD-10-PCS procedure codes will be used for intpaitent procedures instead of CPT). Half of all codes related to musculoskeletal system, primarily injuries. A requirement for billing claims. ICD-9 (1975, 14k codes, 3-5 characters) limitations include NOS and NEC codes, lack of granularity |
| General Equivalence Mapping | GEM | enables mapping, eg from ICD-9 to ICD-10 codes |
| Diagnosis-Related Group | DRG | describes a bundle of services a hospital might provide; flat rate per case for inpatient hospital care to rewards hospitals for efficiency; original intent was to aggregate ICD-9 codes into groups for health services research; set of several hundred codes 'lump' hospital illnesses; adopted in 80s for prospective payment for hospitalization in Medicare; |
| CVX Code | codes for active and inactive vaccines in the US | |
| National Drug Code | NDC | FDA required registration that utilizes a 10 digit, three-segment number that serves as universal identifer of the product (pharmaceutical preparation); labeler code - product code - package code |
| Unique Ingredient Identifier | UNII | specifies ingredients in drugs and other compounds |
| National Drug File Reference Terminology | NDF-RT | standardized terminology maintained by the VA, for modeling drug characteristics, including ingredients, chemical structure, formulations etc, ie ADMET (absorption, distribution, metabolism, elimination, toxicity) |
| RxNorm | substance-oriented standardized terminology maintained by the NLM that provides normalized names for clinical drugs and links to synonyms within First Databank, Micromedex, MediSpan, Gold Standard Drug Database, NDF-RT and Multum. The first component of UMLS; provides semantic structure for formulations and their components | |
| Logical Observation Identifiers Names and Codes | LOINC | standard universal codes for identifying laboratory tests and clinical observations in electronic messaging; developed by the Regenstrief Institute. MU requires LOINC in messages reporting lab results, medical summaries, sending data to cancer and public health registries. Each term is assigned a unique identifier and a fully specified name with 1. component (what is measured) 2. kind of property (eg mass, substance) 3. time aspect (eg 24h collection) 4. system type (eg context or specimen type ) 5. type of scale (eg ordinal, nominal, narrative) 6. type of method (eg procedure used to make the measurement /observation) |
| Current Procedural Terminology | CPT-4 | standardized terminology maintained by the AMA; category I: numeric codes for procedures and RVUs; category II; alphanumeric codes for tracking performance measurement 'F' eg 3725F screening for depression); cateogry III: Temporary codes for new or emerging procedures removed after 5 years |
| Healthcare Common Procedure Coding System | HCPCS | aka 'hickpicks', a CMS billing coding system based on the AMA CPT. Category I : same as CPT. Cateogry II: items, supplies, non-physician (ancillary) services |
| Common Dental Terminology | CDT | HIPAA standard for dental procedures and electronic dental claims maintained by the ADA |
| Systematized Nomenclature of Medicine - Clinical Terms | SNOMED CT | multi-lingual concept-oriented standard terminology, maintained by the IHTSDO (NLM is the member organization of the IHTSDO and distributes SNOMED CT). Key feature is 'multi-axial' or compositional approach allowing terms to be combined and modifiers to be added. >300k concepts, >1M terms, >1M relationships |
| US SNOMED CT Content Request System | USCRS | allows users to request basic changes to SNOMED CT. New concept, new synonym, new parent, change description, etc |
| Nursing Vocabularies | irreconcilable information models, tedious, terms not used the way clinicans express them; NANDA, NIC, NOC, Omahar System, Home Health Care Classification, International Classfication for Nursing Practice | |
| Unified Medical Language System | UMLS | 1986 NLM standard to link the different standards; integrates 58 sources. |
| UMLS Metathesaurus | MTH | database of information on concepts that appear in one or more controlled vocabularies (eg ICD-10-CM, LOINC, CPT). Synonymous terms from different vocabularies are given same concept identifier; each distinct term can have different lexical variants, aka strings. |
| Concept Unique Identifer | CUI | all terms from all vocabularies representing same notion are groujped as a concept |
| Term Unique Identifier | LUI | all source terms of similar form (ie differing only in lexical variation) are groups as terms |
| String Unique Identifer | SUI | within each term lexical variants are strings |
| Atomic Unique Identifier | AUI | each string is an atom from its source |
| UMLS Semantic Network | each concept in the metathesaurus has an associated semantic type; concepts can also be linked through semantic relationships; generic relationships between semantic types of concepts | |
| UMLS SPECIALIST lexicon | contains information on syntactic, orthographic, and morphological information for each concept; based on metathesaurus words and terms, designed to assist in natural language processing applications | |
| Crosswalk | a set of links between the same information in one ontology to another ontology | |
| Clinical Element Model | CEM | stack of coded items can be ambiguous, need model for clinical elements |
| Clinical Information Modeling Initiative | CIMI | aims to create CEMs for clinical data, part of ONC SHARP project |
| Interoperability standards | Meaning, Structure, Transport, Security, Services | |
| Interoperability | The ability of different IT systems and software applications to communicate; to exchange data accurately, effectively, and consistently; and to use the information that has been exchanged. Made possible by the implementation of standards | |
| Levels of Interoperability | Level 1: foundational interoperability (eg mail, fax, phone) Level 2: machine-transportable (structural; information cannot be manipulated, systems can exchange data but the data does not have to be able to be interpreted by the receviing system, eg scanned document) Level 3: machine-organizable (syntactic, sender and receiver understand vocabulary eg email, proprietary format files) Level 4: machine-interpretable (semantic, structured messages with standardized and coded data that can be read and understood, eg coded results from structured notes) | |
| Fast Healthcare Interoperability Resources | FHIR | HL7 standard to merge versions 2 and 3, CDA, with a focus on implementation; response to complexity of HL7v3 but maintaining compatibility with other HL7 standards eg RIM, CDA. Basic building block is a resource which has common way to define and represent data elements, building them from data types that define common reusable patterns of elements; common set of metadata; human-readable part; public API |
| Integrating the Health Enterprise | IHE | Non-federal effort (sponsored by HIMSS) that identifies and demonstrates solutions to real-world interoperability problems, usually done by organizing interoperability showcases to demonstrate solutions. Clinical and operational domains produce technical framework documents which are published resulting in a trial implementation which if successful, profile will be published in final form |
| Medical Device 'Plug-and-Play" Interoperability Program | focus on interoperability of network-based devices, mainly in medical settings | |
| Continua Health Alliance | consortium of companies and organizations devoted to interoperability of personal telehealth devices | |
| CONNECT | US government software initiative suitable for an HIE based on record locator services (query-based or pull) approach | |
| Direct Project | US government software initiative suitable for an HIE based on a secure e-mail (query-based or pull) approach |
| Institutional governance of clinical information systems | best to integrate governance into existing organizational governance structures. Information system projects are best viewed as clinical rather than IT. Leadership best derived from opinion leaders rather than technophilic users. Health IT leadership has migrated up the org chart. | |
| Medical Records Bylaws | govern electronic records: content, permissions, responsibility of MDs for entering into the medical record, standards for completion. Oversight vested in medical record or HIM committe and for preparing for review by TJC, laws, policies for completion etc | |
| Business Associates Agreement | BAA | required by HIPAA; associate has access to PHI |
| Data Use Agreement | DUA | govern conditions for use and sharing of data between organizations |
| Data Storage Agreement | DSA | Similar to above, but parties store data for another |
| Service Legal Agreement | SLA | Typically contractual rather than legal agreeements for performance |
| Clinical information needs analysis and system selection | Create project team, Define requirements (observation, mapping, interviews, focus groups, expert interviews), Identify viable candidates, System selection |
| Methods for identifying clinician information system needs | List taks: orders, notes, results, messaging. Workflow analysis or informal |
| Elements of a system requirements specification document (eg technical specs, intellectual proprerty, patents, copyright, licensing, contracting, confidentiality, specific organizational needs such as user training and support) | ||
| Request for Proposal | RFP | a document that an organization posts to elicit bids from potential vendors for a product or service. A weighted point assignment method of evaluation may be used if considered appropriate. Includes: description of organization, needs, timing, financial issues, selection process. |
| Request for Information | RFI | less formal; Request made typically during the project planning phase where a buyer cannot clearly identify product requirements, specifications, or purchase options. RFIs clearly indicate that award of a contract will not automatically follow |
| Request for Quotation | RFQ | used when requirements are clear-cut, ie "you are buying what they are selling" |
| Due Dilligence | demonstrations for small or large groups, require vendor to specifiy what is future functionality. Site visits: one that you arrange! Visit sites like your own; conference calls. Business investigation: will the vendor remain in business, how long have they been in business, private or public, likely to be aquired? future? involve your business office / CFO. |
| The costs of health information and communications technologies | Most of cost is in ongoing/maintenance costs (support payments) rather than initial capital expense. Basis for long-term financial and professional relationship; legal counsel; vendor proposal should be submitted in form to be included in contract; contract controls project, functionality, payments |
| Clinical information system implementation | assess current state, process design (future state), software design/configuration, testing, training, go-live, post conversion assessment, move to ongoing support model | |
| Information Technology Infrastructure Library | ITIL | Developed in the UK, gained recognition when Microsoft used it as the basis for MOF; deines the operational structure and skill requirements of an IT area and documents a set of operational management procedres to foster more effective management of an IT operation and infrastructure: potfolio --> services --> processes --> procedures |
| Elements of a system implementation plan | manage budget, external audit, testing, training, support, transition planning ('go-live', 'activation', 'conversion'): big bang vs pilot or phased (staggered, sequential); when choosing transitiion consider functionality & geography |
| Models of user training and support processes that can meet clinician needs | classroom (web-based or blended), concierge (meeting needs where user finds most useful, costly), in-person (tailored to specialty), strengths and weaknesses of superuser, physical presence: be on wards/clinics 'at the elbow' |
| Processes and mechanisms that obtain and respond to clinician feedback | Real-world active surveillance best. Solicit feedback from users (eg capture feedback button); safety reporting system; simulations, robot monitoring of user experience | |
| Clinician feedback | Processes and mechanisms that obtain and respond to clinician feedback : support team embedded in clinical world (rounding, using systems give insights), monitoring remotely, 'feedback button', 'pizza budget' meals coupled with feedback; regular communication at meetings, via pages, using ad hoc hallway and clinical setting conversations |
| Unit testing | Directed at menus, templates, and other modules and subunits of the system, without regard to other system components internal or external to a given application | |
| Application testing | All modules and subunits of the application work in connection with each other | |
| Integration testing | Conformation that information flow between the EMR and external systems occurs as expected | |
| Performance testing | With production loads and users, system functions within expected boundaries | |
| Post-production testing | After conversion, all aspects of system operate as required | |
| System testing | Tests all aspects of a given system or application, eg how well the software satisfies the stakeholders' functionality, security, performance, load, reliability, compatibility, availability, etc. requirements | |
| Regression testing | Tests to make certain that, with the exception of the change currently being requested, all components of the software's functionality/behavior are unchanged | |
| Backout or contingency testing | Tests the ability to back out the changes being made to a system or, if changes cannot be backed out, tests the contingency plan if modifications cause problems once implemented | |
| Test environment | Domain (or instance) of system with configuration and data similar to production in which testing occurs | |
| Scripts | structured simulations of workflow and system use that can reproducibly be used for testing versions of proposed production version | |
| Conversion | aka activation or go-live: Command Center (on-site presence, all teams: technical, application, interface, user liaisons; planning duration and logistics should being early); User support team (goal is overwhelming support 'at the elbow', project and non-project team, roamers); Communication methods and plan (pagers, cell phones, scheduled status calls, shift reports); Issue management (capture and triage, documentation, communcation / closing the loop); Review downtime procedures; Have back-out or remediation plan | |
| User support models | role of help desk, escalation procedures, onsite vs remote, superusers (may be busy) |
| Clinical information system maintenance | operations entails day-to-day running, maintenance, enhancement and safeguarding of the system to meet the availability and reliability requirements. Patches, upgrades from vendor, coding system updates (ICDX, DDI databases etc), interfaces with other systems, delivery (end user devices, Citrix) | |
| Organizational strategies necessary to EHR Safety | care-process transformation, patient safety, HFE, software safety, proejct management, continuous improvement (Walker) | |
| EMR optimization | post-implementation focus on features and functionality that have been incompletely or suboptimally adopted; review of workflow and tailored education; use of EMR to assist in meeting organizational quality, safety, and financial goals | |
| Compliance and the law | Documentation, orders, results review and other tasks and audit trails scrutinized by compliance are increasingly accomplished using computing systems: compliance officers charged with protecting the organization and may not have full understanding of clinical computing systems functionality and workflow; copmliance and DOJ focus on cloning, upcoding, copy/paste | |
| Clinical computing systems and the law | authentication vs authorization; nonrepudiation (user may attempt to claim they did not create document when in fact they did); audit trails (reconstruct construction of note or use of EMR), document version history; close cooperation with compliance and general counsel |
| Downtime | Time systems not available to significant group: inevitable, prepare ahead, communication between parties critical, parties must know a priori what to do, business must continue, reucing downtime is a key metric | |
| Scheduled downtime | Best to develop/train downtime procedures including workflow, data access, preparation and backloading from paper. Select optimal time based on schedule of clinical activity and key business, availability of internal/external technical resources; stratify plans by length of planned downtime, notify user community in advance | |
| Unscheduled downtime | causes include human error, changes in system insufficiently tested, software fault, hardware/connectivity failure, reaching capacity, disaster, malicious activity; have and follow a plan that includes structured incident command, triage, communication, and a post-mortem review | |
| Reducing risk of unscheduled downtime | Code updates (avoid the bleeding edge, limit changes to those that are absolutely necessary); Downtime Windows (allow resources to adjust their body clock, ensure backup plans for key resources, check-in in advance and keep in contact throught the downtime); Vendor Availability (get on the vendor's activity calendar; make sure they know what you're doing ahead of time and that they can support it); Planning, testing, post-implementation validation (sufficient test environments, testing tools, standardized/reusable test scrips, post-implementation validation should be done by people on the front lines) | |
| Operations when actions down | communicate; conference calls, emails, personall calls to sr mgmt; right frequency, right timing with right relevant details. If big problem: have separate technical solution group and user communication group (Shield solution group from communication group - no lynching rule; communication group triggers business continuity plans, unless it is triggered automatically); each affected work area manager and each affected service follows their business continuity plan. Solution group needs a leader; must have time to propose, vet and try alternatives; should focus on alternatives to minimize downtime, not necessary solve the problem; pay attention to when to let members of solution group be fed/relieved; involve vendor early, show urgency, demand speed, call their bosses; conduct detailed post mortem for RCA later if not found as yet | |
| Issues when the system is back up | are data on paper back-loaded? When and by whom? Are resuls generated by departmental systems loaded retrospectively? Plan transitions of orders and medication administration from paper to EMR; pay attention to staff fatigue | |
| Operations - service view | IT service portfolio (collection of high level, grounded objectives; manage performance, secure assets, manage identities, plan strategically); Each folio is a set of services (offered to a user, peer, institution with SLAs; minize expected downtime, manage a reported performance problem, protect perimeter; Each service is a collection of processes (processes are collections of procedures using a set of tools by a collection of custodians - who does what using what?); Each procedure is measured for resource and efficiency, and these collections generate operational metrics; Disaster recovery and downtime : off-site storage needed, test restore processes, corruption risks - stagger versions, rehearse downtime, day and night, to from daylight savings) |
| Decommissioning of systems | consider data transfer risk/benefit; keep old system? Drivers external (eg certification, ICD10), internal (best of breed vs integration, better systems available, cycle time between systems?) | |
| Trends in operations | most healthcare organizations may invest in care instead of IT; outsourcing specific applications; cloud computing (provision of dynamically scalable and often virtualized resources as a service over the internet on a utility basis, infrastructure/platform/software as a service (Iaas/PaaS/SaaS), makes good economic sense due to scales of operations, unclear understanding with privacy issues); models of operational consolidation | |
| Change control | requires that updates or changes to software, hardware, or other parts of the infrastructure or application go through testing and analysis of its expected and potential impacts. Those making the change are expected to test changes, understand impacts, notify users, and minimize unexpected side effects. A formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner |
| Usage | Proportion of users. In ambulatory settings, CDC finds growing adoption. Hospital settings most sucessful but do not use all capabilities. Compared to other countries, US is a laggard but most other countries do not have advanced functionality | |
| Evaluation | help experts determine what works best; allows users to cut through hype; justifies costs / helps with cost comparison | |
| Efficacy vs Effectiveness | Efficacy is evaluation in controlled research setting; Effectiveness is evaluation in real world (aka outcomes research) | |
| Microevaluation vs Macroevaluation | Micro: evaluation of individual components of a system; Macro: evlaution of a whole system as a 'black box' |
| Outcomes relevant to the clinical goals and quality measures | Measures of various clinical operational and other outcomes | |
| Outcomes | Systematic reviews: clearly there are benefits - most studies had positive outcomes. | |
| Costs | Does HIT reduce cost of care? Challenging to measure with different technologies, reimbursement models etc. Notable findings: in outpatient settings practices only get 11% ROI with rest going to labs and insurers; models of health information exchange show benefit but have yet to yield benefits in reality; lowered costs from hospital implementation before/after EHR implementation |
| Objectivist | aka quantitative research; most common approach is comparative | |
| Subjectivist | aka qualitative research | |
| Comparative research | choose a research question and population; select sample; determine variables to measure: dependent or outcome - measure difference; independent or predictor - explain difference; randomize sample to experimental or control group; results show either truth or error | |
| Bias | systematic error introduced by experiment whereas chance is random error; bias can be due to selection, measurement, confounders. | |
| Assessment bias | Subjects allow feelings toward system to influence their performance with it | |
| Allocation bias | Randomization 'cheated' inadvertantly or purposefully | |
| Hawthorne effect | Humans try harder when they know they are being observed | |
| Checklist effect | Deicision-making more copmlete with checklists | |
| Chance | Result obtained by chance, minimized by statistical anlalysis; alpha error - difference represents chance event; beta error - there is an actual difference when none is detected, usually due to small sample size | |
| Validity | Internal (experimental methodology must be sound by avoiding bias and chance error); External (experimental results must have generalizability to real world and clinical significance) | |
| Ethnography | Subjectivist : observe users in their natural environment | |
| Focus groups | Subjectivist : convene individuals for focused discussion | |
| Usability studies | Subjectivist : give users tasks and watch what they do | |
| Protocol analysis | Subjectivist : ask users to 'think aloud' | |
| Actionable qualitative research | tools and data collection include site inventory profiles, ethnography guides, interview question guides, rapid survey instruments. Has been successfully deployed for evaluation of clinical decision support and EHR safety; has led to elucidation of 'unintended consequences' of HIT |
| Challenges in Evaluation of Clinical Systems | most CMIOs do not have budget/personnel. Small incremental evalutions, particularly if they are built into the clinical system operations. What to study? Override rates, effectiveness of particular alerts, effectiveness of strategies to reduce use of expensive resource that does not give improved clinical benefit? |