Health IT and Electronic Health Activate your FREE membership today |  Log-in

Meaningful Health Care Informatics Blog

Jun 23 2010   10:37PM GMT

Medical IT Audit and Technology Assessment

Posted by: RedaChouffani
HIPAA, IT Audit, ITIL, medical Audit, technology EHR audit
With many medical organizations seeking to implement EHR systems and become paperless, they have become increasingly dependent on their computerized information systems to provide care to their patients, maintain the medical records and carry out their operations.
As a consequence, the reliability of the technology infrastructure and systems must be reviewed periodically, whether it is prior to implementing their new EHR or post implementation. This process a critical step as it will assist in ensuring that the current infrastructure can support the selected solution, ensure data integrity, system performance, safeguard assets, and scalability for the organization to allow for future growth.

There are two approaches to the IT audits for a medical organization. One that is at the initial stages of EHR product assessment, and the other is an on going system review.

The first audit would focus on the current state of organization from a hardware, networking and peripherals stand point. Some of the focus would be on:

Evaluating the compliance requirements that are part of the new electronic medical records

Evaluating the network backbone (wireless/ wired)

Evaluate the current storage capability and forecast future storage needs (taking into consideration added electronic documents as part of chart scanning)

Review current servers and their capabilities

Evaluate Workstations, mobile devices and peripherals to ensure they meet the minimum requirements of selected EHR

Evaluate the current disaster recovery plan (DRP) and business continuity plan (BCP) and review any adjustments that will be required

Review all required data interfacing/integration needs

The second audit would be a quarterly or yearly event for the Information system. Whether it is performed by in-house IT, or a third party vendor, it would most likely cover a spectrum of audits. Some of which are:

A compliance audit ( covering all HIPAA mandatory and optional requirements, red flag rules, etc.)

IT systems best-practice implementation such as ITIL

System overall availability (EHR, HIS, LIS. etc.) that focuses on the system overall uptime, fault tolerance, business continuity plan and restore drills.

System security and confidentiality that would focus on ensuring proper authorization processes. From employee biometric to physician’s prescribing password protection

Data integrity audit which would focus on ensuring that there are no reported system failures that cause data loss or corruption

There has been many laws established that regulate the information technology audit. Some examples: the Sarbanes-Oxley Act and The Health Insurance Portability and Accountability Act. While in some cases an Audit may seem unnecessary, it is important to recognize the value of oversight to IT. This ensures that a governance program is implemented that maintains the infrastructure stability, security, and integrity in check and that IT continues to be in-line with the organizational goals.



Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: