Tablets usage in the healthcare setting standard (12004-EN)

About the 12,004 Standard

This standard is being developed for the management over the use in healthcare facilities tablets.

** Note **: This standard was made for educational purposes by students in the program standards in health informatics at the University of Sherbrooke.

[[Toc]]

Introduction

Context

With the advent of electronic medical records (EMR) to support the activities of health professionals, many doors open in terms of mobile technologies that can be used to maximize the scope of using information technology to provide health care.

Among the different mobile technologies, the tablets are an attractive working tool for the following reasons: (1) They offer superior portability than laptops/desktops, and (2) they have a larger screen than smart phones, which facilitates the consultation of medical data and scanned images.

To facilitate technology adoption tablets internationally, various government bodies came together to develop an international standards articulating a common strategy for the integration of tablets with DMEs.

Parallel to the implementation of the use of tablets in care delivery, the standardization group was also mandated to articulate a strategy and action plan to ensure that the standards are met in production and as they evolve through time according to the needs of the health system.

Scope

This standard applies in the context of the provision, coordination and administration of patient care within a health system. The standard applies to all information assets belonging to institutions related to the health and social services. The objective of this standard is to support institutions in the development and implementation of a regulatory framework for the acquisition and use of tablets which would aim to improve the supply of services to users.

Prerequisites

The use of the term "tablet" in the context of this standard is pertaining to mobile computers for which the main interface is a touch screen. A tablet may operate under different operating systems such as IOS, Android, BlackBerry and Windows.

The implementation of the "Standard on the use of 802.11 wireless networks" in health institutions is a prerequisite for the implementation of this standard to ensure that the tablets have access to a reliable, fast and safe wireless network.

Simulation

The contents of this document is the result of a series of workshops, held at the University of Sherbrooke for the Standards in Health Informatics Microprogramme. The workshops are designed to simulate a committee of an international standardization organization, in which many countries are involved in the adoption of a new standard.

Contributors

Participants 2011

  • Andrew Marc Léger, Chairman of the Standards Committee
  • Hélène Blouin, Secretariat
  • France Desrosiers, Delegate of Canada
  • Yves Ferdinand, Delegate of Canada
  • Amiran Hassan, Deputy U.S.
  • Yvan Bao Loc Tran, Delegate of Belgium, Editor of the standard
  • Patrick Tremblay, Representative of Switzerland

Principles and rules of the standard

Governance

Guidelines

To ensure that the development and the use of the tablets are compliant to the standard, it will be necessary that all health facilities or organizations will ensure that there is a committee responsible for managing the organizational change while ensuring that appropriate monitoring mechanisms are in place to:

  • Disseminate and reinforce policies related to the use and the security aspects related to the use of tablets in the workplace.
  • Disseminate information and training material to ensure effective integration of this tool in production.
  • Re-evaluate periodically the relevance of the principles and rules of use according to the evolution of medical practice in healthcare institutions.
  • Provide support to users
  • Assess risks and opportunities related to the integration of the tablets throughout the changes of the technological infrastructure over time.
  • Evaluate the usability, performance and reliability of the hardware, their operating systems and their softwares.

Architecture

Guidelines

Although there are several methods for storing and exchanging clinical information, it is recommended that the various health institutions adopt a common standards shared at national level to build their information model. The following international standards have been selected as preferred standards :: (1) HL7 v3 to standardize communication between systems, (2) SNOMED-CT as the terminology dictionary to standardize across systems and (3) DICOM to transmit medical imaging information. This recommendation stems from the fact that it is preferable that the various health institutions working in the same country share a common information model to facilitate the exchange of information between different computer systems without altering the meaning of the information. Furthermore, the use of a homogenous information model will facilitate its use to support the management of clinical programs in the primary care setting and also the management of health systems, research and monitoring from a public health perspective. For establishments engaged in the Canadian context, it is also recommended to adopt the "Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0" published by the Canadian Institute for Health Information.

In order to realize the full potential of tablets as a mobile technology, it is imperative that tablets are able to be constantly connected to the the health facility’s EHR and that users can quickly access the latest clinical information and patient demographics. Moreover, the tablets must provide a satisfactory level of performance in terms of response time and ease of use.

The equipment should allow easy operation. Monitors must be legible simply to touch the tablet and stylus should be simple to handle.

The standard must be consistent with departmental guidelines and must be in line with the ISO27001 system for managing information security (continuous improvement).The security solutions recommended for future implementation and for current use in production use must be based on recognized standards and the services and solution must be provided by suppliers who can ensure their sustainability over time.

Rules

The tablet must be integrated with the information systems in production within the institutions. The developed or acquired applications must be modular and conform to local operating environments. The tablets must provide an interface that is able to exchange and display on the screen the information exchanged between multiple EHRs according to the standards in production.

The tablets must be able to connect to wireless networks according to the "Standard on the use of 802.11 wireless networks (12,002)" to access at any time clinical and patient demographics information. In addition, these interfaces should allow users to update in real time patient records. For the use outside of health facilities, the possibility of using cellular technologies to transmit data should be considered. The use of tablets should be subject to performance tests (response time, ease of use) with user groups to validate if the implementation of such technology will be able to meet their needs.

Healthcare facilities must ensure that the tablets have good battery autonomy and that there are infrastructural consideration for charging stations to ensure that an adequate level of energy availability for the tablets in order avoid any service disruption offered to patients.

The tablet’s ergonomics should allow comfortable use (a reasonable size and weight) for all users.

The equipment must be able to withstand normal use in its environment / context of use, including any disinfection protocol.

The health facility must promote the acquisition of business solutions for hardware and software infrastructure when manufacturers can demonstrate their viability over time to avoid any service disruption.

Security Policy and the protection of personal information

Guidelines

To ensure the protection of personal information and to reduce the risk of occurrence of certain adverse events (eg security breach), tablets terms of use rules should be implemented in order to properly regulate their use in production. Each establishments should develop a policy prohibiting use of tablets for storing any confidential information in the tablets.

The protection of confidential information and the guarantee to offer a level of security confidence to the user in terms of privacy protection are a prerequisites in investment decisions.

Rules

Personal Information Protection

To ensure that patient personal information is being consulted only the context of the provision of care, all tablets applications intended to exchange confidential information are obliged to:

Respect the standard for user authentication and session management according to "Standard passwords (12001)". This ensures that only authorized people can access sensitive information.

The tablets should be used as an interface that allows viewing and changing patient record data. No personal information should be stored in the tablet. However, application can store data that is not confidential (e.g. terminological dictionaries, the clinical databases, etc..)

The data transmitted through wireless communication networks must be encrypted to ensure security of information passing between point A and point B.

Clinical applications cannot access the electronic patient record outside of clinical network or VPN.

Applications or tablets must have at least one locking mechanism or self-destruction mechanism: it may be related to a successive authentication failure a user and / or it may also be initiated remotely by an administrator. This functionality will be helpful in cases of theft or loss of equipment.

Protecting the integrity of computer system

To ensure that the computer system is less vulnerable to external attacks and to preserve the equipment’s integrity used by clinicians, the following requirements shall be implemented:

The use of tablets should restricted to activities related to the health facility.

It is prohibited to install other applications on the tablet without the permission of a system’s administrator: only an administrator should be able to install a software on the tablets. However, health care organization should establish an application evaluation process to assess their relevance from an educational, clinical or administrative perspective.

The tablets should have robust authentication methods (eg biometrics, radio identification, etc.)

Regardless of the platform, all tablets must be protected by an antivirus recognized and approved through a local authority. The antivirus used should have daily virus definitions updates.

The tablet must be equipped with a GPS tracking system to enable real time geolocation functionalities.

Limitations

The limitations of this standard are yet to be determined.

Glossary

Antivirus Software : The antivirus software is designed to identify, neutralize and eliminate malware. These can be based on the exploitation of security vulnerabilities, but it can also be programs that modify or delete files (infected user’s document, essential operating systems files, etc.).

Database: A database is an organized collection of data, usually in digital form. The data is usually organized to model relevant aspects of reality, in a way that will supports the processes require this information.

Decryption : It is a data conversion procession that transforms encrypted data in its original form to make it understandable.

Data Element : A data element is referred to as any named unit of data which may or may not consist of other data items. In computer systems, a data element is a combination of characters or bytes referring to one separate item of information such as the patient ID number, sex, birth date, etc..

Encryption : This is a process that converts data into a form that is not easily understood by unauthorized people.

Virtual Private Network : The Virtual Private Network (VPN), is an extension of LANs that provides a safety standard in telecommunications.

Telemedicine : For the World Health Organization (WHO), Telemedicine is a component of medicine. It is part of the health professionals realm and "it is a health services enabler for healthcare professionals where distance and isolation is a critical factor by using information technology for diagnoses, treatment and prevention, research and continuing education. "

References +

[1] Wikipedia, “Tablette tactile”, 2012, http://fr.wikipedia.org/wiki/Tablette_tactile
[2] Intel, “Using mHealth to Work Smarter: Increasing Efficiency for Clinicians and Health Workers”, 2011, http://downloads.vertmarkets.com/files/downloads/ae49c3e3-e7ff-4c23-8a59-e9741a062e7d/usingmhealthworksmarter.pdf?cid=dcff10fa-d1a3-4210-9fe8-89372570cecc
[3] Future Shop, “iPad et tablettes : Ordinateurs tablettes”, 2012, http://www.futureshop.ca/fr-CA/category/ipad-et-tablettes/29958.aspx?path=ccb4a32b9b86926e4fd8a612fefcf563fr01
[4] Étudiants du cours de simulation - Cohorte 2010, “Norme sur l'utilisation de réseaux sans fil 802.11 (12002)”, 2012, http://wikinorm.wikidot.com/wlan-cf
[5] Étudiants du cours de simulation - Cohorte 2009, “Norme sur les mots de passe (12001)”, 2012, http://wikinorm.wikidot.com/motdepasse
[6] Institut Canadien d’Information sur la Santé, “Norme pancanadienne provisoire relative au contenu du dossier médical électronique en lien avec les soins de santé primaires, version 2.0”, 2012. http://secure.cihi.ca/cihiweb/products/PHC_EMR_ContentStandards_F.pdf
[7] CLEVACTI, "Réseau privé virtuel", 2012, http://www.techno-science.net/?onglet=glossaire&definition=3801
[8] TechTarget, "What is encryption? - Definition from Whatis.com", 2000, http://searchsecurity.techtarget.com/definition/encryption
[9] GeekInterview.com, "What is Data Element", 2008, http://www.learn.geekinterview.com/data-warehouse/data-structure/what-is-data-element.html
[10] Wikipedia. "Database", 2012, http://en.wikipedia.org/wiki/Database
[11] Wikipedia. "Télésanté", 2012, http://fr.wikipedia.org/wiki/T%C3%A9l%C3%A9sant%C3%A9
[12] Wikipedia. "Logiciel antivirus", 2012, http://fr.wikipedia.org/wiki/Logiciel_antivirus
[13] Santé et Services Sociaux Québec, "Cadre global de gestion des actifs informationnels appartenant aux organismes du réseau de la santé et des services sociaux - volet sur la sécurité", Septembre 2002, http://msssa4.msss.gouv.qc.ca/extranet/ri.nsf/49dd266bd183416e852566e2005c98b6/9c29ee7e5c5d42058525703b00725379/$FILE/Cadre%20global%20de%20gestion-volet%20securite_V2007-03.pdf
[13] Santé et Services Sociaux Québec, "Architecture d’entreprise du RSSS, Principes Directeurs [A200S]", 13 mai 2012, http://msssa4.msss.gouv.qc.ca/extranet/ri.nsf/a34ac77dcc23fcba802564680054de94/b227f72bbb19d63d852577f90047ddf1/$FILE/A200S%20Principes%20directeur%20VF.pdf

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial 3.0 License