Analysis Report Four - Health Privacy and Data Profiling

Author

Sebastian R. Mesa

Executive Summary

This report examines how Electronic Health Records (EHRs) support healthcare organizations with challenges related to caregiver workflows, patient privacy, and cybersecurity. The readings emphasize that successful EHR implementation depends not only on technology but also on strong leadership, caregiver engagement, and effective organizational support. External research reinforces this by demonstrating that well-managed digital health records improve patient outcomes while highlighting the importance of protecting sensitive health information from growing cybersecurity threats. Together, these sources show that healthcare organizations must balance accessibility, usability, and security to maximize the value of Electronic Health Records.

The patient profile developed from the MIMIC-III database shows how Electronic Health Records capture detailed information throughout a patient’s hospitalization, from admission to death. The visualizations highlight patient demographics, documentation activity across the hospital stay, and medication, showing how EHR data provides clinicians and administrators with valuable insight into patient care and caregiver workflows. These demonstrate that healthcare organizations can use patient-level data to evaluate documentation practices, identify workflow patterns, and support informed decision-making. By combining strong leadership, secure information systems, and data-driven management, healthcare organizations can improve caregiver efficiency, strengthen patient care, and ensure Electronic Health Records remain valuable tools for clinical and operational success.

Introduction

Electronic Health Records (EHRs) have become an essential part of modern healthcare organizations by improving the accessibility, organization, and management of patient information. When these systems are implemented and maintained effectively, they support better communication among providers, improve clinical decision-making, and contribute to higher quality patient care. As healthcare organizations continue to generate large amounts of patient data, Electronic Health Records have also become valuable tools for improving efficiency and aiding decision making. However, the growing reliance on these systems also increases the importance of protecting sensitive patient information and ensuring that healthcare organizations can securely manage this data.

This week’s articles focus on Electronic Health Records and the responsibilities that follow their usage. The article about HITECH Act Drove Large Gains in Hospital Electronic Health Record Adoption explains how federal incentives accelerated the adoption of EHR systems and transformed healthcare documentation (Adler-Milstein and Jha 2017). The remaining articles discuss healthcare organizations as they become more dependent on digital patient information. They must also address cyber security threats, data breaches, and privacy concerns to maintain trust and ensure quality of care. These articles show that successful Electronic Health Record systems require more than the implementation, but they also depend on effective leadership, strong data governance, and secure management practices that protect both clinicians and patients.

The Healthcare Context

Modern healthcare organizations now generate and manage enormous amounts of patient information every day, making data one of their most valuable clinical resources. From documenting diagnoses and treatments to coordinating care across providers, healthcare organizations depend on accurate information for both patient care and managerial decision-making. At the same time, the growing dependence on digital records has increased concerns surrounding cybersecurity, patient privacy, and responsible data governance (Neprash et al. 2022). As healthcare systems become more connected, admins must ensure that patient information remains both accessible for clinical care and protected from unauthorized access.

The articles show that managing healthcare information goes further beyond implementing Electronic Health Record systems. The Change Healthcare cyberattack shows how a single security threat disrupted an entire system from hospitals, pharmacies, insurance, and millions of people (Rundle and Stupp 2024). The other articles emphasize balancing accessibility and security by strengthening cybersecurity, following regulations, and continuing to grow patient trust. Together, these examples show that protecting healthcare data has become a responsibility shared by IT professionals and healthcare leadership.

The external research reinforces the articles by demonstrating that digital health records can improve patient outcomes when utilized effectively. The review with more than 1.6 million participants, Brands et al. Found that, “the use of patient-centered digital health records in nonhospitalized individuals with chronic health conditions is potentially associated with considerable beneficial effects on health care utilization, treatment adherence, and self-management or self-efficacy” (Brands et al. 2022). This suggests that healthcare information systems are not simply the catch-all for patient information, but useful tools that can support engagement, improve care, and enhance a patient’s wellbeing when managed successfully.

While digital records provide many benefits, they also introduce cybersecurity challenges. Kruse et al. Explains that “the healthcare industry in a prime target for medical information theft as it lags behind other leading industries in securing vital data.” (Kruse et al. 2017). Beyond protecting information from outside hacks, organizations must also protect patient trust by promoting confidentiality and offering full disclosure of information. Research on patient privacy found that those individuals who trust healthcare organizations to protect their information are significantly less likely to withhold important details, ultimately improving the quality and accuracy of EHRs (Iott, Campos-Castillo, and Anthony 2020). Together, these findings show that successful healthcare organizations combine effective technology, strong cybersecurity practices, and responsible leadership to maximize the value of healthcare data while protecting the patients it represents.

Data Visualizations

Electronic Health Records provide healthcare professionals with a full record of a patient’s history. This allows caregivers to monitor clinical conditions, coordinate treatment plans, and document important events throughout hospitalization. Rather than examining broad trends across a plethora of patients, the following visualizations follow a hospitalization from admission to death. By viewing one’s patient experience from admission to death shows how crucial of a role Electronic Health Records plays in supporting clinical decision-making. The following data visualizations show the patient, the hospitalization, and examine the treatments provided during the patient’s final days.

##Data Visualization One- Patient Profile

SELECT 
  patients.subject_id,
  admissions.hadm_id,
  patients.gender,
  admissions.admittime,
  admissions.dischtime,
  patients.dod,
  admissions.diagnosis,
  admissions.admission_type,
  admissions.insurance,
  admissions.marital_status,
  ROUND(julianday(patients.dod) - julianday(admissions.admittime), 1) AS days_admission_to_death
FROM patients
INNER JOIN admissions
ON patients.subject_id = admissions.subject_id
WHERE patients.subject_id = 10043
AND admissions.hadm_id = 168674

The first visualization shows the patient’s admission information such as admission type, insurance, and diagnosis. This helps explain why the patient is in the hospital, while demographic information gives extra context for interpreting the remainder of the patient’s clinical journey.

##Data Visualization Two- Timeline

SELECT
  ROUND(julianday(chartevents.charttime) - julianday(admissions.admittime), 0) AS hospital_day,
  COUNT(chartevents.row_id) AS chart_count
FROM admissions
INNER JOIN chartevents
ON admissions.hadm_id = chartevents.hadm_id
WHERE admissions.hadm_id = 168674
AND chartevents.charttime IS NOT NULL
GROUP BY hospital_day
ORDER BY hospital_day
ggplot(data = timeline2,
       mapping = aes(x = hospital_day, y = chart_count)) +
  geom_line() +
  geom_point() +
  theme_minimal() +
  labs(
    title = "Charted Events During Terminal Hospitalization",
    subtitle = "Patient 10043 from admission to death",
    x = "Hospital Day",
    y = "Number of Charted Events",
    caption = "Source: MIMIC-III Clinical Database v1.4"
  )

The second visualization shows the patient’s documentation throughout their hospitalization with the number of charted events recorded on each hospital day. This visualization highlights clinical documentation over the course of the patient’s hospitalization. It shows that documentation increased substantially from 700+ charted events on the day of admission to more than 1,000 on Hospital Day 1, before going down to about 300 events on the final hospital day. ## Visualization Three- Treatments

SELECT
  prescriptions.drug,
  COUNT(*) AS medication_count
FROM prescriptions
WHERE prescriptions.hadm_id = 168674
AND prescriptions.drug IS NOT NULL
GROUP BY prescriptions.drug
HAVING medication_count > 2
ORDER BY medication_count DESC
LIMIT 10
ggplot(data = treatments,
       mapping = aes(x = reorder(drug, medication_count), y = medication_count)) +
  geom_col() +
  coord_flip() +
  theme_minimal() +
  labs(
    title = "Most Frequently Documented Medications During Terminal Stay",
    subtitle = "Patient 10043 medication records in MIMIC-III",
    x = "Medication",
    y = "Number of Medication Records",
    caption = "Source: MIMIC-III Clinical Database v1.4"
  )

The third visualization shows the medications used during the patient’s hospitalization. The results identify the medications that appeared most often in the patient’s records, helping show how EHR systems organize treatment information for caregivers. This type of data is important because clinicians can review medications, recognize treatment, and coordinate care across different providers or departments.

Recommendations for Industry

Healthcare organizations should use Electronic Health Record data to monitor documentation activity, treatment patterns, and patients throughout a hospitalization rather than relying only on looking back through the data or even reviews. This report contains patient-level data that can help identify documentation workload, support staffing decisions, and improve caregiver workflows. Hospitals should also continue investing in caregiver training and leadership support to encourage successful EHR adoption and reduce resistance to new technologies. Finally, healthcare organizations must prioritize strong cyber security practices to protect the sensitive patient information contained within Electronic Health Record systems. Together, these strategies can improve caregiver efficiency, strengthen patient care, and maximize the value of Electronic Health Records.

References

Adler-Milstein, Julia, and Ashish K. Jha. 2017. “HITECH Act Drove Large Gains in Hospital Electronic Health Record Adoption.” Health Affairs 36 (8): 1416–22. https://doi.org/10.1377/hlthaff.2016.1651.
Brands, Martijn R, Samantha C Gouw, Molly Beestrum, Robert M Cronin, Karin Fijnvandraat, and Sherif M Badawy. 2022. “Patient-Centered Digital Health Records and Their Effects on Health Outcomes: Systematic Review.” Journal of Medical Internet Research 24 (12): e43086.
Iott, Bradley E, Celeste Campos-Castillo, and Denise L Anthony. 2020. “Trust and Privacy: How Patient Trust in Providers Is Related to Privacy Behaviors and Attitudes.” In AMIA Annual Symposium Proceedings, 2019:487.
Kruse, Clemens Scott, Benjamin Frederick, Taylor Jacobson, and D Kyle Monticone. 2017. “Cybersecurity in Healthcare: A Systematic Review of Modern Threats and Trends.” Technology and Health Care 25 (1): 1–10.
Neprash, Hannah T., Claire C. McGlave, Dori A. Cross, Beth A. Virnig, Michael A. Puskarich, Jared D. Huling, Alan Z. Rozenshtein, and Sayeh S. Nikpay. 2022. “Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016–2021.” JAMA Health Forum 3 (12): e224873. https://doi.org/10.1001/jamahealthforum.2022.4873.
Rundle, James, and Catherine Stupp. 2024. “Change Healthcare Said It Has Begun Notifying Healthcare Providers Affected by Its February Cyberattack.” The Wall Street Journal, June.