Faculty of health and Applied Sciences Name

Faculty of health and Applied Sciences
Name: Ndilimeke K Elia
Student number: 216075181
Program: Health Information System Managent
Course name: Policy issues in Health Information
Lecture name: Mr. Jomin George
Topic: Existing policies related to HIS at Ministry of health
Due date: 23 April 2018
Contents
TOC o “1-3” h z u HYPERLINK l “_Toc512217958” Introduction PAGEREF _Toc512217958 h 3
The existing policies related to Health Information Systems PAGEREF _Toc512217959 h 3The level of adherence to policies PAGEREF _Toc512217960 h 4Interoperability PAGEREF _Toc512217961 h 5Data exchange among programs PAGEREF _Toc512217962 h 5Interoperability among Facilities PAGEREF _Toc512217963 h 5Interoperability between Facility and Ministry of health and social services PAGEREF _Toc512217964 h 6The barrier for data exchange PAGEREF _Toc512217965 h 6Security PAGEREF _Toc512217966 h 6Privacy PAGEREF _Toc512217967 h 7Confidentiality PAGEREF _Toc512217968 h 7Recommendations PAGEREF _Toc512217969 h 8References PAGEREF _Toc512217970 h 9
IntroductionHealth Information System is the system that is used in Namibia to gather record, report and analyze health data from all government health facilities. According to (Forms Instructions and Reference Manual, 2000) the system was last updated in 1995 and it is called Namibia Health Information system (HIS 2000 or HIS2K). The system contains several forms for various programs that are used to capture and report data. There are no documented policies that guide staffs on how to use the system but they are guided by Namibia strategic plan as well as Forms instruction and reference manual 2000. The purpose of this report is to discuss the existing policies related to Health Information Systems and the level of adherence , interoperability and health information systems exchange among health facilities, the barriers of data exchange, how those policies address the elements of security, confidentiality and privacy and finally, the recommendations.
The existing policies related to Health Information Systems
According to HIS officers at ministry of health, there are no documented policies that are guiding them. They only depend on the National strategic plan, forms and instruction manual reference manual, World Health Oganisation HIS system assessment criteria and HIS policies of other countries such as Malawi. Those documents contain only the instructions on how and when to submit reports, how to collect data using a certain forms and how to present data. Each program has it its different form for data collection and its instructions on how activities will be carried out priority diseases. According to Malawi Ministry of Health, (2015), the HIS policies patterning to data collection, dissemination, storage, compilation, analysis and assessment are as follow:
All health data shall be recorded in relevant paper or electronic registers at the time of event.

In order to ensure interoperability and data integrity, all systems used for data collection and/or management (electronic- and paper-based) including Electronic Medical Records Systems shall be designed and managed in compliance with approved national standards and guidelines on health data management.

Programme coordinators shall in collaboration with HISM staffs to ensure that all programme-specific reports are complete, timely and accurate.

All health facilities shall submit data regularly to HMIS office at the District Health Office in accordance with approved data collection procedures in place.

In all HIS operations, efforts shall be exercised to protect the clients’ rights in line with prevailing data privacy and confidentiality policy, without compromising safety and knowledge sharing.

Each facility is obliged to maintain adequate physical security of patient records and secure access to storage areas.

Each individual responsible for recording data shall also be responsible for daily aggregation of the data in the approved format.

Designated focal points shall be responsible for compiling data from multiple sources and generating detailed and summary report for the facility/institution.

Each Health Institution shall to the extent to which it is possible, conduct appropriate analysis that responds to the key health system performance questions which include Utilization, Coverage, Efficiency, Quality, Safety and Equity of services delivered.

The head of the facility and all administrative offices shall be fully accountable for the quality of data that he/she reports or disseminates.

Both paper-based and electronic data shall be verified and approved prior to release or reporting to the next level.

All health facilities shall submit on a regular basis health statistics in line with routine reporting policies and procedures, and stipulated submission deadlines which in case of Namibia , before 5th of the month following the end of the reporting month.

All sharing of patient personal identifiable information with third parties by public health facilities, private health facilities, insurance companies or individual health practitioners shall be done only with written consent from the patient or their care givers where the patient is a minor.
Use of data shall be limited only to the purpose it was intended for at the time of request.

The level of adherence to policiesMost of those policies are followed in Namibia but not really as sometimes reports are not submitted on the exact date set, Facilities are still using different version of forms during data collection, some are using new forms while some old forms. However, few policies are strictly followed such as sharing of patient personal identifiable information; names of patients are darkened so that they cannot be read by unauthorized person. Data is only used for the purpose of why it was collected and shared only with authorized entities.
InteroperabilityAccording to HIMSS Board of Directors, 2013, interoperability is defined as the ability of different information technology systems and software applications to communicate, exchange data, and use the information that has been exchanged. Or it can be referred to the ability of health information systems to work together within and across organisational boundaries in order to improve health status and to effectively deliver healthcare to individuals and communities. Interoperability is divided into three levels of health information technology interoperability namely: Foundational/ Technical, Structural and Semantic. Foundational interoperability allows data exchange from one information technology system to be received by another without the need for the receiving information technology system to interpret the data, Structural interoperability is an intermediate level that defines the structure or format of data exchange and prevent unnecessary alteration while, Semantic interoperability allows two or more systems to exchange information and to use the information that has been exchanged.

Data exchange among programsThe level of interoperability among different health information systems is very poor because most of the systems used in healthcare facilities don’t communicate to each other. Each program or services such as Antenatal Care, Family Planning, PMTCT program, Immunizations, Weight Monitoring, Outpatient Department diagnoses and services, Inpatient Department Discharges for adults, TB and HIV/AIDS operate separately and they don’t exchange data electronically. Each program has it is own monthly summary report form were data will be entered in facilities and then sent via email to district office for validation and completeness, then sent to regional office and finally to the ministry of health and social services. TB data cannot be accessed by officers dealing with HIV/AIDS program, unless they will request data via email and sent to them via email.

Interoperability among FacilitiesThere is no interoperability among health facilities systems in Namibia. Health facilities use stand- alone systems that can be either accessed by the doctors or nurse in certain office or within the same health facility. Health professionals cannot access patients’ information recorded during patient’s visit at a different facility; they only check what is written in the patient’s health passport in order to see what was previously done to the patients. Facilities working on the same program such as HIV/AIDS program do not exchange data, each facility has it is form which is only submitted to the district, but it cannot be shared with other facilities. For example Katutura hospital HIS officers cannot access data that was recorded in Windhoek Central hospital, unless they will request it via email and then sent to them via email.

Interoperability between Facility and Ministry of health and social servicesThe ministry access data for all facilities through District Health information Systems 2 (DHIS2) whether they want to view it at facility level, district level, regional level or national level. After all facilities submitted their forms to the regional level, they are entered into the DHIS2, which is a web- based application and became available to all users that have access to DHIS2. So far, only Malaria program that capture data with the tablets which automate data to the DHIS2 while other programs do it manual through forms. His officers at ministry are able to compare data for a certain disease such as hepatitis E from different facilities as all facilities data is readily available in the DHIS2.

The barrier for data exchangeDue to the stand- alone system used in different facilities, data exchange become a challenge. Although, MoHSS implemented Namibia Health Information system in recent years, this system is not working right now due to lack of trained staffs, skills and Knowledge on how the system operate or work. The training was offered to selected staffs so that they can go train others on how to use the system, but, because of lack of interest on the training among selected candidate, they did not acquire knowledge so the system becomes in active when the system vendor’ s contract finished. Other barriers are: Multiple versions of the same form at health facility level that confuse and burden health care workers and compromise data quality, Disparity of forms, indicators and data elements used in collecting and reporting data makes it difficult to exchange data among facilities. There is lack of resources such as Finances, human/staffs to capture data and lack of transport to move forms from one facility to another facility. This challenge has also affect the timeliness of data as forms needed for reporting do not reach at the correct destination on time. Some donors fund certain program and require health facility to use their system to collect data and at the end of the day that data will not be available in the MoHSS system but to the donor ‘system such as UNISEF or WHO.

The level of security, confidentiality and privacy (American Medical Association, 2012)
SecuritySecurity are measures put in place to physically and electronically protect the integrity, availability, and confidentiality of computer-based information and the resources used to enter, store, process, and communicate it. The HIS officers has installed the audit trails program that help the organizations to monitor who has had access to patient information, track all system activity, track the date and time the user access the system. Alerts are often set to flag when someone accessed the DHIS2, it display the message with the person’s name that he/she is online.
The system administrator also restricts access to certain information through username and passwords. Every individual has only access information related to his/her job descriptions and when try to access the DHIS2, it require him/her to enter the username and password. They also hide tools that contain information that is not related to user’s job description. For example HIS interns can only see tools such as data entry, data capture, event reports, reports in the DHIS2, but not Add users and add users job description as they have no right to add or remove user from the system. The DHIS2 system can log off automatically after 30 minutes when left unattended to prevent unauthorized users from accessing the system information. MoHSS bought a SSL certificate that help to keep data secured into the server that stored in the office of the prime minister.
PrivacyAccording to Richard Rognehaugh as cited by (American Medical Association, 2012) Privacy is “the right of individuals to keep information about themselves from being disclosed to others; the claim of individuals to be let alone, from surveillance or interference from other individuals, organizations or the government”. Health professionals are not allowed to release or disclose Patient information to others without the patient’s permission or as law, unless Information is going to be used for treatment, payment, or administrative purposes. Health professionals are not allowed to disclose information such HIV status to the family member unless the patient gave him/her permission to do so. Health information System officials should restrict access to authorized staff to protect the confidentiality and privacy of the patient/client.
ConfidentialityConfidentiality is process were by the users access to information is controlled or limiting who can access certain information. It includes the how personal information can be used, disclosed, or released. For example, information can only be disclosed to the third parties when individual gave his/her consent. In order to keep patient information confidential in DHIS2 access are only given to authorized users depending on their job descriptions. Once information is entered into the DHIS2, it cannot be changed by someone else other than the person who uploads it. Other users can only retrieve, view and generate report without manipulation of data; otherwise the system will reject and alerts the user that he/she cannot change data. In case of paper based records, the names of patients on the forms are darkened so that person working with those forms cannot see which patient is suffering from what. Health workers are not allowed to take any patients’ records home so that information can be kept confidential.

RecommendationsThe ministry of health should create necessary policy and regulatory environment and to define a legal framework for information management and reporting in the health sector and document them.

System administrator must implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

The ministry must ensures that all staffs have received enough training on how to utilise security measure such as encryption controls to protect transmitted data over a network.

The ministry should avoid to too many vertical programs collecting information independently as it compromise the quality of data.

The ministry should employ highly skilled technicians so that they will interoperate the existing systems and choose the most integrated systems.

Facilities should use same forms, data elements and indicate during data correction and reporting in order to avoid data quality issues such as incomplete data, collecting irrelevant data or missing data.

Time for auto- log off should be reduced to at least 10 to 15 minutes because 30 minutes are a lot and anybody can sneak into the office steal confidential data.

Employees should adhere to interoperability standards such as messaging standards, terminology standards, document standards, conceptual standards, application standards and architecture standards so that integrated systems can easily exchange data.

System administrators should implement audit trails to track all system activity, generate date and time stamps for entries; detailed listings of what was viewed, for how long, and by whom; and logs of all modifications to electronic health records.

IT staffs should ensure that screen shorts are disabled and USB ports are removed/ blocked.
ReferencesAmerican Medical Association (2012). Electronic Health Records: Privacy, Confidentiality, and Security. Volume 14, Number 9: 712-719. Retrieved from http://journalofethics.ama-assn.org/2012/09/stas1-1209.htmlHIMSS Board of Directors (2013). Definition of Interoperability. Retrieved from http://www.himss.org/sites/himssorg/files/FileDownloads/HIMSS%20Interoperability%20Definition%20FINAL.pdfMalawi ministry of health (2015). Malawi National Health Information System Policy. Retrieved from https://www.healthdatacollaborative.org/fileadmin/uploads/hdc/Documents/Country_documents/September_2015_Malawi_National_Health_Information_System_Policy.pdfWorld Health Organization (2012). Framework and Standards for Country Health Information Systems. Dada management, P38, 2nd Edition. Retrieved from http://www.who.int/healthinfo/country_monitoring_evaluation/who-hmn-framework-standards-chi.pdf