Health Information Security

As part of MI227: Clinical and Laboratory Information Systems, we need to give our response to a sample scenario

You are part of a group practice that has decided to implement an electronic solution for clinical documentation. However, you have come across many horror stories regarding health information security that have led to failed clinical information system implementations. How would you prevent this from happening to your group practice?”

We are to create a list of questions that my group practice should be able to present to prevent horror stories regarding the failure in health information security.

  1. What is the type of Health Information System (HIS) our group plan to implement?
  2. What is the budget and time frame in building the HIS?
  3. What types of information will the HIS gather from the patients?
  4. Who will have access to the information gathered by the HIS?
  5. Will the HIS be hosted off-cloud or on-cloud?
  6. Will the HIS be custom built or bought off the shelves?
  7. How will the HIS be compliant with the Data Privacy Act of 2012?
  8. Where will the backup of the information be stored?
  9. Who will ultimately be liable in case of a data breach?
  10. What is the step-by-step plan in case of an event of a data breach?

These are just some of the questions that my group will present and try to answer in order to come up with a save and secured Health Information System.

Image from


#MI227 #HealthInformatics #MSHI #UPManila




Barriers to acceptance of Electronic Health Records (EHRs)

Barriers to acceptance of EHRs

For this week’s coursework in MI227, we will assume the role of a project manager for a Department of Health (DOH) project with the task of implementing a national Electronic Health Record (EHR) that all government hospitals will implement.

The main objective of the article by Albert Boonstra and Manda Broekhuis was to identify, categorize and analyze the barriers perceived by physicians to the adoption of Electronic Medical Records (EMRs) using a systematic literature review method. Among the eight main categories they identified, two – Organizational and Change Process – seemed to be mediating on the other barriers (Financial, Technical, Time, Psychological, Social and Legal). In particular, the change management perspective presents an opportunity to overcome the other barriers and assist in the implementation of EMRs.

The change process means that there will be a major change in the current system. Members of the government hospitals might already have their own system in place that works for them that they have been doing for years. A working electronic information system needs an organization-wide use of the new EHR in order to help all members be more accepting of the change process involved in using the EHR. Organizational support may be bolstered by incentives and the promotion of participation. If I were a project manager, I would first seek the “buy-in” of management in the promotion of an EHR system. I will also request the need for a team within the organization to promote the EHR within the organization. I will also request for approval for the use of incentives. For example, departments which actively use the EHR system may receive financial bonuses or the training sessions may come with company sponsored meals. One thing to consider is whether repercussions may be used to discourage absences from training sessions. Lastly, I would seek to engage “EHR Champions” who will be early adopters of the technology and will cascade the information down to their teams. These EHR Champions will be those who have influence within their teams and may be able to motivate others to adopt the EHR system.

As a Project Manager, I will also look at the organizational size and type of my organization in coming up with a strategy or plan for the EHR adoption. According to Boonstra and Broekhuis, larger practices have a higher EMR adoption rate than those in smaller practices because in larger practices, physicians have more extensive support and training systems. If my target government hospital were a small one, I would need to explore ways to give extensive support and training regardless of size. This may mean requiring the EHR provider to be on call for the support and training that will be needed. This may also mean hiring a full time technical support or officer to assist the personnel during the transition and afterwards.

The other barriers – Financial, Technical, Time, Psychological, Social and Legal – may be dealt with through a well-designed change management strategy and with full organizational support. Financial barriers in government hospitals may be overcome by getting the support of the board or management to seek additional funding or allocating resources. Technical barriers may be managed by putting in place the human resources who will train and support health personnel. Time, psychological and social barriers may be overcome by promoting a change culture. Legal barriers, particularly privacy or security concerns, may be overcome by putting in place the proper safeguards and ensuring that health personnel are adequately trained.

In sum, as a project manager, I will need to engage different stakeholders – management, my team, EMR providers and EHR champions – in the change management strategy. It is with their active participation and support that an EHR system can be fully and successfully implemented.




Boonstra, A., & Broekhuis, M. (2010). Barriers to the acceptance of electronic medical records by physicians from systematic review to taxonomy and interventions. BMC Health Services Research.


#MI227 #HealthInformatics #MSHI #UPManila



Barriers to the Adoption of EHR Systems in the Kingdom of Saudi Arabia

For this week’s coursework in MI227, I have focused on the article tackling the barriers to the adoption of EHR systems in the Kingdom of Saudi Arabia.

o    What are the key points of the article?

The article discussed the findings of a study conducted to identify the adoption of Electronic Health Records (EHR) Systems. The study used a Systematic Review of Literature based on 6 search engines namely, PubMed, EBSCO Host, Web of Science, ACM, IEEE and Google Scholar. Articles were limited to peer reviewed, empirical studies within Kingdom of Saudi Arabia (KSA). 12 studies were used by the authors which were extracted, analyzed, summarized and categorized empirical results related to EHR barriers.

Through the study, it was revealed that there are many barriers that hinder the implementation of an EHR system in KSA. These barriers are largely composed of (1) lack of computer experience, (2) lack of perceived usefulness, (3) lack of perceived ease of use by the healthcare professionals and (4) technical limitations. The article further discussed that the barriers may be classified into two categories based on the target of interventions to increase the adoption of EHRs —  individual-level adoption barriers, and organization-level adoption barriers. Individual-level adoption barriers or user-level adoption barriers refer to those which would hinder an individual healthcare professional from choosing to accept and use an EHR system. On the other hand, organization-level adoption barriers or authority-level adoption barriers refer to those which would discourage an organization from adopting and implementing an EHR system. The presence of individual or use-level adoption barriers has an impact on an organization as they affect “resistance to change,” which is an organization level barrier.

o    What lessons learned does it describe?

The identification of barriers is useful in assisting policy makers in planning and designing policies to increase the adoption of EHRs. It will also help EHR vendors in system development and marketing. For instance, because lack of familiarity of the medical staff with EHR was cited as the most frequently cited barrier, training programs on computer literacy would increase healthcare professionals’ adoption of EHR systems. To respond to the barrier of lack of perceived usefulness, proponents of an EHR system should strive to provide a clear understanding of the benefits of the e-health technology by its users. Future research should take into account these findings with a view to the development of an appropriate framework for the adoption of EHRs in the KSA.

o    How can this relate to the local setting in the Philippines?

A similar study to identify the barriers to adoption of EHR systems in the Philippines would be beneficial. Researchers may adopt the same methodology and see whether they would come up with the same result. Some of the existing challenges identified by the author by way of background – i..e the misdistribution of healthcare services, rapid population growth and the need for effective Chronic Disease Management (CDM) programs – are challenges that are similar to what the Philippines faces. It would be of great interest to know whether a Philippine-focused study will also yield the same results as KSA on the barriers to entry. If so, Philippine policy makers and EHR proponents may find it useful to keep track of how KSA responds to these barriers in coming up with its own framework for the adoption of EHRs.



  1. Alqahtani, Asma, Crowder, Richard & Wills, Gary., Barriers to the Adoption of EHR Systems in the Kingdom of Saudi Arabia: An Exploratory Study Using a Systematic Literature Review. 2017 July 09. Vol. 11 No. 2, 2017. Journal of Health Informatics in Developing Countries.
  2. Raposo VL. Electronic health records: Is it a risk worth taking in healthcare delivery? GMS Health Technology Assessment. 2015 Dec 10;11.
  3. Hillestad R, Bigelow J, Bower A, Girosi F, Meili R, Scoville R, et al. Can electronicmedical record systems transform health care? Potential health benefits, savings,and costs. Health Affairs. 2005;24(5):1103–17.


#MI227 #HealthInformatics #MSHI #UPManila



The Tardis Technician, aka MS Health Informatics Student.

A person can choose to never stop learning and this is the philosophy that I have adopted. I graduated from college more than ten years ago but since then, education, whether formal or informal, has and will always be a part of my life. My career can be said to be quite a curious one – I have an industrial economics degree, which I’ve applied in two industries, namely the automotive and hotel industries, and I also have a bachelor’s degree in nursing and I’ve worked in hospitals and aged care facilities. While these fields, at first glance, appear dissonant, I’ve learned that the skills in one can also be applied to the other. In particular, in my operations experience in the automotive and hotel industries, I have seen the advantage of the use of technology and believe that this can be used to an advantage in providing greater benefit in providing better patient care. It is this intersect — that of medicine and technology — that I would like to focus on and develop myself professionally. It is a direction where I can harmonize and apply what I have learned in my current and past roles. It is a field that is of extreme interest to me, not only because of its potential but also because I believe it is where I will develop my strengths. I have a natural inclination to the use of technology as I recognize, and have availed of, its benefits. At the same time, I feel fulfilled when I work in the medical field. It is challenging and rewarding to be directly responsible for the care and happiness of each patient that I have assisted.

Self-directed learning as a method of instruction is ideal for post-graduate studies. A more mature student can be trusted on to take initiative in seeking out answers and not merely relying on others to provide them. Education is as much the process as it is about the outcome. Self-directed learning promotes resourcefulness and discipline. It also makes the student accountable for his education. Because the student has actively chosen the path of his studies, he places a greater value on what is learned. In the modern world, it also creates an opportunity for a student to explore and develop his own interests and to adapt his studies to real world scenarios and experiences.

I lived in Australia for an extended period, during which, I took the opportunity to observe how hospitals and health care facilities used facilities to the benefit of patients. The use of technology helped in minimizing waiting time, assisted nurses and doctors in their tasks, improved efficiency and accuracy. This use of technology was not exercised not only in the high-end facilities but also in public hospitals. In stark contrast, I also worked in a Philippine local government hospital where I witnessed that there was a lack of resources, leading to problems such as not having a standard method of information data-gathering and patients experiencing delays in receiving medical attention. I would like to explore whether the prevalent use of technology, such as in Australia, can be replicated to some extent by our public hospital and facilities.  With this in mind, I’ve considered the following as possible areas of research: (A) because I’ve seen how long it can take to verify and re-verify the patient coming from one hospital to another, whether there can be a standardized system of patient information gathering and sharing among and between government and private hospitals – i.e. whether it would be possible for the hospital industry in to share a secured database for all the patients in the country, which would minimize the time it takes for patients to be admitted from a one hospital to another, may it be private or government; (B) maximizing mobile technology in improving patient care. Mobile technology such as tablets and smartphones have become affordable thus increasing accessibility.  This would be of particular help to low budget hospitals and health centers that would not have the capacity to purchase computers. I would like to know if there is a way to use this kind of mobile technology as a tool in improving the much needed improved data gathering of patient information and data access to help minimize the waiting time of each patient from the time they arrive in the medical institution until they are diagnosed and treated by the doctors; (C) whether mobile technology can be used by a barangay health center in monitoring data of its constituents, which would enable local government officials to: (i) ensure that it has the proper resources for the needs of its people such as medicines and equipment, and (ii) to promote the appropriate education/awareness campaigns and programs. I am hoping that in the course of my studies, I can get advice on which of the foregoing would be the most worthwhile pursuing or if these preliminary ideas can be further developed and formed into clearer research topics.


#HealthInformatics #MSHI #UPManila #Welcome2017!



Bigger on the Inside: A TARDIS view of Health Informatics

A TARDIS or Time And Relative Dimension In Space is a fictional timemachine and spacecraft that appears in the British science fiction television program Doctor Who (1). As a Whovian (Doctor Who fans), I found it interesting to use this reference in starting my blog for my introductory subject for Health Informatics in MS Health Informatics in UP Manila. Thus, this blog TardisTechSupport was born.

The most peculiar feature of the TARDIS is that it is bigger on the inside than the outside. The outside of the TARDIS is a plain old school color blue Police Box from the United Kingdom. But when one steps inside the TARDIS, one can be awed as to how big and spacious it can be, with the big control room at the center of the room. For Whovian, I subscribe to the thinking in the image found below — “I think Inside the Box. Because it’s bigger on the inside.”


image from:

Tardis Exterior

tardis-exterior-2010image from:

Tardis Interior

tardis-interiorimage from:

I think that Health Informatics can be said to be similar to the TARDIS, wherein one may think that it is just a small subject to tackle (like a simple unassuming police box), but once you get inside, there are a lot of space and information that one can explore just to understand the subject more.

I started this subject just a few months back and I can say that I still have a lot to explore on this subject matter.

The first blog I started on with this subject was “The ever changing world of Informatics, Global Health and eHealth.” Informatics, Global Health and eHealth were defined in the blog, but the relevance of each one can be seen in the Concept Map shown below. We started with the concepts of public health and international health to give us Global Health. Global health combined with Informatics will give us eHealth. Lastly, moving forward from eHealth along with new technologies will bring us to the future of eHealth.


image from:

We then moved on to the Future of eHealth, but more specifically the “Future of Health Informatics in the Philippines”. In this entry, I discussed the 3 major issues that impede the progress of health informatics and gave proposals to promote widespread use and accessibility, awareness, ease and comfort of use, and beneficial use and efficiency. (2) This can be clearly seen on the infographic below.


image from:

Along the way, we also discussed the status of health information systems in developing countries as well as the governance and management in health informatics. We identified some steps to achieve the advancement of health informatics in the Philippines, namely:

  • The eHealth be part of the official curriculum of medical students
  • Formal training to be given to medical staff
  • Identification and adoption of best practices
  • Tailor-fitting health informatics to the Philippine situation

Another interesting topic that was discussed was the establishment of the Philippine Health Information Exchange thru the partnership between the Department of Science and Technology (DOST), Philippine Health Insurance Corporation (PHIC) and Department of Health (DOH). The Philippine Health Information Exhange (PHIE) is a health informatics system that will allow the operation and accurate use of data from various institutions and health facilities around the country. Below is the flowchart on how the PHIE will handle the shared health information among and between different health providers.


image from:

Enterprise architecture in healthcare is one of the lengthier and harder topics to discuss in Health Informatics. In the enterprise architecture entry, I summarized the type of enterprise architecture frameworks available and chose which one would be the best applicable to the health sector. Some of the enterprise architecture compared are Zachman Framework, The Open Group Architecture Framework (TOGAF), the Extended Enterprise Architecture Framework (E2AF) and the Generalised Enterprise Reference Architecture and Methodology (GERAM). Among these 4 types, The Open Group Architecture Framework (TOGAF) is the best suited for the Philippine Health Information System.

The idea of Electronic Health Records was the first thing that came into my mind when I applied for the Masters in Health Informatics. It showed how limited my knowledge of health informatics before entering this course. As soon as I opened the doors, it became clear that I am barely scratching the surface on this field. Under this topic, I’ve learned other names for “Electronic Health Records”, namely, Automated Health Records, Electronic Medical Records and Computer-based Patient Record. Regardless of how the system is called, it is important to recognize that the records must be organized primarily to support continuing, efficient and quality health care. Each system must also continue to meet legal, confidentiality and retention requirements of the patient, the attending health professional and the healthcare institution. The World Health Organization listed some issues and challenges in using Electronic Health Records: (3)

  • Unique patient identifier must be addressed before moving forward to automation
  • Clinical data entry issues and lack of standard of terminology
  • Resistance to computer technology and lack of computer literacy
  • Strong resistance to change by many health care providers
  • High cost of computers and computer systems and funding limitations
  • Concern by providers as to whether information will be available on request
  • Concerns raised by the healthcare professionals, patients and the general community about privacy, confidentiality and the quality and accuracy of electronically generated information
  • Quality of electronic healthcare information and accuracy of data entries
  • Lack of staff with adequate knowledge of disease classification systems
  • Manpower issues – lack of staff with adequate skills
  • Environmental issues – electrical wiring and supply of electricity, amount and quality of space needed for computers, etc.
  • Involvement of clinicians and hospital administrators

After the Electronic Health Record topic, we moved to Personal Health Records. We focused on an electronic application used by patients to maintain and manage their health information in a private, secure, and confidential environment. For this topic, we tested out different Personal Health Records mobile applications. Being an iPhone user, I searched the AppStore and narrowed it down to 5 applications, namely, onpatient PHR, Healthspek, FollowMyHealth, Health Tracker and Manager for iPhone and Teledoc Member. Among these 5, I chose FollowMyHealth as my top Personal Health Records app. All applications have their advantages and disadvantages, but FollowMyHealth outweighs the advantages over its disadvantages. The image below is the sample format of the FollowMyHealth mobile application.


image from:

Standards and Interoperability as a subject matter is concerned with the concept of healthcare institutions in adopting standards to ensure its interoperability due to the rising cost of healthcare. Aside from lowering costs, “Interoperability will bind together a wide network of real-time, life-critical data that not only transform but become health care.”(4) ICD-10 or International Classification of Disease Version 10 is another subject that I am looking forward to taking next semester. ICD-10 is a set of codes that hold critical information about epidemiology, managing health and treating conditions.

Another topic discussed within the course is the Clinical Decision Support and an example is CHITS-EMR or Community Health Information Tracking System-Electronic Medical Records. This is an open source electronic medical record system designed to run in public health centers and rural health units. CHITS-EMR has built-in modules for general patient consultations scheduling, maternal care services, child care, family planning and reporting features for the Department of Health (DOH) Field Health Service Information System. CHITS-EMR runs over a local area network (LAN) installed inside the health center and accessible to computers installed within the health center.


image from:

Under the Knowledge Management and Information Retrieval topic, we discussed a sample local public health problem that can be solved by the proper and targeted information education and dissemination to individuals to achieve the intended results of the healthcare program. In this entry, we discussed how knowledge management can benefit the vaccination system and scheduling of parents and children.

Legal and ethical issues also exist in Health Informatics. We discussed how on “privacy, confidentiality, security and trust”in relation to the policies that need to be put in place to protect the Filipino patient’s privacy and confidentiality of health information. A question arose as to whether the Data Privacy Act of 2012 was adequate to protect confidential health information. These 2 blogs were combined as a single blog answering both driving questions. The Data Privacy Act of 2012 is a policy promulgated by the lawmakers to protect the privacy and confidentiality of health information of the patient. In my view, the law is adequate to protect the confidential health information of the patient. Images posted by the facebook page DataPrivacyPH shows Section 16 of the Data Privacy Act of 2012. The following images are owned by DataPrivacyPH.


images from:

For the topic on Telehealth, we focused on the 2 pending bills involving telehealth, the Telehealth Act of 2012 and Telehealth Act of 2014. I  chose 2 sections and suggested revisions on the said sections. I chose the sections on databases and privacy as these two parts are intertwined with one another. Databases will contain vital and confidential information of the patients, thus the privacy of said information is of utmost importance. Some suggestions revolved  the need to properly secure the databases of the patients as well as ensuring that the privacy thereof will not be compromised. The penalties for the breach of said databases and privacy will be a great deterrent for breach and will ensure that the providers and personnel will handle the medical records of each patient with importance and security.

The last topic for Health Informatics is mHealth or Mobile Health. For this. we were tasked to plan our own mobile health application and discuss how the contents and features of our own mobile application will benefit the patients or individuals targeted for the said mobile application. As for my mobile health application, I decided to make one designed specifically for elders and senior citizen use. From my personal experience, I saw firsthand the likelihood that our elders would sometimes forget the medical documentations and instructions for their care. This application will ensure that the information will not only be transferred from the medical provider to the elderly patient, but to the relatives as well. The relatives must be authorized by the elderly to be able to have access to his/her medical information, otherwise this can be seen as a breach of doctor and patient confidentiality. The main reason that I decided to focus on this application is to minimize the mistakes that elders and seniors are prone to committing when they are visiting their doctors alone or with an assistant who might also be not familiar with handling the instructions of the doctor. The image below shows how I want the mobile application to look after development.


image from:

And this is where I will end this blog series. Health Informatics is indeed bigger on the inside than the outside, once you enter through its doors. I plan to continue updating this blog whenever I encounter anything interesting or novel that is relevant to Health Informatics. There are new paths to cross in this field in the same way that some areas inside the TARDIS are still unexplored.

#MSHI #HI201




  2. Marcelo A. Health Informatics in the Philippines. APAMI/MIST 2006 yearbook.
  3. Electronic Health Records: A Manual for Developing Countries. World Health Organization, 2006.
  4. Brailer DJ. Interoperability: The Key to the Future Health Care System. Health Affairs; 2013 [Online]. Available from: Accessed on: 29 January 2013


Mobile Application for Senior Citizens and Family Members to assist in the regular doctor visits of the patient.

From my personal experience, our elderly relatives and senior citizens have a higher risk to loose documents and papers when they hold or keep them. A regular checkup with a medical doctor will, with the minimum, give instructions on when is the next visit. There will be other instructions like the possible medications, when and how long to take them. These things are usually listed down on prescription pad by the medical doctor. The use of this application is to transfer the data from the hard copy prescription pad into the soft copy on the mobile application. This will provide a soft copy of all the medical documentation of the patient regarding the last visit, medications and schedule of next visits. Family members will have an actual interface and data in their phones so as to monitor the medical data of their elderly members of the family. The data inputted can only be edited and updated by an assigned designated family member, authorized doctor or authorized nurse in updating the information. The senior cannot update the said information without the help of another individual to avoid accidentally removing important medical information given by the doctor or the healthcare provider. Interface will be provided with big fonts and easy to read. The data will be able to sync among the allowed devices connected to the primary device of the elderly or senior person. This application will work with either a mobile phone or tablet. This will also be available in both the Android and iOS operating system.












#MSHI #HI201