Project in Healthcare Business

Project in Healthcare Business

Building the business case for healthcare quality and safety

NAME: ALI ALZAHRANI

ID: 14110466


1

Part A

Organizational context and understanding of quality and patient safety

The safety of patients must be the priority for healthcare organizations worldwide with many

of the hospitals that are engaged in activities for improving the quality of care, safety and

other outcomes. In spite of all these efforts there must be limited understanding of the reason

to improve efforts of the quality which are successful in some hospitals and others. This study

also reveals that among a number of hospitals that mostly focus on the implementing the

practices in order to prevent the central line associated bloodstream infections, the

experiences and the outcomes of the varied has to be considered by using the same

implementation strategies. Also there were findings that provided some important insights

that how and why there are different strategies for improve the quality that can perform many

actions among the organizations with many different contextual characteristics. The Institute

of US dealing in Medicine and health that called for new approaches in order to manage the

health care quality problems (Adler, 1952).

Rationale for resourcing and implementing quality and patient safety

The medical records are kept to keep the documents of the medical treatment of the patient

that he has undergone in past or is suffering from the current health status. If there are any

treatment plans for future health care and it nowadays considered to be the most integral

component for delivering the quality health care to the patients? The medical record

standards were established during the year 1996 and they were further distributed to the

specialists. there is the regular assess that compliance with the standards and also monitors

the different processes and procedures that the physicians has delivered for the continuous

and coordinated medical care. It is estimated that over 90 percent of the goal of healthcare

organizations can be achieved by keeping medical record standards (Kahn, 1990).


2

By using the data collected being a part of a multi-center study that is closely examining the

improvements of quality of efforts and also the implementation of recommended practices in

order to prevent the central line associated with the bloodstream infections in the hospitals of

United States. We can also compare and contrast the experiences among the hospitals in

order to understand the better of how and why there are many hospitals that are very

successful by implementation of practice while taking into considering the specific aspects of

the organizational context (Mitchell, 2004).

Frameworks and different options for implementation

The healthcare data has to be changed into some useful information which has to be a main

point of concern to everyone that requires it. A wide variety of technology and research

methods are available to collect and allow for the accuracy of healthcare data. This

transforms data from paper to electronic systems. It is important to maintain the quality of the

data to be preserve certain quality standards for allowing the data to be up to date in

healthcare information systems.Continuous strategies have to be put into place that support

the quality of data and information . A research issue does arise with this which questions the

variability with different solutions. The overall quality of healthcare quality has to be

preserved and being at the right time to support the care and health system for patient

availability. All healthcare organizations must make sure all the technology is up to date to

allow for easy access of data when its required. (Mitchell, 2004).


3

Specific, measurable expected benefits:

It requires right information which is available at the right time in order to support the patient

care and also the decision of health system. Consensus has to be gained for essential data

content and proper documentation is based on proper standards which are necessary to

maintain for high quality data which is interconnected with the future of healthcare system.

The quality of the data has to be maintained that ensures the information which is useable and

actionable.


4

Risks associated with implementing healthcare quality and patient safety

In the past time the risk management and improvement in quality functions often operates

separately in all the healthcare organizations and individuals who are responsible for so many

functions that has different lines of reporting while the organizational structure is further

divided into risk management and also in quality improvement. In the risk management and

quality improvement there are efforts in the organizations of healthcare that focus on

improving the patient safety and also finding some ways to work together in order to ensure

effective and efficient ways of the organization in order to deliver the safe and high quality

patient care.

Asset classification and control

Accountability which is related to pharmacy health data as an asset

The policy of test safe must cover the implementation of sound security process in the

community of pharmacy in a security policy.

• Organizational issues

• Assets to be covered by the policy

• Personnel

• Physical security of the pharmacy

• Control of access to computers

• Software lifecycle management

• Incident reporting

• Managing malicious software


5

• Business continuity issues

• Compliance issues

Cost of quality and patient safety

Document control

An information security officer must have full control and must review the documents and

files of the pharmacy store annually and if the modification is required he must make the

necessary adjustments. If any suggestions or feedback is required for the document must be

provided to the pharmacy security officer. The manger is responsible to approve the security

policy amendments if required and he only appoints the pharmacy security officer and also

supports the implementation of the security policy (Pipkin, 2000).

The security policy and standards

The main objective of the security policy is to maintain and establish an effective information

security that safeguards the users to ensure the confidentiality and integrity of the operations

that is available in the pharmacy and there is no compromise with the information of the

patients. The information which is sensitive must be safeguarded against any unauthorized

disclosure or any destruction to that information. It is the duty of the user and also other staff

members to comply with the protection of the information and also the policies and

procedures detailed in the document (Corrigan, 2004).

Sensitivity of information

The information related to the health is collected by the pharmacy in a position of confidence

and trust and is highly sensitive as it includes personal details of a person.


6

It is very much important that the health information collected of the patients must be

collected and controlled in relevance with the health information privacy code and also with

other relevant health related legislation. There are also other information that is highly

sensitive which includes the commercial information of the pharmacy and the staff related

information and others (Lang, 1975).

High-level plan

Organization of security of information

Policy statements

There must be maintenance of management framework in order to maintain the pharmacy

computer system in order to co-ordinate and control the implementation of the information

security effectively. The key persons involved in the pharmacy must meet their obligation by

formally assessing the risk and through well-defined responsibilities of the staff.

Pharmacy security officer

Pharmacy manager appoints the pharmacy security officer that is responsible to co-ordinate

the security issues that greatly affects the pharmacy. It is the primary duty of the pharmacy

security officer to properly advise the pharmacy staff on the matter related to the security. He

should inform the pharmacy manager about the major security incidents.

He is also responsible to develop and review the security policy and also plans out to be

approved by the pharmacy manager. He should maintain a list of the entire authorized person

that has access to the pharmacy computer system and to the pharmacy premises. He must

report the security incidents and also the status to the manager of the pharmacy and also

ensures the security policies and standards to meet the health network requirements (Chang,

1992).


7

Classification of information

There is a varied degree involved with the information as it is highly sensitive and critical.

An additional level of protection and special handling is required for some items. The

classification of information system allows the pharmacy to properly define an appropriate

set of protection levels and also can easily communicate the need to special handle the

process of the staff. It is also necessary to define the classification of some item of the

information and the rest part has to be nominated with information of the owner.

It is also important to handle the procedure to cover the following steps of copying, storage,

transmission of data either through electronic media or by spoken words.

Physical security

Policy Statements

All the hardware and all the health information that is held by the pharmacy has to be

protected from any disclosure and modification. There has to an access by the outside parties

that could reveal the information to eliminate and also render the security that safeguards and

enable the disclosure of the patients information (Andrew, 1999).

General requirements

The areas and the equipment’s in which the information is stored has to be physically secure

and also access to be restricted to authorize only personally. The documentation must be

accessed in respect to the computer systems and there must be personnel restriction

authorized. The persons who are allowed the access to the pharmacy premises must be


8

accompanied and there must be restriction to those areas that needs to complete their tasks

(Clancy, 2005).

There should be dual lock system that is highly recommended for the entrance of the people

in order to assure highest security when the shop is closed or when there’s no work in the

mall. There should be grilled windows in order to avoid any access to the building through

the windows. Employees must use the back doors of the shop in the mall from where non

employees must not be allowed to get in. There should be restriction on the non-employees to

use the back doors of the shop. It ensures that the information is not discarded and there is

also high safety of the materials being not carried from the back doors (Shojania, 2001).

The information is recorded in information by asset inventory and also nominates the owner

who is responsible to maintain the appropriate control over the asset. The information asset is

equipped to easily access and manipulates the information that is stored in the pharmacy

computer systems. Proper accountability to assets helps to ensure the appropriate protection

maintained and the asset inventory helps to ensure the effective asset protection and is also

useful for other business purposes. There is an important aspect of risk management is the

process of compiling an asset inventory (Lohr, 1988).

Physical vulnerabilities and threats

As the services being provided by the pharmacies is highly probable that the pharmacy

premises and staff will be exposed to intrusion that bears in mind the locations of the

premises. The buildings of pharmacies are mostly located in the cities and towns that are

highly vulnerable to crime and violence. There are also many reasons that will make the

intruders to lead into the pharmacy buildings (Cranley, 2006).


9

The intruders who enter mostly have malicious motives while accessing into the pharmacy

and this necessity helps to adopt the need and implement the physical security measures by

the store-keeper. There are many examples of physical vulnerabilities and threats and among

all one of them is to manually operate the equipment of the building and in such cases it is

very difficult to avoid the movements like pulling and pushing of items with the help of

trolleys and those steps are ought to be followed that ensures the safety and also reduces the

injury risks (Kahn, 1990).

Proper form of protective dressing can also become a type of major physical risk in the

pharmacy. If the staff does not work using proper dress code like gloves, dust masks and the

goggles can also harm their health. There must also be a first aid kit within the pharmacy is

also a type of physical risk especially for the patients and the staff. There can also be many

other types of threats that require physical security enhancement that includes if there is a

power loss in the store, attack by the intruders in the premises, malicious activities by an

outsider, physical assault on the staff, theft and diversion internally and any kind of robbery

(Nightingale, 1987).

Examples of intruder’s scenes/scenarios

There are many reasons that lead to the intruders to enter into the pharmacy. Mostly the

intruders have negative motives to enter into the stores. The intruders can also be the

employee of the pharmacy who has negative motives if he is fired and want to take revenge

from the company (Harteloh, 2003).

Computer system access control

The services and information must be restricted to only authorize users.

Pharmacy security officer


10

He must ensure the policies and standards that address all the requirements related to

pharmacy security. The system access procedure must meet the defined requirements and the

data and application must be kept safe from project development environments (Harteloh,

2003).

He must assist users to analyze day to day use of pharmacy computer systems by performing

basic checks and administration functions.

Information access control

The requirement for minimum access control is have valid individuals for user identifications

and also passwords for all the access to the computer. All the successful as well as

unsuccessful accesses to the system must be recorded. It is also necessary to record or display

the last time user log and all the accounts details must be properly recorded and displayed.

The details of the user account must be issued at a formal training session and the new user

must be configured to force a change of the password before logging for the first time.

User logon procedure

The user must also be able to access to the pharmacy computer facilities in order to follow a

secure login process. There should be no display system or any application prompts until the

login process has been completed successfully. The messages must not be provided during

any logon procedure. The logon information must be validated only after completion of all

input data and the time must be limited for the logon procedure but if it exceeds there should

be termination to the logon. The full information must be displayed of all the details

regarding the logon of the members (Shon, 2010).

External network connections and controls


11

It is inherent risk to the security of the pharmacy of the computer system. There must be a

firewall that protects the connections to other networks. All the firewall must be properly

configured so that they are able to ensure the required level of security. The setting to the

default networks servers must be changed in order to minimize any type of unauthorized

access. There should be no software or other material downloaded without any prior

knowledge and also agreement by the pharmacy security officer (Lohr, 1990).

Security in system life cycle management

Installation of software

It must be approved by the pharmacy security officer all the software’s before installing and

must seek advices from the administrators of the Health Information Network and also

approves the piece of software’s.

Operational of software

The vendors supply the soft wares that are used in operational systems and also a version

must be maintained a level that is supported by the supplier. The pharmacy computer system

also helps to remove and also reduce the security weaknesses and also apply timely manner

with an appropriate consideration of any risk involved that poses vulnerability poses.

Investment appraisal:

An annual report is a report on company’s activities of previous year which intends to give

shareholders and other interested parties information about the activities of the company and

financial activities. They are considered to be as grey literature. As it is necessary for the

companies to prepare and disclose annual reports to be filed under company’s registry.

Companies which are all listed in a stock exchange market have to frequently report to the

stock exchange board.


12

The current assets of the company increased from $127,867 to $130,026 in the financial year

2009-2008 and the other assets decreased by 39,232 whereas the liabilities of the company

decreased considerably which is a positive sign of growth for the company. In the financial

year 2009 liabilities were $462,153 and in the year 2008 it reduced to $213,450.The liabilities

and equity of the company also reduced. The revenues of the company also reduced from

$462,982 to $421,314 which is a positive sign for the company and the expenses of the

company also reduced from $463,293 to $437,424.

The audited accounts are subject to independent scrutiny with no material mi-statements in

the company’s accounts. An unaudited account is prepared from books, records and

explanations supplied by the company that have no verification procedure. Small companies

are not obliged to carry out an audit. In order to exempt the audit a company has to meet

certain conditions which are set out in the Companies Act 1985. Companies have the choice

of applying exemption and choose to have their accounts audited without any statutory

obligation to do so. According to the financial statements an unaudited statements and

audited statements show a difference of total liabilities and equity of $1000 in the year 2009

but there was no difference in 2008. The audit procedure detects the fraud and error and

highlights the weaknesses in the company system enabling the auditor to advise to make

improvements in their work. It establishes that the company is complying with taxation and

employment legislation and banks do not offer finance facilities to companies if no audit has

been carried out. A purchaser also gets a confidence while purchasing his business if it is

audited and supplier provide better terms to companies with audited accounts. The companies

get a benefit a tax return if the accounts are audited and the errors are also identified before

submitting revenue. Audit also gives an insight into the business which enables them to offer

advice to improve the company’s taxation position (Lang, 2004).


13

Part B

It includes the separate problem in each medical record in a documented form that shows

illness and medical conditions. It also includes a current medication list. The medication list

also displays the allergies and also adverse reactions that are necessary to be known about the

patient before giving him any type of medication in future. The medical history of a patient

tells about the patient serious illness and any kind of childhood illness that could create

problem in future so that the further medication is not possible for the patients. Certain

notations also have to be given before giving any medication to the patient about the use of

cigarettes and any kind of alcohol substances. It also informs the patient history and physical

related problems that could create a problem in future for presenting complaints. It is also

important to include findings related to the diagnosis problems and any further treatment

given to the patients has to give by proper planning and diagnosing. It is also important to

clinically evaluate and records the findings for each and every visit of the patient. It is also

important to include the unresolved problems from previous visits and also include the

reviews of consultants. An appropriate history has to be maintained for all the people either

its children or adults if they have undergone any kind of diagnosis or therapeutic procedure. It

is even important for healthcare organizations to keep a record of immunization record of the

children and keep it up to date (Corrigan, 2004).

Each and every record includes the patient’s name or ID number and also includes the

personal data of the patients so that it is easy to the patients address conveniently. The

medical record contains the author identification number and other related details. The entries

mentioned must be dated and those entries are included that are legible to someone. The

forms and notes have a specified notation that has follow-up care and visits. All the

information is related in that encounter forms. If it is required to keep the consultation record


14

then it should be specified in the records. The reports and any other consultation if required

must give their reviews and other information that is related to the patient’s further treatment.

Explicit notation is required to keep a record of follow-up plans (Michael, 2012).

Proper documents must be maintained related to the medical treatment of the person and any

other information related to the hospital visits and other physical therapy reports is

maintained. The records are kept secured and allow easy retrieval of the information that

allows access to authorized personnel only. They should be safeguarded against any loss or

destruction that must be maintained according to the requirement and must be easy

accessible.

The legislative bodies must have easy access to the records on request as and when required,

to inspect and review of such records at no cost. The providers must provide copies of such

records and also allow permit to access to the original medical records for making any

comparisons and if required must submit for examination under the oath ceremony. It is very

necessary to keep and maintain for any further reference of the patients if required the

medical records of the patients for any further reference if required for the patients (Adler,

1952).

There has to be a formal assessment of the risk involved in the implementation that has to be

undertaken by the pharmacy security officer. It’s completely not possible to avoid the

business risk involved with the appropriate technique that identifies and also manage the risk

to minimize any harmful effect to the information. The requirements related to the security

are identified by a methodical assessment of the security risk. The harm that results from the

security failure takes into account the consequences of a loss of integrity and also availability

of the information and the other assets. The realistic involved due to such failure occurs in the

light of prevailing threats and vulnerabilities and also the other controls that are currently


15

implemented. The assessment will result in determining the appropriate management action

and also the priorities that manage the security risk involved with the patient’s and also

implements the controls on the selected protect against those risks.

The information is recorded in information by asset inventory and also nominates the owner

who is responsible to maintain the appropriate control over the asset. The information asset is

equipped to easily access and manipulates the information that is stored in the pharmacy

computer systems. Proper accountability to assets helps to ensure the appropriate protection

maintained and the asset inventory helps to ensure the effective asset protection and is also

useful for other business purposes. An important aspect of risk management is the process of

compiling an asset inventory. It is very important for the pharmacists to improve the standard

of providing full care to the patients and also reduces the risk of misjudgment that leads to

any kind of harm to the patients and it should also try to enrich the professional lives. It is

only possible only when the information delivered is secure and the community pharmacies

use a test safe to follow a sound process by managing a type of security for those connections

(Eloff, 2003).

In this paper all the areas are highlighted which are required to be considered while

introducing any healthcare safety programs for the patients. The different ways of

implementing them is also being discussed in this chapter that makes us to understand all the

concepts more easily. The use of information technology in implementing newer methods

helps us to keep all the records of the patients from the initial stage till the period the patient

is under medical care (Wandelt, 1976).


16

References

1. Hiltzik, Michael(January 4,2012), “ Her case shows why healthcare privacy laws

exist.” Los Angeles Times. Retrieved October 18, 2014

2. Kirsch, Michael s. (2004). “Alternative sanctions and the federal tax law: symbols,

shaming and social norm management as a substitute for effective tax policy.”

Retrieved

3. Crowley, Patrick (April 23, 2003). “Meet the purple people bridge.” retrieved

4. McKenna, Francine (2011). “Auditors and Audit Reports: Is the Firm’s “John

Hancock” Enough?” Retrieved October 18, 2014

5. “Concept Release on possible revisions to pcaob standards related to reports on

audited financial statements” Analyzed 22/7/2011. Retrieved October 18, 2014

6. Gilbert W. Joseph and Terry J. Engle (December 2005) “The use of control self-

assessment by independent auditors” The CPA journal, Retrieved October 18, 2014

7. Harris, Shon (2003). All-in-one CISSP Certificate Exam Guide: McGraw-Hill.

Retrieved October 20,2014

8. Harris, Shon (2010). All in one CISSP exam guide. New York. McGraw- Hill.

Retrieved October 20, 2014

9. Bomford, Andrew (1999). “ Echelon spy network revealed”. BBC. Retrieved October

20, 2014

10. Venter.Eloff (2003) A taxanomy for information security technologies.Computer&

security. Retrieved October 20, 2014

11. Pipkin (2000) Information security.Protecting the global enterprise. New York:

Hewlett-Packard Company. Retrieved October 20, 2014


17

12. Aspden P, Corrigan J, Wolcott J, et al., editors. Patient safety: achieving a new

standard for care. Washington, DC: National Academies Press; 2004. Retrieved

October 20, 2014

13. Adler M, Goman W. Quality. In: Adler M, Goman W, editors. The great ideas: a

syntopicon of great books of the Western world. Chicago: Encyclopedia Britannica;

1952. pp. 513–6. Retrieved October 20, 2014

14. Harteloh PPM. The meaning of quality in health care: a conceptual analysis. Health

Care Analysis. 2003;11(3):259–67. Retrieved October 20, 2014

15. Lang N. Issues in quality assurance in nursing. Paper presented at issues in evaluation

research: an invitational conference; December 10–12, 1975; Kansas City, KS:

American Nurses Association. 1976. Retrieved October 20, 2014

16. Tourangeau AE, Cranley LA, Jeffs L. Impact of nursing on hospital patient mortality:

a focused review and related policy implications. Qual Saf Health Care. 2006

Feb;15(1):4–8. Retrieved October 20, 2014

17. Mitchell PH, Lang NM. Nurse staffing: a structural proxy for hospital quality? Med

Care. 2004 Jan;42(1):1–3. Retrieved October 20, 2014

18. Kahn KL, Keeler EB, Sherwood MJ, et al. Comparing outcomes of care before and

after implementation of the DRG-based prospective payment system. JAMA. 1990

Oct 17;264(15):1984. Retrieved October 20, 2014

19. Rubenstein L, Chang B, Keeler E, et al. Measuring the quality of nursing surveillance

activities for five diseases before and after implementation of the DRG-based

prospective payment system. Paper presented at Patient outcomes research: examining


18

the effectiveness of nursing practice; 1992; Bethesda, MD. Retrieved October 20,

2014

20. AHRQ PSNet Patient Safety Network. Error chain. [Accessed October 20,

2007]. http://psnet.ahrq.gov/glossary.aspx#E. Retrieved October 20, 2014

21. Aspden P, Corrigan J, Wolcott J, et al., editors. Patient safety: achieving a new

standard for care. Washington, DC: National Academies Press; 2004. Retrieved

October 20, 2014

22. Adler M, Goman W. Quality. In: Adler M, Goman W, editors. The great ideas: a

syntopicon of great books of the Western world. Chicago: Encyclopedia Britannica;

1952. pp. 513–6. Retrieved October 20, 2014

23. Harteloh PPM. The meaning of quality in health care: a conceptual analysis. Health

Care Analysis. 2003;11(3):259–67. Retrieved October 20, 2014

24. Lohr K. Committee to Design a Strategy for Quality Review and Assurance. In:

Medicare, editor. Medicare: a strategy for quality assurance. Vol. 1. Washington, DC:

National Academy Press; 1990. Retrieved October 20, 2014

25. Lohr KN. Outcome measurements: concepts and questions. Inquiry. 1988;25(1):37–

50. Retrieved October 20, 2014

26. Mitchell PH, Lang NM. Framing the problem of measuring and improving healthcare

quality: has the Quality Health Outcomes Model been useful. Med Care. 2004;42:II4–


27. Mitchell PH, Heinrich J, Moritz P, et al. Outcome measures and care delivery

systems: Introduction and purposes of the conference. Medical

Care. 1997;35(11):NS1–5. Retrieved October 20, 2014

http://psnet.ahrq.gov/glossary.aspx#E


19

28. National Quality Forum. National consensus standards for nursing-sensitive care: an

initial performance measure set.Washington, DC: National Quality Forum; 2004. p.


29. Committee on the Quality of Health Care in America. Crossing the quality chasm: A

new health system for the 21st century. Washington, DC: National Academy Press;


30. Clancy CM, Farquhar MB, Sharp BA. Patient safety in nursing practice. J Nurs Care

Qual. 2005 Jul–Sep;20(3):193–7. Retrieved October 20, 2014

31. AHRQ PSNet Patient Safety Network. Patient safety. [Accessed October 20,

2007]. http://psnet.ahrq.gov/glossary.aspx#P. Retrieved October 20, 2014

32. Shojania KG, Duncan BW, McDonald KM, et al., editors. Rockville, MD: Agency for

Healthcare Research and Quality; Jul, 2001. Making health care safer: a critical

analysis of patient safety practices Evidence Report/Technology Assessment No 43

(Prepared by the University of California at San Francisco-Stanford Evidence-based

Practice Center under Contract No 290-97-0013) AHRQ Publication No. 01-E058,

Summary. Retrieved October 20, 2014

33. National Quality Forum. Standardizing a patient safety taxonomy: a consensus

report. Washington, DC: National Quality Forum; 2006. Retrieved October 20, 2014

34. Nightingale F. I have done my duty. In: Goldie SM, editor. Florence Nightingale in

the Crimean War, 1854–56.Manchester: Manchester University Press; 1987.

Retrieved October 20, 2014

35. Wandelt MA. Definitions of words germane to evaluation of health care. NLN

Publ. 1976;(15-1611):57–8. Retrieved October 20, 2014

http://psnet.ahrq.gov/glossary.aspx#P


20

Project in Healthcare Business

Documents

Transcript of Project in Healthcare Business