SELECT date(starttime) AS procedure_day,
ordercategoryname,
COUNT(*) AS procedure_count
FROM procedureevents_mv
WHERE hadm_id = 157609
GROUP BY procedure_day, ordercategoryname
ORDER BY procedure_day;Analysis Report Four - Health Privacy and Data Profiling
Executive Summary
To provide direct care and improve patient outcomes, healthcare providers are now dependent on electronic health records as well as retrieving timely clinical records for decision-making, coordinating treatment, and other aspects related to patient care. The increased reliance on electronic data by the healthcare systems has also created vulnerability for them due to increasing amounts of cybersecurity threats. This report presents current research and includes an in-depth analysis of one patient’s terminal hospitalization to shed light on some significant aspects of these issues. The patient included in this report was admitted to the medical intensive care unit on December 24, 2144, with a diagnosis of Burkitt’s lymphoma. The extent of clinical information related to medications, procedures, ventilation, images taken, and placement of invasive lines throughout the days of the patient’s hospitalization is included within this report. Two separate visualizations were created using the EHR data to illustrate and monitor the progression of care during the hospitalization for the patient. One visualizes the types and timing of each major clinical treatment performed during the hospitalization; the other visualizes all of the medications that were used throughout the duration of the hospitalization. Results show that critically ill patients produce vast amounts of sensitive electronic health record data in a very short time frame. As soon as a patient is admitted, they can already be receiving multiple interventions, emphasising the need for correct, immediately available documentation for clinicians making decisions about how to proceed with a patient’s care. Healthcare facilities rely heavily upon secure and reliable access to these electronic records during the entire duration of a patient’s hospitalisation, as shown by the evidence of this report and clinical case study. From the literature and the case study, this report recommends implementing stronger cybersecurity safeguards, improved disaster recovery strategies, and maintaining secure backups of data, in addition to continuing to educate staff about cybersecurity awareness. The secure storage of EHRs is important not just for the sake of patient confidentiality but also for ensuring the continuity of care when providing medical treatment in times of emergency.
Introduction
In order to help improve patient care, communication, and decision-making in clinical settings, healthcare organizations are now more reliant than ever before on electronic health records and digital information technology systems. For instance, if someone sees a patient in an outpatient setting or if they are admitted to an acute care setting, all information regarding that patient will be stored electronically, including every encounter, prescription written, laboratory result, procedure performed, and provider notes. Therefore, healthcare providers can access very quickly all of the most critical care information they need to provide excellent patient care. (McAlearney et al. 2015) Although these new technologies represent significant improvements to efficiency and to patient outcomes, they have also created new challenges for hospitals, such as cybersecurity, patient privacy, and operational resiliency. As hospitals digitize patient information more and more with each passing year, protecting these systems has taken on the same level of importance as providing high-quality clinical care itself. (Rathert et al. 2019) Ransomware attacks on healthcare organizations are an ever-increasing threat, as noted in this week’s assigned article. The article suggests that Ransomware attacks against healthcare organizations have increased significantly over the past several years to the point where millions have had their protected health information indexed at risk due to an increase in these types of attacks, and the day-to-day operations of hospitals continue to be disrupted. In contrast to many industries that can stop operations while undergoing an active cyberattack, healthcare organizations rely on continually accessing EHRs for their physicians, nurse practitioners, etc., to treat patients, administer prescriptions, and coordinate care for patients. Consequently, when these patient safety systems go down, patient safety can be compromised. The article stresses that ransomware attacks have a significant impact on healthcare organizations, not just in terms of money. Hospitals that have been subjected to these kinds of attacks have experienced delays in providing care, cancellations of treatments, diversions of ambulances, and disruptions of day-to-day clinical practices as a result of the cyberattacks they have suffered. This has meant that, in addition to being purely an IT issue, cybersecurity has become a critical factor in the delivery of quality patient care and ensuring patient safety. Organizations using electronic health records, connected medical devices, and clinical decision support systems must continue to make the protection of health data a strategic priority. To illustrate the importance of protecting electronic health information, this report uses the MIMIC-III database to describe the clinical course of one patient who was hospitalized at the end of their life. Instead of examining large-scale trends among thousands of patients, the report presents an account of an individual patient’s experience in the hospital - including the time-stamped history of procedures performed on the patient, medications administered, and the patient’s clinical status in the ICU as they were being treated. In both of these examples, it is evident that a significant amount of electronic health record data is generated during a single hospitalisation and that modern healthcare providers have become increasingly dependent on reliable, secure EHR systems to provide quality patient care. Collectively, these studies provide strong evidence for the need to ensure that health data is protected in order to maintain patient privacy, assist with clinical decision-making, and facilitate coordinated care throughout the patient’s illness.
The Healthcare Context
Every day, an impressive quantity of electronic data is created by healthcare organizations. Information such as patient demographics, medication records, laboratory results, imaging studies, etc., is recorded electronically through systems like EHRs. These digital records make communication between providers easier, help to minimize errors in the medical field, and also facilitate faster clinical decision-making within a healthcare facility. However, as organizations rely more heavily upon digital health information than ever before, organizations that work in the health sector have become increasingly attractive targets for cyber criminals. Cyber security activities of ransom ware attacks are among the most prevalent forms of cybercrime targeting the healthcare industry. The author indicates that from 2016 to 2021, the number of ransom ware attacks targeting hospitals more than doubled and negatively impacted millions of patient records, while also negatively impacting the provision of routine clinical services. Many hospitals reported having to either delay or cancel surgeries due to these ransom ware attacks, as well as being forced to divert ambulances away from their hospitals because they couldn’t access patient medical information electronically or even temporarily disconnect their staff from using their electronic records. This demonstrates the direct impact of cyber security breaches on patients’ safety as opposed to creating disruptions of either a financial/technological nature.(American Hospital Association 2024) Recently, research has shown that ransomware is still a growing problem after many years in the healthcare industry. According to data from the American Hospital Association, Cyber Attacks are causing major disruptions in accessing vital information such as lab systems, medication administration records, scheduling tools, and diagnostic imaging. This impacts clinicians’ ability to provide timely and necessary treatment. Similarly, the American Medical Association emphasizes the need for reducing unwarranted documentation workload while maintaining a high degree of security with electronic records. Reducing unnecessary documentation while still enhancing security with electronic records will increase the efficiency of both healthcare providers and their patients. (American Hospital Association 2024) In terms of cyber security, healthcare organizations continue improving the usability of electronic health records. Research indicates that many healthcare providers experience frustration while documenting patient care due to excessive documentation, duplicate data entry and poor workflow processes, resulting in clinician burnout and an increased likelihood of errors in documentation. Thus, while incorporating cybersecurity into the design of healthcare information systems will be beneficial, it is also important for healthcare providers to be able to document patient care efficiently and accurately. (American Medical Association 2024) The patient described in this report illustrates how much digital information can be generated from a single hospitalization. In just a few days of being admitted to the hospital, there was an electronic record of the patient from the admission to the intensive care unit, the administration of medications, the documentation of procedures performed, radiological imaging studies that were completed, and many clinical interventions. Every event was recorded with a timestamp with precise accuracy, giving the healthcare providers the ability to trace through the patient’s history of treatment. While this documentation promotes the coordination of care among healthcare providers, it also demonstrates that protecting electronic health records must be considered of the utmost priority. Interruptions in the ability to access electronic health records, due to an electronic threat such as ransomware, could result in the clinician never being able to access a patient’s medication history or the documentation for procedures performed, thus leaving them with information necessary to make decisions regarding providing care. (Rathert et al. 2019) As healthcare organizations continue to advance with the use of electronic health records, artificial intelligence, and predictive analytics, organizations must maintain an adequate level of security for electronic health records and can provide accurate and accessible electronic health records to support continuing provision of care to patients during future technological disruptions from cyber criminal activities. Organizations need to invest in cybersecurity, provide training for all employees, develop disaster recovery plans, and secure data backup systems to protect the privacy of patients and ensure continuity of care after they provide care during an electronic threat. (National Academy of Medicine 2024)
Data Visualizations
By utilizing patient 40310 from the MIMIC-III database, this report depicts Patient 40310’s hospital experience by demonstrating what it means to accurately document each healthcare experience during the patient’s hospitalization through the utilization of electronic health record systems. Rather than examining thousands of different patients’ records, this report provides insight by reviewing a singular patient’s history throughout multiple phases of hospital care; this provides an example of the amount of data collected by organizations during a patient’s inpatient stay, regardless of how long or short it is. All medications prescribed, procedures performed, laboratory tests completed, and contact with other providers are documented electronically, down to the precise time and date of each action; thus, you can see how EHR systems document a patient’s clinical history together to provide the best quality of patient care possible. The patient was admitted to the Medical Intensive Care Unit on December 24, 2144, with a diagnosis of Burkitt’s lymphoma. The patient was insured through Medicaid, was listed as single, and remained in the MICU throughout the hospitalization. Despite receiving intensive medical treatment, the patient died on December 31, 2144, after approximately one week in intensive care. It can take a very short time to accumulate significant amounts of sensitive clinical information about a patient as demonstrated by this patient’s electronic health record. Within minutes of the patient being admitted to the hospital, clinicians had already created many entries in the electronic health record related to medications, procedures performed, radiology (or imaging) studies performed, and/or intensive care interventions. Each entry is time-stamped, which allows one to reconstruct a detailed chronology of the individual’s clinical state at the time of receipt of care and serves to reinforce the need for all health care organizations to have secure and dependable electronic health record systems.
Subject ID - 40310 Terminal Admission - Dec. 24–31, 2144 Diagnosis - Burkitt’s Lymphoma ICU Unit - MICU Insurance - Medicaid Marital Status - Single Outcome - Deceased
Figure 1. Clinical Procedures During the Patient’s Terminal Hospitalization
ggplot(data = myquery1,
aes(x = procedure_day,
y = procedure_count,
fill = ordercategoryname)) +
geom_col() +
labs(
title = "Clinical Procedures During the Patient's Terminal Hospitalization",
x = "Hospital Day",
y = "Number of Procedures",
fill = "Procedure Type"
) +
theme_minimal()This figure illustrates the main clinical procedures that took place during the patient’s terminal hospitalization. From this visualization, we see that the highest level of clinical activity occurred on the day of admission (December 24th). During that first day in the hospital, the patient required mechanical ventilation, peripheral IV access, an invasive line, many imaging studies, and various bedside procedures. The number of interventions done during that first day indicates that the patient arrived in a critical state and needed to be rapidly stabilized after being admitted to the MICU. The number of documented interventions did decline subsequent to the first day; however, clinical interventions continued to occur throughout the duration of the hospitalization. There were imaging studies and additional procedures performed in the subsequent days as the clinicians continued to evaluate the patient’s status and modify their treatment plans. The timeline demonstrates that the electronic health record documented not only the care delivered but also the specific timing of each intervention. This time-dependent documentation affords health care providers tracking of disease progression, coordination of treatments among multiple departmental clinical teams, and aids in determining the effectiveness of treatment over time.
Figure 2. Medication Activity Throughout the Terminal Hospitalization
SELECT date(startdate) AS medication_day,
COUNT(*) AS medication_count
FROM prescriptions
WHERE hadm_id = 157609
GROUP BY medication_day
ORDER BY medication_day;ggplot(data = myquery2,
aes(x = medication_day,
y = medication_count,
group = 1)) +
geom_line() +
geom_point() +
labs(
title = "Medication Activity Throughout the Terminal Hospitalization",
x = "Hospital Day",
y = "Number of Medications Started"
) +
theme_minimal()Figure 2 illustrates medication activity during the patient’s final hospitalization. Medication: The highest level of initiation occurred on the day of admission to the hospital and was due to the need for immediate, aggressive supportive care. The patient had a medication history consisting of Fentanyl Citrate, Midazolam, Propofol, Metoprolol Tartrate, Ondansetron, Sodium Chloride Flush, Multivitamins and Polyethylene Glycol. Most medications prescribed for this patient were frequently prescribed for critically ill patients to provide sedation, pain relief, cardiovascular support, symptom control, and ongoing supportive care. After the initial admission, there was a decrease in medication activity followed by an increase in medication activity a few days later. This finding suggests that while clinicians continued to adjust the patient’s treatment plan, they did so in response to the patient’s changing condition. By the last few days of the patient’s hospitalization, fewer new medications were prescribed, suggesting that clinicians transitioned toward ongoing management using previously established therapy options from earlier in the hospital stay. The data from these two visualizations provide evidence of an expansive amount of electronic information generated during just one week of inpatient care. Every medication order, procedure, and diagnostic intervention performed was electronically documented with an exact date and time stamp. These electronic medical records not only improve communication between members of the healthcare team but also strengthen clinical decision-making; therefore, access to electronic medical records has become an increasing priority due to the risk posed by cyber attacks, such as ransomware. In addition, if access to these electronic medical records were compromised as a result of a cyber attack, the clinician would lose access to critical information needed for immediate patient care. (McAlearney et al. 2015)
Recommendations for Industry
This study about a single hospital patient shows how much dependence modern hospitals have on EHRs and other electronic data systems. The patient stayed at the hospital for over 7 days, during which time they had thousands of pieces of electronic data associated with their medical records. This data includes: medications that were given, intensive care documentation, imaging studies, invasive procedures, and many time-stamped events related to the patient and their treatment. The volume of data demonstrates why protecting healthcare data is imperative for the protection of both a patient’s privacy and continuing the delivery of care to that same patient. (American Hospital Association 2024) Thus, healthcare organizations must continue to invest in robust cybersecurity programs that protect EHRs from ransomware attacks and unauthorized access. Healthcare personnel rely on immediate access to patient records when treating patients, so protecting EHRs is a matter of patient safety, not simply a matter of technology. Implementing network security measures, timely software updates, multi-factor authentication, and continuous monitoring will significantly reduce the likelihood of a successful cyberattack and preserve the security of sensitive patient data. The second step is to improve the disaster recovery and business continuity plans for hospitals to provide continued patient care through technology outages. Hospitals cannot experience delays in administering medications, performing diagnostic tests, or communicating with other providers of healthcare due to temporary interruptions in access to electronic health records. Safe patient care can be provided by hospitals even when systems fail unexpectedly if routine testing is performed on backup systems, emergency response procedures are in place, and offline access to core patient data exists. (National Academy of Medicine 2024) Regarding the healthcare provider’s work, the continued enhancement of the consistency and quality of clinical documentation will result in more effective communication between providers, improved clinical decision-making, and reliable evidence to support quality improvement efforts in the future. Improving the clinical documentation will benefit healthcare analytics by reducing the number of incomplete or inconsistent records. (McAlearney et al. 2015) Last, but certainly not least, healthcare organizations will also want to provide ongoing cyber security training and education to all employees. The bulk of successful cyber incidents are the result of human errors; therefore, healthcare organizations can mitigate their cyber risks and meet regulatory compliance requirements by conducting regular employee training around phishing emails, password sharing, and securely handling patients’ electronic health information. (American Medical Association 2024) Overall, this patient profile illustrates how much sensitive electronic health information can be generated from one hospital admission. Protecting sensitive health information is necessary for protecting patients’ privacy, supporting clinicians’ ability to make informed clinical decisions, and allowing healthcare organizations to deliver safe, high-quality patient care during cyber cybersecurity events.