We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Nurisng informatics

essay
The whole doc is available only for registered users

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

St Augustine Medical Hospital wants to implement a Nursing Information System and this project objective is to design one for them. Within the design we would include the following: Components of the Nursing Information system, e.g. documenting, medication administration, assessment, admission & discharge Equipment and components ( e.g. types of computers) and why

Storage, maintenance, backup, security
Planning, implementing & training
Benefits to staff, organization & patients.
Introduction 1.2
Nursing informatics is a growing field with many opportunities for nursing involvement. Because nurses are involved increasingly in the design, installation, and use of nursing information systems (NIS) it is important that they are aware of the barriers to and benefits of nursing information systems. With that being said this system would encompass increased nurse involvement, education, research, and recognition of the benefits of computerization are suggested to overcome the barriers staff is experiencing today. Areas targeted in our Nursing informatics systems to reduce such barriers are: Management and communication of information

Content of information
Design, structure, and delivery of information

Benefits of Electronic Health Records (Documentation)2.1 Our world has been radically transformed by digital technology smart phones, tablets, and web-enabled devices have transformed our daily lives and the way we communicate. Medicine is an information-rich enterprise. A greater and more seamless flow of information within a digital health care infrastructure, created by electronic health records (EHRs), encompasses and leverages digital progress and can transform the way care is delivered and compensated. With EHRs, information is available whenever and wherever it is needed. When fully functional and exchangeable, the benefits of EHRs offer far more than a paper record can. EHRs: Improve quality and convenience of patient care.

Inaccurate patient information if records are not updated in real-time Unavailability of EHR system due to technical problems (downtime) Potential malpractice liability (data loss or destruction, inappropriate corrections to the medical record, inaccurate data entry, errors related to problems that arise during the transition to EHRs) Over reliance by staff on EHR system resulting in health care professionals spending less time with the patient Patient access to information about conditions that they may not understand which may frighten them. BETTER DECISIONS AND MORE COORDINATED CARE WITH EHRS2.2 With more complete patient information, providers would improve their ability to make well-informed treatment decisions quickly and safely. Percentage of physicians whose electronic health records provided selected benefits2.3

Medical Administration2.4
Implementation of Electronic Medication Administration Record (eMAR) The implementation of eMAR paves the way for standardized handling, management, and documentation of medication administration. When implementing institution-wide, eMAR, it allows every clinician easy, efficient, consistent and legible online access to each patient’s medication profile. This new system required a change to our current process. The task of transcribing medication orders is now the responsibility of licensed pharmacists. A second layer of safety is the nurses’ responsibility to validate each medication order. The ultimate goal of the office of Nursing Information Systems is to make every nurse and support personnel skilled in the management and communication of patient health information across the continuum of care. Goals

Incorporate practice standards, safety measures, and regulatory practices in computerized nursing documentation solutions Provide a vehicle for the comprehensive documentation of care All nurses and support staff must be skilled in managing and communicating information Automation of nursing documentation in all inpatient care settings by year

Speech Recognition

Speech recognition products provide appropriate tools for individuals within the health care environment. Speech recognition software takes the spoken word via a microphone and converts it to machine-readable format. The user speaks into a microphone either with pauses between words (discrete speech) or in a normal talking manner (continuous speech). The discrete product, although slower, is often the better choice for those with LDs because errors can be identified as they occur. Making corrections after the fact using continuous speech requires proficient reading skills. Speech recognition technology requires that the user have moderately good reading comprehension to correct the program’s text output. Because many people with LDs have reading problems, speech recognition is not always an appropriate accommodation Advantages of speech recognition:

Most obviously it frees one from having the physical limitations of typing with one’s hands using a keyboard. The next most obvious direct benefit associated with this would be the ability to “write” words much more quickly than ever before. This goes without saying that one’s productivity could rise significantly. Disadvantages of speech recognition:

The downside to using voice recognition software seems to stem progressively less from the limitations that the software creates. Rather, they come more from factors having to do with the speaker/writer and the work environment in which they use voice recognition software.

Barcode System and Patient Identification
Barcode technology can help prevent medical errors by making accurate and reliable information readily available at the point-of-care. Information, such as the drug identification, medication management, infusion safety, specimen collection, etc. and any other patient care activity can be easily tracked during the patient stay. Wristbands with barcodes that contain the information of the patient’s medical record or visit number, and any other identifiers have been proven effective to provide proper patient care. Barcoding Concerns

Looking at barcoding technology in healthcare from a clinical professional standpoint, barcoding technology may impact the workflow process and disrupt the delivery of care to patients. Workflow interruptions can be a result of fatigue and frustration among clinical professional when using barcoding systems. Additionally, workarounds are common with the use of many technological devices/systems. Some examples that lead to workarounds in a clinical setting as a result of barcoding technology may include (but are not limited to): Limiting of clinical professional autonomy to make decisions; The new system is too slow to respond in clinical emergencies; Limited software flexibility for dosing needs;

Conflict between meeting the monitored medication delivery window and prioritizing other patient care activities; and Slow response time, equipment problems, missing armbands, and illegible barcodes. Future of Barcoding in the Health Care System

Given barcoding’s history as a mature reliable technology, barcoding will continue to be adopted within the healthcare setting to improve the quality of patient care. However, growing attention onradio-frequency identification (RFID) systems are expected to be the future competitor for barcoding. Nevertheless, barcoding will continue to play a prominent role with RFID and will likely collaborate with RFID to form a hybrid system. In this regard, barcoding (1-D and 2-D) will continue to have advantages over RFID (specifically passive RFID) for the following two reasons: Barcoding is cheaper than RFID (passive RFID must lower its price to become competitive); Barcode technology is ideally suited for tasks in which a human being is stationary and objects are moving (e.g. blood sample collection and labelling). Barcoding technology in healthcare will eventually begin to shift over to the use of 2-D symbologies to accommodate size restrictions and the growing need for large amounts of data. This is already becoming a reality with the use of mobile phones and is bound to play an important role in the development of mHealth. Components of the Nursing Information System with regards to assessment, admission and discharge2.5 The Nursing Information System is a technological system designed for use by nurses and health care professionals to document client data.

Documented client data includes nursing health assessments as well as admission and discharge documentation. The health assessment involves four steps initiating with the collection of subjective data, continuing with collection of objective data and validation of the data collected and ending with the documenting of this data. These four levels of data collection are critical to the creation of a plan of care for the client as they give historical and present health information about the client. Collecting this type of information in paper format is very inconvenient and could be misplaced quite easily. Documentation via the Nursing information system (NIS) serves to make for easier and more efficient data storage. It is very important to record admission and discharge information. Admission records show the reason why a patient was admitted to a ward, it shows the clients vital signs at the time of admission including the initial instructions for the patient’s care. Discharge records show the patient vitals at the time of discharge, the health status under which he was discharged, medications (if any) that were prescribed. Having this type of information stored on the NIS allows for nurses to have a source for evidenced based practice. For example, Simple John was admitted to the medical ward with shortness of breath brought on by exertion. An initial plan of care would have been created for this patient. Now if Simple John returns with the same complaint, the nurse can return to the information system to view the initial care plan and have the ability to decipher how well the last plan of care work and if it could be used in his present condition. Other benefits to Nursing Information Systems include “…improved workload functionality,… better care planning… [and]… better drug administration…” (www.biohealthmatics.com).

Benefits of the Barcode Scanner3.1
Wireless barcode scanner, for example, is one useful tool for medical staff. ZEBEX has successfully introduced Z-3050BT wireless handheld CCD scanner into the health care industry. At the time patients register for hospitalization, they would be given a number that appears in barcode format on patients’ wristband and every related document. It is to automatically record the medical process and prevent human error. For example, when nurses are dispensing description, they use Z-3050BT wireless scanner to read confirm their identity and the medicine they are supposed to take. Even if the patients have dementia, have difficulty in communication, or in coma, nurses can still give the right medicine to the right person. The use of barcode scanner is also an important step for the buildup of medical record and care record. Medical staff read barcode on patient before a treatment or examination; then the treatment or examination result is automatically recorded in their medical history. In short, barcode scanners help to reduce mistake and spare paper work; wireless means convenient mobility and no tangled cable attached; CCD optical system gives no laser radiation and no possible harm to users and patients. Benefits of Tablet and laptops computers3.2

Evidence suggests that the patient–practitioner relationship has a considerable impact on trust, adherence to treatment regimens, and patient satisfaction. In the hospital, a patient’s opportunity to communicate with his or her care providers is often limited by logistical and time constraints. Moreover, members of the care team change frequently as a result of shift-change, scheduling, specialty consults, and transfers (e.g., ICU to ward). As a result, patients are often unclear about the identities and roles of the people taking care of them. We hypothesized that tablet computers, such as the Apple iPad, would provide an effective platform for hospital patients to receive interactive information and enable them to participate more actively in their care. The features of tablets Pc and its benefits include:

Single data entry without transcription: Serves patient faster, reduces errors and inefficiencies, and saves money, as bills automatically reflect the medical procedures performed. Real time database access via wireless connections: Immediate access to patient history, drug doses changes to medications and policy guidelines. Also it reduces waiting time to patient records. Clear display: Promotes meaningful medical dialogue with patients and staff. Helps patients understand their condition and treatment. Digital ink capability: Facilitates easy annotation of documents. All Microsoft office 2003 applications support digital ink Captures text, pictures and sound: This helps providers create, edit, organize and search through handwritten notes. Handwriting and speech recognition capabilities automate translation to digital text. Lightweight and portable: Easy to carry from office to hospital and back. Even captures information in remote locations for later upload. Private: Reads and writes secure data to tokenized storage modules Enhanced version of Microsoft Windows: As easy to use as desktop or notebook computers. Costs

The equipment costs for each patient care unit are $123,000 for an unprofiled automatic dispensing device and $138,000 for a profiled device. The planning costs are $73,800 and $82,800. The up-front costs are $196,800 and $220,800 per patient or intensive care unit for unprofiled and profiled automatic dispensing devices, respectively. For a 400-bed hospital with approximately nineteen 20-bed patient care units and two eight-bed intensive care units, there would be up-front capital costs, as follows: For an unprofiled system, the cost of capital equipment would be $2.5 million, and planning costs would be $1.5 million, for a total of approximately $4 million. For a profiled system, the cost of capital equipment would be $2.9 million, and planning costs would be $1.7 million, for a total initial outlay of $4.6 million. According to Mr. Ciotti, there are eight patient friendly technologies that could make a positive difference in a hospital’s reputation, position and patient satisfaction scores: Central Scheduling:

Having a single number for patients to call in order to schedule appointments and tests simplifies an otherwise roundabout task. “Most hospitals fail to implement central scheduling because the various departments insist on keeping their own schedules that they control for various reasons” Speech Assisted Automated Attendant Systems:

Hospitals can stay competitive and also save money with a voice recognition phone system. The systems could reduce staff overtime and helps to avoid dropped calls or unpleasant patient interactions. Master Patient Index

This is a database that keeps a unique identifier for each patient. Patients can approach a registration window, show ID and skip the wave of forms
because their information is in a HIPAA compliant index. Self Register Kiosks:

Similar to self check in stations at an airport, self register kiosks can be positioned in admitting, ER and outpatient registration areas are secured and patient can verify their identities or update their information. Wireless Connectivity:

Physicians, clinicians and other staff members are not only people in a hospital who live on their mobile devices and smart phones. Similar to restaurant chains, hospitals should offer a friendly Wi-Fi connection to make it easy for patients and visitors to access the wireless network. Bedside Computer Terminals:

Beside computer terminals allow patients to see the processes happening around them while still enabling physicians and nurses to update patient records efficiently. Bedside Medication Verification:

A BMV system adds another layer of patient safety to a hospital’s technology strategy. A nurse can scan a patient’s badge with BMV, which confirms the patient is receiving his or her correct medication and the patient sees it every day. Online Bill Pay:

Patients are able to pay their phone, cable, utility and service bills online. Hospitals that offer the same ability can stay competitive which can improve hospitals accounts receivable.

MAINTENANCE OF NURSING INFORMATION SYSTEMS
4.1
Systems maintenance
Systems maintenance is the on-going maintenance of a system after it has been placed into operation. When developing nursing information strategy plans, the health care institution or hospital cannot afford to neglect the fact that systems maintenance is the longest and costliest phase of the systems life cycle. The organization structure needs flexibility to support the maintenance of existing systems concurrently with the implementation of new technologies like tablets or laptops for nurses to develop care plans for patients and document nursing care. It is important to consider the evaluation and monitoring of a system for needed maintenance and consequently, to lower or contain maintenance costs. Systems maintenance can be categorized into four groups. Each of these four categories can affect the health care institution’s information strategy plan in different ways: Corrective Maintenance

Regardless of how well designed, developed, and tested a system or application may be, errors will inevitably occur. This type of maintenance deals with fixing or correcting problems with the system. This usually refers to problems that were not identified during the implementation phase. An example of remedial maintenance is the lack of a user-required feature or the improper functionality of it.

Customized Maintenance
This type of maintenance refers to the creation of new features or adapting existing ones as required by changes in the health care institution’s or by the nurses, e.g. internal regulations. Enhancement Maintenance

It deals with enhancing or improving the performance of the system either by adding new features or by changing existing ones. An example of this type of maintenance is the conversion of text-based systems to GUI (Graphical User Interface). Preventive Maintenance

This type of maintenance may be one of the most cost effective, since if performed timely and properly, it can avoid major problems with the system. An example of this maintenance is the correction for the year 2000. HANDLE BASIC PROGRAMMING AND DATA QUALITY MANAGEMENT4.2 Some members of staff would have the responsibility of conducting basic end user training, managing projects, participating in systems selection and providing periodic reporting to management on system administration. As electronic health records and other clinical information systems are installed, they become important clinical tools. All clinical tools require professional judgment for use and need to be calibrated regularly to ensure they perform in the best possible manner. The electronic health record should have: Right clinical data that is captured and quality assured. The right presentation which enables the capturing and retrieval of the right data. The right clinical decision support based on the right data presented in the right manner. The Right work process which supports the capture and use of data and the Right outcomes – to result in the best possible outcomes for patient safety and quality of care. Ensuring the quality of discrete data as it is captured in new ways is important. The quality of information should be accessible and easily obtainable, accurate, comprehensive including all applicable data, consistent, reliable and current. Clear definitions, which ideally follow a standard vocabulary, should be used. Attributes and values of data should be defined at the correct level of detail for the application. There should be precision where data values should be large enough to support the application. There should be relevancy of data and timeliness where data are used in the appropriate context. EVALUATION of DATA QUALITY4.3

Health care professionals should conduct audits to review for potential inconsistencies. Complaints should be monitored and logged by end users to determine if fields allow for precision and edit checks occur correctly. Data entry should be tested to determine that edits can be performed. Clinical decision alert overrides should be reviewed to see if they point to data quality issues. The contents of comments or narrative fields should be reviewed to determine: Where discrete data templating is not occurring

Where there are inconsistencies between data templating and narrative fields Where there is repetition between data templating and narrative fields Various reports should be run to perform reasonableness tests As data quality issues are identified, remediation activities are needed, such as retraining, application modification, or policy modifications. STORAGE FOR NURSING INFORMATION SYSTEMS

4.4
Permanent storage holds the data and software that must be preserved even
when the computer is powered down. Permanent storage needs can be immense. An organization’s library of software applications can easily exceed many gigabytes, and the quantity of data can range in the terabytes. A key part of the network infrastructure involves the hardware and software that stores the organization’s ever-growing data. In designing a data storage the data stored on the network is a vital resource that cannot be re-created but can give care to provide adequate capacity, fast performance and reliable access, but never allow data loss. STORAGE STRATEGY DESIGN

The following goals should be kept in mind for a storage system: Prevention of data loss
Adequate capacity that can accommodate the growth of storage needs. Provision of fast access to data without interruptions
Preparation for equipment failures
Use of cost-effective technologies

DATA POLICIES
Storage strategy includes defining what constitutes the supported data environment. This should include that users must place their data within the supported data structures for example on network servers and not on local drives of their computers or desktops if the organization’s storage strategy assumes that all data resides on network servers. Most backup software products will archive the contents of distributed computer hard drives; however, few of the other requirements of a well-managed storage strategy can be met with this approach. GENERAL CONSIDERATIONS FOR STORAGE STRATEGY DESIGN

Several factors come into play when selecting storage options. Capacity
The storage system must be able to handle the appropriate quantity of data. Be aware of the organization’s current data storage needs and the expected rates of growth. A storage strategy cannot be planned without detailed knowledge of the quantities of data involved. Scalability

The type of storage technology must be well-matched to the size of the organization’s data needs and must be able to accommodate its expected growth. The storage systems on the network must be designed from the beginning to scale to larger data capacities without major upheavals. Costs

Select the least-costly approach that effectively meets the objectives. Many cost issues must be considered: the initial purchase cost of the hardware; the productivity costs related to network down time; and ongoing hardware and software maintenance, for example. Do not ignore the personnel costs associated with each storage technology option. More complex solutions will demand the time and attention of network administrators, technicians and operators. Simpler approaches should require less ongoing support. Performance

Storage technologies must be able to deliver information to the user rapidly. Fortunately, many current systems have very high performance capabilities. The network with an extremely large user population should be able to handle an extremely high rate of simultaneous activity and still deliver rapid access. Reliability

All storage systems rely on parts that will eventually break down. It is possible to develop a data storage environment with enough redundancy to ensure that no interruptions can occur, even if individual components fail or malfunction. Manageability

Once a storage system has been designed and implemented, the organization must maintain it. Aim for the system with the simplest operational concerns. As systems increase in complexity it becomes increasingly important to be able to monitor their performance, preempt failures and manage storage media with as little effort and interaction as possible. Cost Analysis

A vital part of designing a storage system involves a careful cost analysis. Be sure to include all cost components. The major ones include: Capital outlays for hardware:
Media costs:
Any required software: RAID utilities, backup software, HSM software, systems management utilities Installation costs: vendor installation costs, internal personnel costs Ongoing costs: hardware maintenance, software maintenance and upgrades, product/technical support Capacity Planning

The development of a storage strategy involves planning for the quantity of storage and the level of performance required. Plan for growth: Once you have carefully calculated current data needs, you must predict its growth rates for the next few years. Allocate excess capacity. How much excess capacity should you provide in the first year of a new storage system? You should plan for 20 percent to 30 percent reserve capacity for the first year, just to keep the system operating smoothly. Expect to expand later. Do not purchase capacity too far in advance. Storage hardware, like other computing components, will most certainly decline in costs over time. You will probably be able to purchase higher-capacity storage units for less cost in future years. System longevity: What is the lifecycle for the storage system you are designing? Tiers of Storage: While the majority of organizations can manage their data with a single media-usually magnetic storage-large data environment may require a tiered approach. It may be impractical to build a system large enough from the highest-performing hardware.

If your environment falls into this category, then you will need to analyze the various data sets and determine how much of your system must be managed with high-performance storage and what might be relegated to lower-cost media. An example of a multitiered storage environment would be one with small store of solid state disks, a large set of magnetic disks organized in a RAID structure, a jukebox of optical discs and a tape drive for backups and archives. Budget considerations and performance demands factor into the proportion of storage allocated to each tier. The distribution of data files among a multitiered storage system can be automated through a genre of software called Hierarchical Storage Management (HSM). STORAGE OPTIONS:

A variety of technologies are available for network storage. Each of these hardware and software solutions forms the building blocks from which you will build a comprehensive storage solution. The size of your data environment, the kind of applications you run, the performance you expect, and the level of reliability required and the cost expectations each factor into the picture. The storage environment will use a hierarchy of technologies. The technologies with the best performance come at the highest cost. Organizations with data sets of a certain scale can build their storage system completely from high-performance hardware. Others have such large data considerations that make it impractical and unaffordable to use all high-performance storage and must therefore place some data on slower and less expensive media. Those that can store completely on high-performance media may still want slow/removable technologies such as tape, so that they store backups of critical data off-site.

BACKUP STRATEGIES FOR NURSING INFORMATION SYSTEMS 4.5 No storage system can be guaranteed never to fail. We learned that even though most RAID systems can withstand the loss of a single drive, multiple simultaneous failures can result in complete data loss. Even though you have implemented the most failure resistant storage system available, you must also be prepared for both minor and catastrophic failures. Storage systems also fall prey to human failures. Users will inevitably accidentally delete a file or directory and you will be expected to recover it. Most organizations cannot even to begin to calculate the costs of data loss. If your company trusts its data to your network, then you must guarantee that you can preserve it under all circumstances. Your storage system must include a solid backup strategy. If your primary storage system fails, then you must be able to repair it and restore all data back to its original state. The most common backup strategy involves routinely copying data from your primary storage system to a slower, less-expensive medium. While most organizations use magnetic tape, other possibilities include the various optical storage technologies. Full Backup

At selected intervals, you will need to make a full and complete backup of your storage system. This is your starting point if you must rebuild your data from scratch. In cases of catastrophic system failure where all data is lost or corrupted, you may need to reinitialize your storage devices and copy all data from your most recent backup set.

Incremental Backup
Storage strategies also usually include incremental backups. It may not be practical to perform a full backup every day. You will want to archive all the files added or changed since the last full backup as frequently as possible. Two approaches are possible here. You might want to catch all the files modified each day in an incremental backup run. If you must rebuild your data, you would put restore the last full backup plus each of the incremental runs. Alternately, you could set your incremental backups to copy all new and modified files since the last full backup. This way restoring the server will take only two tapes–the last full backup plus the last differential. Whether you use daily or cumulative incremental backups will depend on the volume of new and changed data versus the time available for the backup runs. Media costs may be a minor factor–the cumulative approach will consume more space. Scheduling Issues

Schedule your backup jobs to run at the most frequent interval possible. Typically, organizations plan full backups at least once a week and incremental backups at least daily. How fast your data changes and the value of the data also come into play. Some shops will need to perform full backups daily and incremental backups several times per day. If your system is basically inactive for some period of time each night, then scheduling backups is a breeze. But most of our lives are more complicated than that. If your system must be available 24×7, then establishing an effective backup schedule can be quite a challenge. One of the biggest issues in creating a backup strategy involves whether or not backups can be performed while the storage system is active. If you have a run-of-the-mill NetWare server, for example, and most of the data consists of word processing files, spreadsheets, and the like, then you can most likely perform backups during off-peak hours without problem. Here, open files pose the greatest problem. If a user has a file in active use, the backup system may not be able to open it to make a backup. You would expect the backup system to keep track of which files it failed to archive, retry them at a given interval and report any files missed to the system manager, who would archive them manually. Some backup systems have advanced capabilities for automatically archiving open files. The more difficult problem for backup strategies concerns transactional databases. Here the entire database may be a single file, but with millions of records. In the simplest case, you would close the database and perform the backup. If this is your strategy, you would want to use the fastest backup hardware possible to minimize the time your system must be inactive. Many organizations require constant availability of their online transaction processing systems. Here, the backup system must be able to more directly interact with your database. In some cases the database application can be placed into read-only, or maintenance, mode so that the backup system can get control of the files long enough to archive them. Gaps of Vulnerability

Disk failures rarely occur immediately after a backup. No matter how frequently you backup your storage system, there will be a gap between the failure and your most recent backup set. How much data can you really afford to lose? Some operations can risk the potential loss of a day’s work, provided that the chances of that actually happening are very small. But many can’t afford that level of risk. For organizations with extremely valuable data, you will build as must failure resistance into the primary storage system. The odds of having a data-losing failure in a RAID system are quite small indeed, but possible. You can reduce your gap of potential data loss by performing incremental backups frequently. Incremental backups don’t necessarily have to use slow media. One option might involve performing incremental backups to a separate magnetic disk system hourly, and gathering the hourly backups to tape daily. Many online transaction-based systems support journaling. Each transaction not only updates the database, but it also writes the transaction to a log file. If the database must be recreated, you can restore it from the last full backup and replay all the subsequent transactions from the log file. Managing Backups

The safety of your organization’s data depends on backup tasks being performed on schedule. The operation of backup tasks requires a high level of discipline. In general, you should rely on software that automatically schedules backup tasks and not depend on network managers or operators to manually perform them. Modern backup software should be expected to automate almost all aspects of your backup strategy. Device management

Expect your backup software to recognize and manage all the devices used in your backup system. If you have multiple tape drives, or tape changers, you should be able to direct the data to the appropriate device and media. Media management

Most backup strategies involve many media units–tapes, platters or cartridges. The backup set might include monthly archives, weekly full backups and daily incremental. Most backup software systems will keep track of the media involved, tell you how to label each unit and specify which one to load.

File management
Advanced backup systems will track the status of each file on the storage system. These systems maintain a database that includes information on when each file was backed up, what tape it is on, and the like. This information is critical for file restorations. If a user accidentally deletes a file, you should be able to find it in the backup system’s database and have it tell you which tape includes the most recent version. If a file becomes corrupted, you may be asked to restore an older version. Error Reporting

Expect the backup system to provide reports on the status of each backup run. Did it run completely? Were there files missed? Were whole server volumes missed? You may want status and error reports printed or sent by e-mail. There may be some errors where you need the system to send a message to your pager or trigger an alarm to an SNMP console. Error Recovery

When problems occur in a backup operation, some can be recovered from automatically. If files are missed on the initial pass of the backup run, set the system to retry them at the end of the run. If the backup system fails to login to a server, it may automatically create a make-up job to run later. Backup Software Platforms

Where do you expect to run your backup software? Will it run from a workstation on the network or will it operate on a server? There are some low-end solutions where the backup software runs on a client computer, archiving data from servers to a local tape drive. Most of the more advanced systems, however, run on network servers. Backup management requires a high-performance, multitasking environment, with scheduling capabilities. Servers offer these capabilities better than client computers. You will need to ensure that the backup software you choose is compatible with your server platform. Most of the systems available will operate under NetWare, Windows NT and the various flavors of Unix. Agents

The backup process can be made to operate more efficiently with the cooperation of the target system. It is common for backup systems to use programs called agents which manage the communication between the target system and the backup host. Agents can be used to give the backup host access to workstations on the network so that their local drives can participate in the backup system. You may also need an agent to backup target systems that differ from the platform of your backup host. For example, if your backup host is a NetWare server, you may need an agent on Unix and NT hosts to backup their file systems. Agents can also optimize the performance of backups by taking advantage of the processor on the target system to pump data to the backup server. Media Options

The primary concerns in selecting a backup media for your storage system involve increasing the volume of data that can be transferred to each tape and boosting performance. The more data that can be placed on tapes reduces the number of tape changes that must occur for each backup session. The speed of the data transfer is especially important for those systems that must be offline for backups. Faster backups mean less time offline, which can make a big difference for the organization’s data center operations. The vast majority of storage systems rely on tape-based backup systems. The two main competing tape technologies are 8mm Digital Audio Tape (DAT) and Digital Linear Tape (DLT). Through advancements in tape density and compression, 8mm Digital Audio Tape has achieved capacities of up to 24GB per tape and can transfer data at 2.2 MB/Second. Even more recently, Exabyte–the leader in tape backup solutions–has increased its 8mm technology to one that supports 40GB per tape with 6MB/second sustained throughput. Digital Linear Tape has offered capacity and performance advantages over Digital Audio Tape. In its current form, it can sustain 5MB/second data transfer and store up to 35GB per tape. While 8mm technologies have recently surpassed these measurements, we can expect Digital Linear Tape to make its own improvements and sustain its competitiveness. Optical technologies such as MO or CD-R may suit some environments. For especially high-performance backups, you may want to use another set of magnetic disks, but this would be an extremely expensive alternative. The relative capacities of each of these media constantly increase, and the cost per MB varies. When calculating the costs, be sure to include the hardware costs as well as the media itself. HSM: Hierarchical Storage management

One of the fundamental problems for data storage involves the constantly growing size of the data environment. There comes a point when the cumulative volume of data exceeds the hardware’s ability to accommodate it. You can deal with the problem by adding capacity to your storage system or coaxing network users to deleted unneeded files. But such efforts cannot necessarily be sustained indefinitely. Organizations with large-scale storage environments should consider a more advanced storage management system. One approach to controlling data growth involves automatic file grooming. Many of the advanced backup packages include the ability to automatically remove files that have not been accessed after a prescribed interval. The backup system would ensure that any file removed from the storage system would exist on multiple archive tapes. When users need groomed files, they would be manually restored. While this process may somewhat reduce the files on the network, it may leave users uncertain about the status of their files and involves considerable manual work in restoring files. Hierarchical Storage Management (HSM) deals with the problem of rapid data growth in a more sophisticated way by automatically transferring data files to secondary and tertiary storage systems. Hierarchical Storage Management operates completely transparently to the user–files continue to appear in directory listings even if they have been moved. The key to Hierarchical Storage Management lies in migrating the files that are least likely to be needed again.

Generally, Hierarchical Storage Management systems assume that the longer a file is idle, the lower the probability it will be accessed again. The secondary and tertiary storage systems can store infrequently used files at a low cost and free up space on the primary storage system for files in active use. Data may be stored online, near online or offline depending on their frequency of use. Let’s consider a typical Hierarchical Storage Management implementation. Three levels of storage are available: a RAID system of 100 GB, an optical jukebox and a 8-mm tape system. Once the RAID system reaches a certain threshold of capacity, say 90 percent, the Hierarchical Storage Management software begins scanning the storage system for files that are candidates for migration. We might specify that any file that has not been touched for at least 90 days can be transferred to secondary storage. The files are written to optical platters in the jukebox and deleted from the RAID system. The Hierarchical Storage Management system replaces the original file with a stub that occupies little space, but maintains the directory entry. As users browse their directories, they are unaware that any files have been deleted. If a user actually needs to use a file that has been migrated, the Hierarchical Storage Management software intercepts the request and automatically restores the file to primary storage. The user will notice a delay while the optical disk is selected and mounted in the jukebox and the file is copied back to its original location. The delay should be as little as a few seconds, depending on the size of the file. Some Hierarchical Storage Management systems can use a tertiary storage option. If the migrated data exceeds the capacity of the secondary storage system, then the data might be migrated down another level. In our example, files that had not been accessed on the optical platters for a year might be deleted and archived to magnetic tape and deleted.

The implementation of Hierarchical Storage Management involves several hardware and software components. On the hardware level, you will need equipment to manage your secondary storage. In most cases this will be an optical disc changer or jukebox. One could use a tape drive with an automatic media changer, but only if long file-restoration times are acceptable. The secondary storage device would connect to the same server as the primary storage system. With most Hierarchical Storage Management implementations, users do not access the secondary storage directly. The Hierarchical Storage Management software interacts with the secondary storage to place migrated files back to primary storage when needed. This configuration contrasts with a networked optical jukebox where users would access data directly. In most cases a tertiary storage media such as magnetic tape would be used for an additional level of data migration or to perform backups of data on both the primary and secondary storage systems. The implementation of Hierarchical Storage Management requires specialized software. Storage management involves a number of complex tasks. The Hierarchical Storage Management application software must be tightly integrated into the server’s operating system. To operate transparently to end users, the Hierarchical Storage Management software must manipulate the file system and directory structure to make all files appear to be present, even when some reside elsewhere. Some means must be provided to keep track of the location of all migrated files so that they can be efficiently retrieved when needed again. The Hierarchical Storage Management software will manage capacity issues for both the primary and secondary storage system. All data must be carefully tracked. SECURITY FOR NURSING INFORMATION SYSTEMS

4.6
Nursing Information Systems includes the development and implementation of a written security plan that describes procedures for nursing information system control, and contains provisions for nursing information security. The development of a security plan depends on who is allowed to have access to security information, what is needed to ensure that security information is safeguarded and used for the intended purpose. What level of physical security is needed to protect security information which includes Inventory access logs, Passwords, Entry access logbooks, Rosters of individuals approved for access to the Nursing Information System, Access control systems, Security system infrastructure, including floor plans, on-site guard, Closed Circuit Television, intrusion detection systems, etc. Security Plans and Incident Response Plans. Since the hospital is in control of their information, each of these questions will pose a different approach because no two institutions are the same. The first step is to decide what and how much security information should be made available to personnel inside and/or outside of the hospital. Entities should treat Nursing Information System security with equal respect to that of physical security. A complete program should include aspects of what’s applicable to security information and access to Nursing Information System registered space. The protection of Nursing Information System security information is an important component in the prevention of the misuse, either accidentally or intentionally, of the Nursing Information System. The Federal Select Agent

Regulatory language has been established to ensure that information related to the Nursing Information System is safeguarded and access to that information is limited to authorized and authenticated users. The policy that address information systems control states that an entity’s security plan must contain provisions for information security that will ensure that all external connections to systems which manage security for the registered space are isolated or have controls that permit and monitor only authorized and authenticated users. It also ensures that authorized and authenticated users are only granted access to information, files, equipment (e.g., servers or mass storage devices) and applications as necessary to fulfill their roles and responsibilities, and that access is modified when the user’s roles and responsibilities change or revoked. It ensures that controls are in place that are designed to prevent malicious code such as computer viruses, worms, and spyware, from compromising the confidentiality, integrity, or availability of information systems which manage access to registered spaces. The policy establishes a robust configuration management practice for information systems to include regular patching and updates made to operating systems and individual applications as well as establish procedures that provide backup security measures in the event that access control systems, surveillance devices, and/or systems that manage are rendered inoperable. The purpose of this guidance document is to assist the regulated community in addressing the information systems control and information security provisions of the select agent regulations.

This applies to entities that possess, use or transfer all Nursing Information System Cyber-security is the processes and practices of technologies designed to protect networks; computers, programs and data from unwanted, and most importantly, deliberate intrusions. Elements of cyber-security include: a) Application security

b) Information security
c) Network security
d) Incident response
e) Training
For the purpose of this guidance document “information systems security control” will be used instead of cyber-security, because information related to Nursing Information System is not limited to electronic applications. Within the regulated community, Nursing Information System security information is stored in electronic and hard copy media. Whatever approach the hospital chooses regarding the management of their Nursing Information System related security information, the processes must be integrated into the hospital’s written security plans. Actions taken regarding application security, sometimes referred to as countermeasures, are used to ensure security of software, hardware and procedural methods to protect systems from external threats. For example, the most basic software countermeasure is the firewall that limits the execution of files by specific installed programs. Similarly, the router is a hardware countermeasure that can prevent the IP address of an individual computer from being visible on the internet. Other countermeasures include encryption, anti-virus programs, spyware detection and biometric authentication systems. The regulated community must take a broad view on how to safeguard information beyond the “cyber” world. Safeguarding Nursing Information System security information can take many forms, but generally can be characterized in two ways: a) Information security

b) Physical security for Information Technology (IT) assets
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, recording or destruction of data. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form (i.e., electronic (cyber) or print (hardcopy)). In this day and age, information security is usually directed toward the cyber world with less emphasis on printed material. Nevertheless, the safeguarding of this information, whatever the medium is critical in protecting Nursing
Information System from misuse. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Each entity should consider assessing who is an authorized individual within the scope of the regulations, inside and outside the institution, and determine whether the system used for the conveyance of legitimate research has adequate controls in place. Integrity means that data cannot be modified undetectably. There should be reporting to the Responsible Official of any sign that inventory or use records for Nursing Information System have been altered or otherwise compromised.

The regulated community should consider factoring in who has the ability and capability of accessing and manipulating the data. This could be a systems administrator with access rights to the entire network, or a support technician assigned to the entity’s select agent program. It could be as simple as a Principal Investigator (PI) keeping his/her records on a non-networked computer. Availability, for the purpose of this guidance document, is research information that must be available when needed. This means that the computing systems used to store and process information, the security controls used to protect it, and the communication channels used to access it must be functioning properly. This includes the application of strong passwords, firewalls, anti-virus software and regular patching and updates to operating systems. For availability to be successful these applications must be functioning properly with on-going maintenance. Physical security for IT assets means physically protecting data and means to access data apart from protecting it electronically. Examples of physical attacks include “dumpster diving” to search for improperly discarded sensitive information and deliberate document stealing. The regulated community should consider maintaining awareness of what informational “waste” is being disposed of through normal business activity in and around their Nursing Information System registered space.

Responsible individuals should ensure that items like computer disks, Nursing Information System research notes that are no longer useful, and documents that contain sensitive information or other computer hardware are properly destroyed before being discarded. On the more extreme side, the simple act of stealing the information by unauthorized people, inside or outside the organization, should be factored into an entity’s information systems security control policies and procedures. This is equally important where hardcopy Nursing Information System security information is stored in a PI’s office that is not inside the Nursing Information System registered space. Physical security for IT assets can be easily added to an entity’s written security plan (Records) of the select agent. Some common practices that the regulated community can adopt, or re-emphasize during information security training, are: a) The destruction, such as shredding, of paper documents and computer disks; and, b) Purging electronic storage media before disposal.

If the entity is unclear on how to do this or does not have the means, then the Responsible Official should consider contacting their IT department or leadership for assistance. Proper access control to Nursing Information System registered space can mitigate the threat of information theft by ensuring that only authorized individuals can enter the space, or that escort procedures are implemented for those that are not authorized. In summary, information systems control includes both Nursing Information System security information and the physical infrastructure provided to protect this information. This also extends to discouraging sharing an individual’s unique means of accessing Nursing Information System such as passwords, as required in Information Technology (IT). Security Overview IT is a collection of computer hardware/software, information systems, and programming languages. The regulated community uses IT in a wide variety of applications such as: a) Storing personnel security risk assessment information;

b) Storing Nursing Information System research information and inventory records; c) Management and control of physical security access control and monitoring devices. Essentially, the computer is the central node that makes everything work. As such, IT has its own uniqueness in that threats to these systems are far less obvious, and perhaps ignored through complacency or viewed as a nuisance. Unlike securing physical Nursing Information System registered space and the building in which they are located, IT security requires constant systems monitoring. As such, both IT security and physical security are important. An entity’s IT security should focus on:

a) Network security
b) Hardware/Downloadable devices/Data storage
c) Physical security
Network Security
Large and small institutions have some level of IT infrastructure. These range from large and complex organizations with robust systems and support to smaller and more focused organizations that use a closed or isolated network or stand alone system requiring, in some cases, external contracted support to maintain them. The regulated community with robust systems and support should not rely solely on their IT departments in maintaining information security control for their Nursing Information System program. For entities with Nursing Information System security information incorporated as part of an organization’s overall IT infrastructure, this information and supporting infrastructure is subject to the overall IT policies and procedures of the organization. IT departments are designed to support the collective IT systems infrastructure and not necessarily to the specific entity’s Nursing Information System program, albeit located somewhere in the systems infrastructure. For these large organizational units, the Responsible Official should consider ensuring that their IT departments are performing regular patching and updates to operating systems and individual applications.

This should also include the IT department’s systems administrator who has complete access rights, or a designated systems administrator or support technician with specific access rights to Nursing Information System security information are authorized or authenticated. While there is no regulatory requirement for an entire IT system support staff to be approved for access to Nursing Information System, the Responsible Official needs some kind of assurances from their IT departments that those individuals understand the sensitivity of the information associated with their Nursing Information System activity. A possible solution to this is to designate a liaison between the entity Nursing Information System program and the IT department. Effective IT security should be considered to include procedures, such as, but not limited to: a) Authenticating the user (one-factor authentication (i.e., username and strong password)) b) Enhanced background screening for primary systems administrator or equivalent c) Network firewalls

d) Anti-virus software or intrusion prevention system
e) Internet security software package
f) Encryption between hosts
g) Secured zone (where the computers and servers are housed such as LAN closets, computer rooms) One of the most complex decisions that an Responsible Official faces with respect to staff providing support to an entity’s Nursing Information System -related security information systems is: “Should these individuals have an CID security risk assessment?” In considering this issue, the Responsible Official should remember that the CID security risk assessment is required for those individuals with unescorted access to the Nursing Information System, not to Nursing Information System information per se. If the Nursing Information System access control system at an entity is designed so that an IT support person would be able to gain access to Nursing Information System through manipulation of the IT system, then these individuals should be submitted for approval to access Nursing Information System and undergo a security risk assessment. Information security can be more challenging to achieve at small and (perhaps) moderately sized Nursing Information System entities because they may not have a robust security infrastructure and support network. Nonetheless, these entities must establish policy and procedures that are structured to meet their IT security needs.

These types of entities may use a simple stand-alone computer located within the Nursing Information System registered space, use a limited networked system such as a local area network (LAN) with no internet connectivity, or an intra-net application for such use as a wide area network (WAN). Each configuration comes with risks, and, as such, requires an equivalent level of IT security for safeguarding Nursing Information System information. For example, if a moderately sized entity has more than one research function (i.e., both non- Nursing Information System and Nursing Information System) and uses a local area network with a common file sharing or mainframe server, the entity should consider strong IT security protocols such that isolation (firewall, domains) of the Nursing Information System security information from the non- Nursing Information System information and other administrative access rights is achieved. Small organizations may not have in-house support people to service and maintain their IT infrastructure. If there is a third-party support unit for IT, the Responsible Official should consider having in place policies and procedures to address how the support is provided, under what conditions, and the extent of access to the operating systems and data. The Nursing Information System regulation provides two means of accessing registered space 1) SRA-approved individuals, and 2) escorted individuals. The entity will need to determine the best approach that will meet their IT needs. Responsible Official s for the small and moderately sized entities should consider having clear written protocols to include the following IT security features: a) Strong log-on password(s) with expiration dates

b) Firewall or unified threat management system
c) Anti-virus software
d) Discourage unsecured wireless connection or limit use
e) Use a Virtual Private Network (VPN) to communicate between several offices, if applicable f) Use of reputable bonded third party IT support services should be considered. g) Secured zone (where the computers and servers are housed such as LAN closets, computer rooms)

Hardware/Downloadable Devices (Peripherals)/Data storage4.7 Hardware
As part of computer security, and for the purpose of this guidance document, hardware is being referred to as the computer (e.g., desktops and laptops); their internal operating systems (hard drive); monitor; and tablet devices that have Nursing Information System security information. It is important to the entity that proper protocols are in place to secure such devices (such as docking stations for laptops), re-emphasizing login/logout practices and safeguarding passwords. For example, if a PI uses a laptop between workstations or worksites which contain any elements of Nursing Information System security information, proper handling of the laptop would be paramount. It’s desirable that computers be located within controlled space since the room will already have some level of physical security. If laptops are used, users should physically secure the device and password/encrypt the laptop if it contains Nursing Information System security information of any kind. This practice should be extended to desktops if a PI has an office outside the Nursing Information System registered space. An entity should be wary of the inherent insecurity of tablet devices that have information storage and wi-fi capabilities, especially if they cannot be encrypted. The development of well defined policies and procedures should be considered in the entity’s overall information systems security control program. Peripheral devices

As part of the overall information systems security control there are peripheral devices to which the regulated community should pay attention. These peripheral devices can pose an unseen threat (insider/third party threat). These devices include, but are not limited to: a) USB devices (commonly referred to as flash/thumb drives)

b) USB patch cords with mini/micro connectors
c) Electronic notebooks
d) Black Berrys
e) PDA’s
f) Future technological development
Any devices, which can be hidden from sigh ht or viewed as a non-threat (BlackBerrys, PDAs etc.) pose a security vulnerability to information systems security. The regulated community may want to include these types of devices in their information systems security protocols, or, at a minimum, include them in their information security systems training program. For example, a disgruntled employee could use a flash drive to download Nursing Information System security information or even upload a malicious code designed to corrupt Nursing Information System data or computer systems. Awareness requires procedures for reporting suspicious persons or activities. This provision is not limited to physical security and should be applied to information systems security as well. Data storage

A data storage device is a device for recording (storing) information (data). A concern for the regulated community would be the storage of Nursing Information System information on media that can be removed and stored separately from the recording device on, such as computer disks, CD-Rs, flash drives, memory cards, etc. component for the purpose of archiving or maintaining a data library or personal files. If an entity utilizes these means of archiving, even on a temporary basis, they should be handled and secured as if they were a paper hardcopy (i.e., stored in a secured cabinet and in a location with the appropriate physical security measures in place).Items such as these are easily concealed and could get pass institution security. Physical Security for IT Assets

There is a perception that there is no relationship between physical security and information systems security as not having the same level of importance or even relevant to safeguarding Nursing Information System security information. This perception may be seen as physical security, as well as information security, is outside the control of the research activity only because “someone else is taking care of it.” On the contrary, IT systems that are designed to safeguard information and physical security of Nursing Information System at an entity require the same level of attention by both the service provider and the Responsible Official. If there is an “insurance plan” for information systems security control, it would be “physical security”. The regulated community should consider looking at both information systems security and physical security in order to have a complete information security program. Information security utilizes an array of software to secure data and to prevent unwanted intrusions. The physical security side is designed to augment what information security cannot do and is within the control of the entity’s Responsible Official to implement. These are: a) Ensure that only personnel authorized by the entity have access (this could and should include a systems administrator for IT and security services) b) Confirm that servers and mainframe systems that support Nursing Information System information is in a secured location if not within the Nursing Information System registered space.

c) Ensure authorized user unique access to secured locations is not shared d) Use of screens (sometimes referred to as anti-glare screens) to restrict viewing of computer monitors. e) Conduct periodic review of entry access journals and/or entry logbooks to verify that only authorized personnel are accessing space where computer systems are used (including Nursing Information System registered space), f) Ensure that hardcopy records and computer discs that are no longer useful are properly destroyed; preferably by shredding. The entity should place equal importance to physical security, especially if the computer system servers and mainframes are located elsewhere in the facility or at a remote location. It is understood that an Responsible Official may not have control over this, but an Responsible Official can engage their IT departments to get clarity on how well these areas are secured and monitored. This is also an opportunity for the Responsible Official to explain to the IT systems administrator the sensitivity of the Nursing Information System program and the requirements of the regulations that are trying to be met. Physical Security Access Controls, Closed Circuit Television and Intrusion Detection Systems Security access controls (e.g., card-key, biometric, etc.) generally operate on a separate security IT platform. The majority of these systems are isolated from other information systems and databases and not connected to the internet. There may be some intranet applications where a single platform serves multiple buildings, or rooms within a single building, which is controlled and managed at a central location.

Even these are isolated from each other by the access coding of the card-key. However, like Nursing Information System, IT information systems and databases, IT controlled security systems is an “information” database that the regulated community cannot ignore. Card-keys come in two forms: 1) a card-key that simply has the institutional logo or other graphics and is issued with an ID card; and 2) card-keys that are used as a photo-ID badge or combined with bio-metrics. Both may have personally identifiable information (PII). IT controlled security systems are designed to record entry (or exit) activity. Card-keys can contain the following information, but not limited to: a) Control number

b) Name of the individual in possession of the card-key
c) entry/exit rights to certain spaces, floors and doors
d) Assigned department
e) Security clearance level, if applicable
As with the IT departments, the Responsible Official should consider engaging the organization’s security department, or security service provider, to work out any physical security requirements for the Nursing Information System registered space and establish protocols to ensure that the entity’s Nursing Information System program is safeguarded. Physical security IT platforms must meet the confidentiality, integrity and availability criteria as well. Such discussions should include: a) Establishing a liaison between the security department/service provider and hospital’s Nursing Information System program. b) Is the security server/mainframe in a secured space with restricted access? c) Are security equipment closets secured with restricted access? d) How is stored/archived information protected?

e) Who has access to the information?
f) Do doors that access Nursing Information System registered space “fail-secure” in the event of power loss? g) Are card-keys promptly inactivated when there are staff changes in the Nursing Information System program? h) Establish protocols/agreements for routine review of entry access journals to registered Nursing Information System space. Much of the above is directed towards safeguarding information regarding individuals that are approved for access to Nursing Information System and securing the space where IT devices such as desktop and laptop computers are used for Nursing Information System activity; as well as file cabinets and other equipment that maintain Nursing Information System security information. Protection of physical security information relies heavily on controlling entry access to the registered space. Closed Circuit Television (CCTV) and CCTV surveillance

Some registered entities use Closed Circuit Television as simple recording (informational) devices that are not monitored, but record activity in and around Nursing Information System areas. They are usually reviewed periodically by the organization’s Nursing Information System leadership or when there is a discovery of an incident. Closed Circuit Television surveillance is a monitored, usually 24/7, application. Monitoring is performed by a trained security staff or a security service provider. More than likely the regulated community has no direct responsibility for maintaining Closed Circuit Television systems, therefore an Responsible Official needs to be wary of the information being recorded and the retention of archived information. If an entity’s security staff, or Closed Circuit Television support provider, is responsible for maintaining video records, the Responsible Official should work out a retention period and a security storage plan for the archived video media for the registered spaces that are being monitored. Retention of video records is not a provision of section 17(c) of the select agent regulations which require 3 year retention. However, the Federal Select Agent Program recommends a 45 day retention period for these video records. At the end of the retention period the data storage media could be destroyed. Intrusion Detection System (IDS).

As the name implies, an intrusion detection system (IDS) detects; it can also record data (information) regarding access to the Nursing Information System registered space whether it’s a single room or an entire building. An Intrusion Detection System for building security should not be confused with an Intrusion Detection System for IT systems. An Intrusion Detection System for building security uses an array of devices such as motion sensors, glass-break sensors and infrared sensors. In physical security, an Intrusion Detection System is designed as a component of a security access control system (card-key, biometrics, etc.) or stand alone as a single system for the sole purpose of monitoring access entry points or areas of buildings with vulnerabilities, such as windows, to alert a security response force. An Intrusion Detection System for an IT system is sometimes referred to as an intrusion prevention system (IPS) where they use anti-virus software to inhibit the action of malware. The data collected by an Intrusion Detection System can provide useful information to the Responsible Official when resolving incidents of unauthorized access. Handling of the data should mirror the management of data collected by a Closed Circuit Television system. Backup Security Measures

Backup security measures need to be in place for both information security control and physical security associated with the entity’s Nursing Information System program. This is to ensure that integrity is maintained for the information and physical security systems of the entity’s Nursing Information System program. Backup security measures can take many forms, depending on the size and mission of the organization. For example, large organizations, in most cases, have backup power generators to support critical infrastructure such as IT based security and information systems. Having a backup power generator can solve many issues in maintaining the integrity of critical systems. Unfortunately, not all registered entities have the luxury of power generators. This does not mean that these entities have no recourse. An Responsible Official should have alternate plans in place to mitigate the problem, such as posting guards, roving security patrols or ensuring that the access control system has a “fail-secure” feature during the period of lost power. For example, an entity that has an access control system, with no connections to an existing alternate power source, should make sure that all doors within the Nursing Information System activity area “fail-secure.” This provides an immediate lock-down of the space without sacrificing the safety of individuals in the laboratory.

In the absence of a “fail-secure” system the entity should establish procedures to prevent unauthorized access until power is restored. If the Responsible Official is unsure that their space has a “fail-secure” system, then the Responsible Official should have a discussion with their security department or security service provider to determine how the access control system functions during a power outage. Similar precautions can be implemented for information security. For those organizations that do not have an alternate power source, the entity should consider or verify the following: a) Nursing Information System security information is automatically backed up according to a predetermined schedule and the backup process should be periodically checked to ensure that the data is backed up properly.

b) Provide backup hard-drives to critical Nursing Information System security information systems c) Use of an Uninterruptible Power Source (UPS) with sufficient power to allow for the manual saving of data and computer shutdown d) Nursing Information System laboratorians periodically save information while actively engaged in entering information into databases. e) Save Nursing Information System security information on portable media where the files are password protected and secure portable media in a lockable file cabinet, File cabinets that contain Nursing Information System information should be secured in the Nursing Information System registered space or the duty office of the laboratorian with restricted entry access. Whatever backup security measures the entity implements, the policies and procedures need to be written into the entity’s security plan. Any and all computer security incident management procedures should be incorporated into the entity’s written incident response plan (Incident Response) of the select agent regulations which should specifically include a disaster recovery plan for Nursing Information System security information. Risk Management and Computer Security Incident Management Risk Management.

Information systems control is primarily linked as a component of the entity’s site-specific written security plan. More specifically, how the entity develops its policies and procedures in safeguarding its information from unwanted intrusions must be designed according to a site-specific risk assessment. This would include evaluating the vulnerabilities and threats that could be directed at the entity’s information systems, whether network based or stand-alone. The physical security component of information systems security control is already covered when the entity evaluated its vulnerabilities and threats towards safeguarding Nursing Information System from theft, loss or release. However, unlike physical security, information systems may be attacked without any visible trace and the Responsible Official needs assurances from their IT departments or service providers that intrusion inhibitors are fully functioning. Nursing Information System programs associated with large institutions with a robust IT infrastructure should have thoroughly evaluated the vulnerabilities and threats to the overall information systems network and incorporated the necessary intrusion inhibitors. It’s important for the Responsible Official to work with the IT department systems administrator in understanding the particular sensitivities of the Nursing Information System program. Smaller and moderate size organizations may not have this level of support. In this case, a Responsible Official may need to work more closely with their service provider to ensure the maximum level of protection is in place to address vulnerabilities and threats.

Similar to assessing the physical security threats and vulnerabilities, information systems security can follow the same concepts by evaluating through consequence assessment, and threat/vulnerability assessment. Once a thorough risk assessment has been performed by the Responsible Official and subject matter experts from the IT and security departments, the Responsible Official should consider following through with: a) Determining the risk

b) Communicating the risk
c) Managing the risk
Determining the risk: What is subject to a threat?
The network
b) The computer
c) The Nursing Information System security information Communicating the risk: Key entity leadership should determine if the current risk is acceptable by considering who should have access to the Nursing Information System information and Nursing Information System information system control databases. Managing the risk: Are the intrusion inhibitors offered by the service providers sufficient to safeguard the entity’s Nursing Information System information? Do I have a disaster recovery or back up plan in the event of a successful intrusion or uncontrolled emergency? Computer Security Incident Management

The National Institute of Standards and Technology (NIST) describes a computer security incident as “resulting from a computer virus, other malicious code, or a system intruder, either an insider or an outsider”. Similar to responding to natural disaster incidents, computer security incident management requires a process and a team to follow the process. More than likely, the team that is formed for managing an incident for the theft, loss or release of a Nursing Information System will be the same for an incident involving information systems related to security and Nursing Information System. The new player would be an individual well versed in information systems technology and security. In the event of an incident caused by an attack, the entity should have response procedures in place to recognize an event. Some attacks are detected by a sensor, a network analyst or a user reporting something unusual with the computer. Containment is critical for stopping malicious network traffic or a computer virus, the spread of which could be terminated by taking the computers off-line. Cleaning of the system should be monitored by the Responsible Official, or designee, if the IT department or service provider performs these functions. This would include ensuring the destruction of any hard drives that still maintain Nursing Information System security information including inventory records. Training

Each registered entity is required to provide security training to all individuals with Nursing Information System access approval. Security training goes beyond safeguarding Nursing Information System from theft, loss or release and should include modules for information systems control. With the varying degree of registered entities, large and small, with research from diagnostic to commercial, information security training amounts to computer security awareness. This is no different than the training that is required for security, biosafety and incident response. In each of these applications the training includes proper planning, implementation, maintenance, and evaluation: IMPLEMENTATION5.1

In order to have a successful implementation if a nursing information system a plan must be put into place and a suitable team must be chosen to make sure that the end users understand and uses the system correctly. An implementation team should be appointed in each department to participate in the implementation and sort any difficulties which may arise. This team should consist of technical staff from the information services department and informatics and clinical representatives. Before the implementation process can take place the members of the committee must first become familiar with the system that is being implemented by means of training. This training can take place either on the job in the hospital setting or at the vendor’s corporate centers. Another important aspect of implementation is to decide on what type of implementation phase the company prefers to use.

The three phases of implementation are:
Direct Implementation: In this type of implementation, the old system is directly replaced with the new system and the users start working on the new system immediately Phased implementation: In this type of implementation, different parts of the new system are implemented one-by-one or in different phases. Pilot implementation: This type of implementation allows implementation of the complete system but to a selected group of users or departments of an organization. If the system is suitable and fulfills the requirements of the organization, it is implemented for all the users. TECHNOLOGY5.2

The software technology that would be used in this system would be current
and can be upgraded quickly and efficiently if the need arises. The software will be easily adjusted to suit the needs of the organization during the test environment to prevent any disruption in the workflow. There are benefits to be enjoyed by implementing Nursing Information Systems and they include: Improved workload functionality: Staffing levels and appropriate skill mix per shift can be more easily determined by the shift modules. This leads to less time spent in designing and amending rosters. Better care planning: Time spent on care planning is reduced, while the quality of what is recorded is improved. This makes for more complete care plans and more complete assessments and evaluations. Better drug administration: Electronically prescribed drugs are more legible, thus making it less likely that drugs would be wrongly administered to patients. TRAINING5.3

Training for this system can take place either in the hospital or at the vendor’s simulation lab. The decision is up to the organization. This training will be done using a copy of the system to be implemented which mimics the original software. All relevant employees will be provide with computer literacy courses as well as advanced courses for those with basic knowledge. There will be special sessions for super users to upgrade their skills so that they can in-turn teach other members of the healthcare team about the system. They will also be thought in-depth on how to deal with any problems that may occur. The training will be done in a time that is convenient to the organization because this will allow the employees to be at work for their scheduled time without having to lower productivity. These sessions can take place after work or on the weekends to allow the employees more time to concentrate on the task at hand without any interruptions.

COST5.4
The cost of implementing this system will be a bit on the costly side but a Nursing Information System has the potential to enable a dramatic transformation in the delivery of health care, making it safer, more effective, and more efficient. Some organizations have already realized major gains through the implementation of such system and there is no reason why your organization can’t benefit from this also. The cost to implement this system will begin at $140,000 for the first phase of the project, and an additional 20,000 yearly for maintenance and upgrade fees as the need arises.

Benefits to staff, organization and patients 6 This Nursing informatics system benefits nurses and other healthcare professionals, patients, healthcare organizations, education planners and resource managers. It improves documentation accuracy, eliminate unnecessary work, enable analysis of clinical data and enhance the quality of patient care. Documentation is a primary emphasis in nursing informatics, because quality care depends on effective communication among healthcare providers. Since healthcare providers communicate primarily through the notes they write in a patient’s chart, it should be up-to-date and completed in a timely manner so that better decisions about patient care can be made. Instead of spending each shift handwriting notes into every patient’s chart, this nursing informatics system makes it possible to record notes sooner and faster using computers, handheld devices and voice recognition. This system allows other providers quick access to data collected and documented by nurses using automated systems thereby, improving information accessibility and eliminating redundant data collection by different professionals, saving them time. Automation and voice recognition reduces errors or problems associated with illegible handwriting and provide a series of checks and balances. It is convenient and permits professionals for example to view diagnostic images and laboratory results from various locations.

Time for client care is increased due to less time needed for documentation and transcription of physician orders. The barcode system for medication administration automates the storage, dispensing, returning, restocking and crediting of barcoded medications. It is inexpensive and improves safety by ensuring that the right medication is dispensed to the right patient using the barcoded patient ID band. By using the patient-charting modules, the patient’s vital signs, admission and nursing assessments, care plan and nursing notes are entered into the system and then stored in a central repository that can be retrieved when needed for drug administration. Patient satisfaction and the quality of patient care are also improved by a built-in tool that reminds nurses to provide or carry out interventions appropriate for certain patient problems. For example with a diabetic patient the nurse would be reminded to check the patient’s blood sugar level. Patient’s privacy and confidentiality is very important and therefore this system contains an information security which improves the protection of client’s information. Assess to patients records or information cannot be completed without an access code or privileges. With this system all patients’ records are electronically stored and therefore reduce administrative cost for location and maintenance of client records. Implementation of this system in healthcare may also improve communication and increase profitability. One example is inventory control. Healthcare products suppliers use technology to decrease administrative costs and to attract customers with improved inventory control. Suppliers can more quickly fill orders, check hospital inventory and allow customer to receive prices and place and confirm orders through the information system.

References

Benefits and drawbacks of electronic health record systems. (n.d.). National Center for Biotechnology Information. Retrieved July 15, 2013, from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3270933/ Korin, J. B., Quattrone, M. S., & June. (n.d.). benefits and risks of EHRs. NCHICA. Retrieved July 15, 2013, from http://www.nchica.org/getinvolved/cachi/EHRbenefits-risks.htm Network Computing. (n.d.). Network Computing. Retrieved July 19, 2013, from Setting Up Healthcare Services Information Systems – A Guide for Requirement Analysis, Application Specification, and Procurement. (n.d.). UNIFESP Virtual. Retrieved July 19, 2013, from Biohealthmatics.com – Nursing Information Systems.. (n.d.).Biohealthmatics.com – The Biotechnology and Healthcare IT Career Networking Site. Retrieved July 21, 2013, from Weber, J., & Kelley, J. (2010). Health assessment in nursing (4th edition ed.). Philadelphia: Lippincott Williams & Wilkins

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
icon
300+
Materials Daily
icon
100,000+ Subjects
2000+ Topics
icon
Free Plagiarism
Checker
icon
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access
immediately?

Your Answer Is Very Helpful For Us
Thank You A Lot!

logo

Emma Taylor

online

Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59