• Governance
  • There are twelve trends in identity governance and access management

    Imaginative innovation underpins eHealth. While it’s like Hollywood film director Frank Capra’s concept of “Don't follow trends, start trends,” it still has trends that many health systems need to follow:  Ponemon Institute set out its findings in Global Trends in Identity Governance & Access Management, sponsored by Micro Focus. Its aim’s to understand two ICT themes. One’s organisations’ capacity to protect access to sensitive and confidential information. The other’s to identify what they believe’s needed to improve protection and security. It identified twelve trends:

    1. Employees are frustrated with access rights processes, and ICT security’s seen as a bottleneck
    2. Responding to requests for access is considered slow
    3. Control over access management is decentralised
    4. Some technologies are important in meeting ID governance and access management requirements
    5. A single-factor authentication approach isn’t effective now
    6. Integrating machine learning within ID governance solutions’s critical for 64% of respondents
    7. Enforcing access policies consistently across all information resources is most difficult information task
    8. End users have more access than they need
    9. Migrating to mobile platforms affects access management
    10. New threats created by disruptive ICT reduces organisations’ ability to mitigate governance and access management risks
    11. Managing access in the Internet of Things (IoT) is a concern.
    12. Effective ID governance and access management across the enterprise is achievable.

    These comprise components of eHealth strategies and governance. Africa’s health systems’ eHealth governance boards should consider each of these, provide an assessment of their implications and requirements and convert them into eHealth project plans. It’s important to catch a trend before it disappears over the horizon.

  • Good eHealth governance takes time

    If good eHealth governance’s tedium, arduous, drudgery, painstaking diligence a seemingly endless chore, as an article in Healthcare IT News says, why should Africa’s health systems bother with it? A team from University of Mississippi Medical Center (UMMC,) Dartmouth-Hitchcock Medical Center  (DHMC), RelayHealth and Dartmouth Analytics Institute explains why at length. Both perspectives are important for developing Africa’s eHealth governance.

    First, it’s the most important analytics strategy for healthcare. It’s a view most notably from people who’ve succeeded with it.

    Since eHealth governance was set up, UMMC’s eHealth team’s productivity increased enormously. Over some 14 months, five report writers have produced 40 data visual apps. It’s been achieved because eHealth governance set their working rule explicitly and clearly, so removed the need for them to seek a stream of clarifications about their projects.

    Good eHealth governance also enables organisations to take the steps needed to transform data into actionable insights from across the whole health and healthcare spectrum. Despite this considerable benefit, eHealth governance’s still immature. It’s stuck at the formation of committees that work as think tanks to devise analytics strategies. The committee model’s often seen as good eHealth governance, but there are many challenges it can’t address because it operates as an ICT subcommittees, not a core part of an organisational information strategy. This approach won’t progress until healthcare executives see data as a strategic asset and a value chain instead of an ICT by-product.

    A benchmark for developing good eHealth governance in the US health system’s 18 months. Africa’s different. It has different eHealth priorities and resources. It’ll take longer, so a stepped process is more appropriate where modest eHealth governance starts to take hold. To reach good eHealth governance, It’s vital that the evaluation jogs along, so doesn’t become extinct, which is a considerable risk. Carl Sagan, the astronomer and cosmologist, said “Extinction is the rule. Survival is the exception.” For the effort expended needed for Africa’ eHealth Governance, survival goes hand in hand with success.

  • South Africa’s moving on IOp polices and governance

    In its eHealth Strategy stretching from 2012 to this year, Dr Aaron Motsoaledi, South Africa’s Minister of Health, was clear. “Historically, health information systems in South Africa have been characterised by fragmentation and lack of coordination, prevalence of manual systems and lack of automation, and where automation existed, there was a lack of interoperability between different systems.” In a masterclass at this year’s eHealth ALIVE conference, Matthew Chetty from South Africa’s Council for Scientific and Industrial Research (CSIR) set out the Interoperability (IOp) policies and governance as part of the solution.

    Five levels are:

    1. Political context, with co-operating partners with compatible visions, aligned priorities and focused objectives
    2. Legal IOp, needing aligned legislation so exchanged data’s accorded proper legal weight
    3. Organisational IOp, needing co-ordinated processes so organisations achieve a previously agreed and mutually beneficial goal
    4. Semantic IOp alignment so precise meanings of exchanged information’s preserved and understood by all parties
    5. Technical IOp for interaction and transport so planning technical issues to link computer systems and services.

    Four sequential steps are needed to achieve these. They’re:

    1. Analyse the landscape and assess Health Information Systems (HIS) to define the IOp problem
    2. Establish a set eHealth IOp standards, the National Health Normative Standards Framework for Interoperability in eHealth (HNSF)
    3. Establish a regime for IOp testing and certification, the National eHealth Interoperability Lab
    4. Establish the foundational ICT Infrastructure needed for IOp.

    Recommending eHealth standards for South Africa isn’t developing eHealth standards from scratch. It’s selecting the most appropriate set of standards from the range available from international standards organisations to support South Africa’s health system. The HNSF includes a process of reviewing eHealth base standards and selecting a stack that fits South Africa’s health systems requirements and health functions. Seven selection criteria are scalability, implementability, testable, cost, maturity, extendibility and flexibility. Six IOp components fit into a template of:

    1. Process for functional group and functions
    2. Technical, for Integrating the Healthcare Enterprise (IHE) profiles, general ICT standards, transfer and messaging standards
    3. Semantic, for coding and terminology, content and structure and EHR standards
    4. Security standards.

    Steady progress is underway. There’ll be much learning on route as standards are applied in eHealth investment decisions using the HNSF as a firm foundation

  • Acfee to publish reviews of cyber-security and eHealth governance

    To priority topics to come out of the eHealthALIVE week in September were eHealth governance and cyber-security. Acfee’s taking action on both.

    At eHealthALIVE, several presenters said that successful larger-scale eHealth depends on effective eHealth governance. While there are generic components, such as accountability, there’s a need to develop and implement bespoke eHealth governance to fit each countries’ situation. An important aspect’s that it should fit the corporate and political governance arrangements. Consequently, Acfee’s eHealth governance document’s a basic guide for Africa’s health systems to build from. It’s not a recipe.

    After eHealthALIVE, Acfee’s African eHealth Forum met. It’s combination of Acfee’s advisory board members and selected, invited eHealth vendors. Cyber-security was identified as an essential eHealth component with minimal advice and commentaries for Africa’s health systems.

    eHNA monitors global cyber-security information, research and advice and Acfee is summarising some themes from its database of posts for Africa’s health systems. Cyber-threats are becoming more sophisticated, matched by new research, so the document’ll be followed with updates. These do not comprise cyber-security advice, but identifies actions from other continents for Africa’s health systems and eHealth leaders to consider as they develop their cyber-security policies, strategies and measures. 

  • AHIMA releases its Information Governance Framework

    Every country needs to ensure effective Information Governance (IG). This means that it has to be based on sound principles. The USA’s taken a big step forward, from which we can all learn. The American Health Information Management Association (AHIMA) has released its Information Governance Principles for Healthcare. You can access it through Fierce Health IT.

    The framework is part of AHIMA’s continuing strategy to emphasise the importance and value of information governance. It sees effective governance as essential to achieving the goals of patient care and ensuring regulatory compliance. The framework has eight principles:

    1. Accountability, where an accountable leader oversees the IG programme
    2. Transparency, with IG processes and activities documented  openly and verifiably
    3. Integrity, with information  managed to provide a reasonable guarantee of reliability
    4. Protection, with appropriate security to prevent breaches, corruption and loss
    5. Compliance, with the IG programme complying with applicable laws, standards and organisational policies
    6. Availability, with information managed to ensure timely, accurate, and efficient retrieval
    7. Retention, with data kept for appropriate periods to meet legal, regulatory and other relevant requirements
    8. Disposition, with data that is no longer required, disposed of appropriately and securely manner.

    FierceHealthIT says that AHIMA adapted its IG framework from the American Records Management Association, ARMA International’s publication Generally Accepted Recordkeeping Principles. This deals with quality improvement, risk management, compliance, privacy and security. It’s eight principles for IG programmes are:

    1. Accountability: an organisation shall assign a senior executive to oversee the IG programme, delegate program responsibility to appropriate individuals, adopt policies and processes to guide staff, and ensure program auditability
    2. Integrity: an IG programme shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability
    3. Protection: an IG programme shall be constructed to ensure a reasonable level of protection to information that is personal or that otherwise requires protection
    4. Compliance: an IG programme shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’s policies
    5. Availability: an organisation shall maintain its information in a manner that ensures timely, efficient, and accurate retrieval of its information
    6. Retention: an organisation shall retain its information for an appropriate time, taking into account all operational, legal, regulatory and fiscal requirements, and those of all relevant binding authorities
    7. Disposition: an organisation shall provide secure and appropriate disposition of information in accordance with its policies, and, applicable laws, regulations and other binding authorities
    8. Transparency: an organisation shall document its policies, processes and activities, including its information governance program, in a manner that is available to and understood by staff and appropriate interested parties.

    AMRA’s Maturity Model embedded in its framework goes beyond the restatement of the principles. It defines IG’s characteristics at three levels of maturity, completeness, and effectiveness. For each principle, the Maturity Model describes characteristics as sub-standard, in development and essential.

    These documents are essential starting points for African countries expanding their eHealth initiatives, IG and regulation.