• Governance
  • Kenya’s mHealth standards are clear on compliance

    mHealth standards and guidelines are essential, but have to be applied. Like all regulations, effective compliance’s essential. Kenya Standards and Guidelines for mHealth Systems sets three main part of the Ministry of Health approach. They’re:

    Commitment at a senior level is a requirement for stakeholders, including an accountable resource either as an officer or managerImplementation that identifies the resources, including a person, needed for the design, development, implementation and monitoring stages and documenting compliance levels Audit, with a person assigned to provide an objective review of documentation and the compliance process to provide feedback and recommendations directly to management, especially for corrective action needed where compliance is weak or missing. 

    There’s a big stick too. Fines and penalties are part of a range of measures to encourage compliance. Building on Kenya National eHealth Policy 2016-2030, the mHealth standards are a huge step forward for eHealth regulation, not just for Kenya, but across Africa too.

  • AeHIN and Acfee to collaborate on supporting regional eHealth

    At today’s eHealthAFRO, Jai Ganesh Udayasankaran, Council Member of the Asian eHealth Information Network (AeHIN) presented his organisation’s history and successes. It plays a substantial catalytic role in supporting eHealth’s development in the Asian region.

    Mr Udayasankaran confirmed that AeHIN will collaborate with Africa’s emerging network, the Africa Centre for eHealth excellence (Acfee), on several aspects of eHealth that are priorities both for Africa and Asia. The main themes include:

    eHealth governanceeHealth regulationCyber-security.

    eHealth governance is well-developed in AeHIN. It promotes COBIT 5, a sophisticated standard. Most of Africa’s eHealth governance needs an initial entry point. Countries can use AeHIN’s experiences to see a trajectory of where their eHealth governance could lead.

    Acfee’s research on eHealth regulation in Africa reveals a significant deficit. The 2013 data are a few years out of date, though progress remains slow. They show an extensive reliance on telecommunications regulations, with little specific eHealth regulation, as shown below.

    These figures are well behind good practices. The deficit’s about 45% points, showing that progress is vital to avoid the African region falling further behind.

    Cyber-security has become increasingly critical. Acfee accumulates data on issues, priorities and guidance, much of which is posted on eHNA. Acfee’s basic cyber-security handbook for Africa sets out some features in what are rapidly changing and more effective cyber-threats.

    Collaboration with AeHIN will move further ahead this year. Progress will be reported at next year’s eHealthAFRO 2018 and in eHNA

  • There are twelve trends in identity governance and access management

    Imaginative innovation underpins eHealth. While it’s like Hollywood film director Frank Capra’s concept of “Don't follow trends, start trends,” it still has trends that many health systems need to follow:  Ponemon Institute set out its findings in Global Trends in Identity Governance & Access Management, sponsored by Micro Focus. Its aim’s to understand two ICT themes. One’s organisations’ capacity to protect access to sensitive and confidential information. The other’s to identify what they believe’s needed to improve protection and security. It identified twelve trends:

    Employees are frustrated with access rights processes, and ICT security’s seen as a bottleneckResponding to requests for access is considered slowControl over access management is decentralisedSome technologies are important in meeting ID governance and access management requirementsA single-factor authentication approach isn’t effective nowIntegrating machine learning within ID governance solutions’s critical for 64% of respondentsEnforcing access policies consistently across all information resources is most difficult information taskEnd users have more access than they needMigrating to mobile platforms affects access managementNew threats created by disruptive ICT reduces organisations’ ability to mitigate governance and access management risksManaging access in the Internet of Things (IoT) is a concern.Effective ID governance and access management across the enterprise is achievable.

    These comprise components of eHealth strategies and governance. Africa’s health systems’ eHealth governance boards should consider each of these, provide an assessment of their implications and requirements and convert them into eHealth project plans. It’s important to catch a trend before it disappears over the horizon.

  • Good eHealth governance takes time

    If good eHealth governance’s tedium, arduous, drudgery, painstaking diligence a seemingly endless chore, as an article in Healthcare IT News says, why should Africa’s health systems bother with it? A team from University of Mississippi Medical Center (UMMC,) Dartmouth-Hitchcock Medical Center  (DHMC), RelayHealth and Dartmouth Analytics Institute explains why at length. Both perspectives are important for developing Africa’s eHealth governance.

    First, it’s the most important analytics strategy for healthcare. It’s a view most notably from people who’ve succeeded with it.

    Since eHealth governance was set up, UMMC’s eHealth team’s productivity increased enormously. Over some 14 months, five report writers have produced 40 data visual apps. It’s been achieved because eHealth governance set their working rule explicitly and clearly, so removed the need for them to seek a stream of clarifications about their projects.

    Good eHealth governance also enables organisations to take the steps needed to transform data into actionable insights from across the whole health and healthcare spectrum. Despite this considerable benefit, eHealth governance’s still immature. It’s stuck at the formation of committees that work as think tanks to devise analytics strategies. The committee model’s often seen as good eHealth governance, but there are many challenges it can’t address because it operates as an ICT subcommittees, not a core part of an organisational information strategy. This approach won’t progress until healthcare executives see data as a strategic asset and a value chain instead of an ICT by-product.

    A benchmark for developing good eHealth governance in the US health system’s 18 months. Africa’s different. It has different eHealth priorities and resources. It’ll take longer, so a stepped process is more appropriate where modest eHealth governance starts to take hold. To reach good eHealth governance, It’s vital that the evaluation jogs along, so doesn’t become extinct, which is a considerable risk. Carl Sagan, the astronomer and cosmologist, said “Extinction is the rule. Survival is the exception.” For the effort expended needed for Africa’ eHealth Governance, survival goes hand in hand with success.

  • South Africa’s moving on IOp polices and governance

    In its eHealth Strategy stretching from 2012 to this year, Dr Aaron Motsoaledi, South Africa’s Minister of Health, was clear. “Historically, health information systems in South Africa have been characterised by fragmentation and lack of coordination, prevalence of manual systems and lack of automation, and where automation existed, there was a lack of interoperability between different systems.” In a masterclass at this year’s eHealth ALIVE conference, Matthew Chetty from South Africa’s Council for Scientific and Industrial Research (CSIR) set out the Interoperability (IOp) policies and governance as part of the solution.

    Five levels are:

    Political context, with co-operating partners with compatible visions, aligned priorities and focused objectivesLegal IOp, needing aligned legislation so exchanged data’s accorded proper legal weightOrganisational IOp, needing co-ordinated processes so organisations achieve a previously agreed and mutually beneficial goalSemantic IOp alignment so precise meanings of exchanged information’s preserved and understood by all partiesTechnical IOp for interaction and transport so planning technical issues to link computer systems and services.

    Four sequential steps are needed to achieve these. They’re:

    Analyse the landscape and assess Health Information Systems (HIS) to define the IOp problemEstablish a set eHealth IOp standards, the National Health Normative Standards Framework for Interoperability in eHealth (HNSF)Establish a regime for IOp testing and certification, the National eHealth Interoperability LabEstablish the foundational ICT Infrastructure needed for IOp.

    Recommending eHealth standards for South Africa isn’t developing eHealth standards from scratch. It’s selecting the most appropriate set of standards from the range available from international standards organisations to support South Africa’s health system. The HNSF includes a process of reviewing eHealth base standards and selecting a stack that fits South Africa’s health systems requirements and health functions. Seven selection criteria are scalability, implementability, testable, cost, maturity, extendibility and flexibility. Six IOp components fit into a template of:

    Process for functional group and functionsTechnical, for Integrating the Healthcare Enterprise (IHE) profiles, general ICT standards, transfer and messaging standardsSemantic, for coding and terminology, content and structure and EHR standardsSecurity standards.

    Steady progress is underway. There’ll be much learning on route as standards are applied in eHealth investment decisions using the HNSF as a firm foundation

  • Acfee to publish reviews of cyber-security and eHealth governance

    To priority topics to come out of the eHealthALIVE week in September were eHealth governance and cyber-security. Acfee’s taking action on both.

    At eHealthALIVE, several presenters said that successful larger-scale eHealth depends on effective eHealth governance. While there are generic components, such as accountability, there’s a need to develop and implement bespoke eHealth governance to fit each countries’ situation. An important aspect’s that it should fit the corporate and political governance arrangements. Consequently, Acfee’s eHealth governance document’s a basic guide for Africa’s health systems to build from. It’s not a recipe.

    After eHealthALIVE, Acfee’s African eHealth Forum met. It’s combination of Acfee’s advisory board members and selected, invited eHealth vendors. Cyber-security was identified as an essential eHealth component with minimal advice and commentaries for Africa’s health systems.

    eHNA monitors global cyber-security information, research and advice and Acfee is summarising some themes from its database of posts for Africa’s health systems. Cyber-threats are becoming more sophisticated, matched by new research, so the document’ll be followed with updates. These do not comprise cyber-security advice, but identifies actions from other continents for Africa’s health systems and eHealth leaders to consider as they develop their cyber-security policies, strategies and measures. 

  • AHIMA releases its Information Governance Framework

    Every country needs to ensure effective Information Governance (IG). This means that it has to be based on sound principles. The USA’s taken a big step forward, from which we can all learn. The American Health Information Management Association (AHIMA) has released its Information Governance Principles for Healthcare. You can access it through Fierce Health IT.

    The framework is part of AHIMA’s continuing strategy to emphasise the importance and value of information governance. It sees effective governance as essential to achieving the goals of patient care and ensuring regulatory compliance. The framework has eight principles:

    Accountability, where an accountable leader oversees the IG programme Transparency, with IG processes and activities documented  openly and verifiably Integrity, with information  managed to provide a reasonable guarantee of reliability Protection, with appropriate security to prevent breaches, corruption and loss Compliance, with the IG programme complying with applicable laws, standards and organisational policies Availability, with information managed to ensure timely, accurate, and efficient retrieval Retention, with data kept for appropriate periods to meet legal, regulatory and other relevant requirements Disposition, with data that is no longer required, disposed of appropriately and securely manner.

    FierceHealthIT says that AHIMA adapted its IG framework from the American Records Management Association, ARMA International’s publication Generally Accepted Recordkeeping Principles. This deals with quality improvement, risk management, compliance, privacy and security. It’s eight principles for IG programmes are:

    Accountability: an organisation shall assign a senior executive to oversee the IG programme, delegate program responsibility to appropriate individuals, adopt policies and processes to guide staff, and ensure program auditability Integrity: an IG programme shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability Protection: an IG programme shall be constructed to ensure a reasonable level of protection to information that is personal or that otherwise requires protection Compliance: an IG programme shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’s policies Availability: an organisation shall maintain its information in a manner that ensures timely, efficient, and accurate retrieval of its information Retention: an organisation shall retain its information for an appropriate time, taking into account all operational, legal, regulatory and fiscal requirements, and those of all relevant binding authorities Disposition: an organisation shall provide secure and appropriate disposition of information in accordance with its policies, and, applicable laws, regulations and other binding authorities Transparency: an organisation shall document its policies, processes and activities, including its information governance program, in a manner that is available to and understood by staff and appropriate interested parties.

    AMRA’s Maturity Model embedded in its framework goes beyond the restatement of the principles. It defines IG’s characteristics at three levels of maturity, completeness, and effectiveness. For each principle, the Maturity Model describes characteristics as sub-standard, in development and essential.

    These documents are essential starting points for African countries expanding their eHealth initiatives, IG and regulation.