I once read a blog post that said “Healthcare IT is neither ‘healthcare’ nor ‘IT’.” It sounds strange and even a bit funny, but it’s true. Healthcare IT (HIT) is its own branch of the information technology world. Yes, basic IT skills are necessary, but when working in a healthcare environment everything you do has to meet regulation compliance, right down to your communication and how you act on-site. In addition to the knowledge and execution of regulatory requirements there are also a few IT skills that the HIT technician should specialize in in order to be successful in the industry.
HL7 (Health Level Seven).HL7 is a standardized protocol that enables different computer system to communicate with each other. It is the protocol that makes interoperability possible (or at least hopeful)! The “7” refers to the seventh layer of the OSI model, or the Application layer, because HL7 operates primarily with the network protocols of this level. The standards for HL7 are developed and maintained by Health Level Seven International. Version 2 (V.2.x) of HL7 used a textual, non-XML encoding format. The newer Version 3 (V.3.x) uses XML encoding syntax.
A sample V.2.x partial message containing a Glucose request would look like this:
MSH|^~\&|GHH LAB|ELAB-3|GHH OE|BLDG4|200202150930||ORU^R01|CNTRL-3456|P|2.4<cr>
PID|||111-22-3333||DOE^JANE^A^^^^L|JONES|19620320|F|||111 HOMEVILLE DR.^
^NEW YORK^NY^35292||(555)1234567|(555)555-123||||AC555444444||67-A4335^NY^20010620<cr>
OBR|1|845439^GHH OE|1045813^GHH LAB|15545^GLUCOSE|||200202150730|||||||||
555-55-5555^DOCTOR^NAME^^^^MD^^|||||||||F||||||444-44-4444^BAKER^JONATHON H^^^^MD<cr>
OBX|1|SN|1554-5^GLUCOSE^POST 12H CFST:MCNC:PT:SER/PLAS:QN||^188|mg/dl|70_105|H|||F<cr>
The basic codes in this message are:
MSH: Message Header. Contains the message type and trigger event
PID: Patient ID. Patient identification and demographics
OBR: Observation Request. Identifies what was originally orfered and who ordered it.
OBX: Observation. Contains the results of teh observation
There are many HL7 codes; a google search will provide you with a list.
Here is a sample Glucose Observation in HL7 V.3.x (XML formatted):
<observationEvent>
<id root=”2.16.840.1.113883.19.1122.4″ extension=”1234567″
assigningAuthorityName=”RGH LAB Filler Orders”/>
<code code=”1234-5″ codeSystemName=”LN”
codeSystem=”2.16.840.1.113883.6.1″
displayName=”GLUCOSE^POST 12H CFST:MCNC:PT:SER/PLAS:QN”/>
<statusCode code=”completed”/>
<effectiveTime value=”200102150730″/>
<priorityCode code=”R”/>
<confidentialityCode code=”N”
codeSystem=”2.16.840.1.113883.5.25″/>
<value xsi:type=”PQ” value=”188″ unit=”mg/dL”/>
<interpretationCode code=”H”/>
<referenceRange>
<interpretationRange>
<value xsi:type=”IVL_PQ”>
<low value=”70″ unit=”mg/dL”/>
<high value=”105″ unit=”mg/dL”/>
</value>
<interpretationCode code=”N”/>
</interpretationRange>
</referenceRange>
HL7 is vast and complex with many tags and segments to learn. The HIT tech would definitely benefit from learning the basics of HL7. Interoperability is a major problem in the healthcare IT world since many facilities are using multiple systems from different vendors all segmented throughout the network. HL7 is key in making these systems connect and communicate to each other, saving time and probably lives.
If you are interested in learning more about HL7 there is an upcoming web-based e-learning course now open for registration on the Health Level Seven International website. The class starts on August 18, 2011 and goes to December 1, 2011, giving a nice overview on all areas of HL7 (the full course is $500, but you can take individual modules for less, and some countries get major discounts). The organization provides various certifications and specialized training depending on how deep you want to get involved with HL7.
Security is no joke in the healthcare setting. Major HIPAA/ARRA violations and security breaches can cost a healthcare facility millions of dollars in fines.
This chart is directly from the American Medical Association (AMA) regarding individual HIPAA fines:
HIPAA Violation | Minimum Penalty | Maximum Penalty |
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA | $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation due to reasonable cause and not due to willful neglect | $1,000 per violation, with an annual maximum of $100,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation due to willful neglect but violation is corrected within the required time period | $10,000 per violation, with an annual maximum of $250,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
HIPAA violation is due to willful neglect and is not corrected | $50,000 per violation, with an annual maximum of $1.5 million | $50,000 per violation, with an annual maximum of $1.5 million |
Source
The HIT technician should be well versed in securing clients, servers, and networks. If the healthcare facility is large then these tasks would probably be split up, meaning a particular technician wouldn’t have to specialize in all areas of security; however, it doesn’t hurt, especially if you are consulting or working in a smaller facility as an IT generalist. In addition to experience, certifications such as Security+ would be a good start, CISSP (isc2) and the new CASP (CompTIA Advanced Security Practitioner) from CompTIA are both good advanced security certifications. Knowledge and implementation of encryption standards (AES, DES, 3DES, SSL) are a must. Physical security is also important since PHI (protected health information) must remain confidential. Privacy screens need to be placed on monitors and placement becomes an issue. Don’t forget to securely sanitize/destroy the hard drives! There are many security considerations to be aware of in a healthcare setting.
Falling under the topic of security in the healthcare setting would be setting up wireless networks and mobile device management. Securing these devices is crucial and can be a challenge. A easily cracked WIFI setup or a doctor leaving his smart-phone unattended with a patient chart on it will end up in lawsuits and fines, and yes, the IT department/service/consultant will be blamed for the mishap.
As I conclude part 1 of this specialized skills for the HIT technician series, I’d like to mention a recent article from Healthcare IT News stating that “consultants are favored over vendors for health IT roll-outs.” Only one EMR vendor was preferred over a consultant! This means that for the vast majority of EMR implementations healthcare providers are opting for IT consultants with specialized skills as opposed to the EMR vendors themselves. I found this rather intriguing and it definitely proves there is a large market for consultants in this area.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
I have a customer who owns a small medical office. They have not digitized their medical records because the laws/rules are constantly changing and the penalties are so large. It simply is not worth it for many offices with less than 10 employees.
I do believe that digitized records and interoperability could save money and lives. But I do not believe that is the goal of the bureaucrats when they write 3,000 page laws that could easily have been written in 100 pages if they truly knew what they were talking about. I hate to see regulators mess up something that could be so useful.
I have experience working with a hospital as an outside contractor brought in to deploy all new computers and migrate the network accounts and storage from a Novell platform to a Windows platform. There is a lot of planning that has to go into this, and Hipaa/etc planning adds quite a bit of complexity to that planning and the implementation processes. Here is the link for for Hipaa IT – http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/index.html
To consult in this field you need to learn about the “Privacy and Security Toolkit” and “The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information” and most of that info can be found at http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__privacy___security_framework/1173
I found this book invaluable for consulting on business continuity and disaster recovery in the healthcare field – http://www.amazon.com/Business-Continuity-Planning-HIPAA-Environment/dp/1931332258
Hope this is helful.
Rob Cox
Cox Network & PC Services
Great article.
Will be good to do the same for Financial, Food, Drug industry.
Great information!! I am currently taking an online course that was designed for IT or health care professionals to obtain the needed skills to enter this field. It is offered through the community college system in our state and it last 6 months. The cost is $360 but if the course is completed in the 6 months with a passing grade, the tuition will probably be refunded. Also, the certification for this will be free for the first 29,000 people. Just thought some of you might be interested in this information.
I have been wanting getting into this field for a long time because I have a lot of doctors that I see for myself and my mother has doctors but I don’t dare unless I know exactly what is the knowledge I should bring on board.I mean I know all the basics:Windows XP,7,Linux,I can get by with Networking;this is my weak point,although i have set a server/client Nwork.I know your article said security knowledge is a must.What else do I need Because I want to get into Consulting & I want to break into to this HIT area.
Thank you Kindly for your reply
slpctec
Has anyone checked out the new CompTia Healthcare IT certification yet?
Very informative!
such a great artcle Romano. thanks
i like the article, good work
Excellent article this should help me get started, to second the question from Johann, has anyone used the comptia approach?