This paper will outline the systems development life cycle as it pertains to both the development of a custom application and the selection of proprietary systems. The major types and classifications of health care information standards and specific organizations that develop and regulate standards will be explained. The need for security information systems will be revealed and the methods to accomplish security of these systems will be addressed. Three best practices for effective IT alignment and strategic planning will be outlined.
Running head: Life Cycles, Standards and Best Practices 3 Description of Systems Development life Cycle as it Pertains to Both the Development of a Custom Application and the Selection of Proprietary Systems
The Systems Development Life Cycle (SDLC), is a six step project development process that was designed to help the development team develop the end product. The players involved are the users, systems analysts, programmers and technical specialists (Systems Development Life Cycle (SDLC), 2006-2013).
In the first step of the Systems Development Life Cycle (SDLC), an examination of the economic, technical, behavioral or organizational aspect of the business is reviewed. A determination will be made as to what needs to be done during this step (Systems Development Life Cycle (SDLC), 2006-2013).
In the second step, the organization examines any identified problems that need to be corrected. Proposals may be drafted outlining the solutions that must be satisfied. The third step identifies how the system will accomplish the tasks. The physical and logical designs come together in this step of the process; the computer hardware is joined with the communication and security issues (Systems Development Life Cycle (SDLC), 2006-2013).
In the forth step, the new system is actually developed. Once all the necessary components are received and programs installed, then all the users of new system must now be trained. Once the system is up and running and users are using and becoming acclimated to the new system, the system’s performance must also be tested. Adjustments will be made accordingly and respectively (Systems Development Life Cycle (SDLC), 2006-2013).
During the fifth step, the system is now being used. Either the old system is going to be shut down completely and the new system used immediately, or the new will be implemented Running head: Life Cycles, Standards and Best Practices 4 and the old system will be gradually phased out (Systems Development Life Cycle (SDLC), 2006-2013).
During the sixth step, the system has been in operation for a while and has been evaluated many times over. It is important that the users are kept in the loop regarding any changes to the system (Systems Development Life Cycle (SDLC), 2006-2013).
After the six steps have been completed and accomplished, the system must go on, therefore, it is important to maintenance the system accordingly ensuring updates, are being done, new features installed properly and debugging when necessary (Systems Development Life Cycle (SDLC), 2006-2013).
Description of Major Types and Classifications of Health Care Information Standards and the Specific Organizations That Regulate These Standards The Standards Development Process consists of four methods: Ad hoc, De facto, Government mandate and Consensus. ISO (International Organization for Standardization) is and organization that oversees the flow of documentation and the international approval of standards developed by its members. The members of the organization hale from many different countries. ANSI (American Nation Standards Institute) is the United States body of the ISO (International Organization for Standardization). ANSI (American Nation Standards Institute) as stated is the United States body of the ISO (International Organization for Standardization). The ANI (American Nation Standards
Running head: Life Cycles, Standards and Best Practices 5 Institute) oversees the work of SDO (Standards Development Organization) and publishes the SDO (Standards Development Organization) standards. SDO (Standards Development Organization) must be accredited by the ANSI (American Nation Standards Institute) and must follow strict guidelines to develop standards within the ANSI (American Nation Standards Institute) criteria. There are well over two hundred fifty SDOs (Standards Development Organization) which represent many industries to include health care. It is noteworthy to point out that recently within the last ten years, the IT industry has moved away from the formal process of development standards through the SDO (Standards Development Organization). The route that IT is taking is a less formal approach.
The Linux is an example of IT establishing a standard with little formal input (Wager, Lee, & Glaser, 2009). There are many types of vocabularies and to date there is still no one single vocabulary. Common coding and classifications systems include ICD-9, CPT and DRGs. The International Classification of Diseases, Ninth Revision (ICD-9) is used in the United States for the purpose of coding diseases and procedures. The federal government publishes an update each year and it can be used by virtually everyone. It is also noteworthy that many companies also republish the International Classification of Diseases, Ninth Revision (ICD-9), creating a more user-friendly version.
Initially it was created to compare illness and death all over the world but then it took a role in hospital reimbursement (Wager, Lee, & Glaser, 2009). Current procedural Terminology (CPT), introduced in 1966, is published and updated each year by the American Medical Association (AMA). Originally the Current procedural Running head: Life Cycles, Standards and Best Practices 6 Terminology (CPT) was used in the medical field as a source for uniform language to describe any type of medical and surgical services. Currently the Current procedural Terminology (CPT) is being used as standard for reimbursement services in doctor’s offices, facilities offering outpatient services and also ambulatory care (Wager, Lee, & Glaser, 2009).
Diagnosis related Groups (DRG) are used for insurance purposes for determining inpatient reimbursements. The Diagnosis related Groups (DRG) is a classification scheme that basically identifies the types of patients a hospital treats in relation to what said treatment cost the hospital. Diagnosis related Groups (DRG) are divided into twenty major systems and then they are further subdivided into over five hundred subdivisions the Medicare reimbursement (Diagnosis-related group (DRG), 2013). Discuss the Need for, and Identify Methods of, Accomplishing the Security of Information Systems
Threats the health care information systems come in many forms, such as technology malfunctions and tampering. Human nature, which we have no control over, can also cause threats to security information systems in the form of floods, fires or power outages (Wager, Lee, & Glaser, 2009).
Whether the threats are caused by internal, external, intentional or unintentional factors, the organization has to safeguard itself from all types of threats. Internal threats can be caused by employees logging on to inappropriate websites. External threats can be caused by someone outside the company such as a hacker. Intentional threats can be caused by an employee who was terminated. Because of the termination, the employee may sabotage documents, files or the hardware on the computer itself. For this reason, employers do not allow employees to return to Running head: Life Cycles, Standards and Best Practices 7 the work area after they have been terminated. If the employee is permitted to return, it is with a security officer and then only long enough to collect personal effects. Another more serious example of an intentional threat is computer viruses.
They can pose serious damage to patient information (Wager, Lee, & Glaser, 2009). Unintentional threats are also very serious and these are the threats that occur when the employee logs on to a website or checks his personal email from work and that website attaches a virus. Computer viruses as stated above are considered intentional, but in this respect, I believe that the employee is not thinking about viruses when he or she is checking personal email or going on websites such as Facebook, but the virus can be critical to the organization. For this reason, most employers have the employee sign an Affidavit stating that the employee understands and agrees with the organizations policies about computer and even phone use.
The necessity for a security information system is a must as this can be vital to the success of the organization. The organization’s information must be protected. The company needs to ensure that there is no unauthorized disclosure of classified information. In order to do this, the organization must put administrative, physical and technical safeguards in place (Wager, Lee, & Glaser, 2009).
Administrative safeguards come in the form of risk analysis which is an eight part process designed to identify risks and threats that can cause vulnerability in any area within the organization. Risk analysis is quite new to the healthcare industry. It has also established policies and procedures and specific consequences for all employees that do not adhere to these policies and procedures (Wager, Lee, & Glaser, 2009).
Running head: Life Cycles, Standards and Best Practices 8 Physical safeguards are necessary to protect all equipment and computer hardware and software. Certain employees may be assigned to specific duties to ensure the safeguard of computers and workstations (Wager, Lee, & Glaser, 2009).
Technical safeguards are vital as the organization must protect patient information. It is important for employees not to share passwords. All computers must be logged off or shut down appropriately after use. The organization should do audits often to ensure the safeguard of data and files. The internet is used commonly in all organizations. In an effort to further safeguard the organization, firewalls are built between the organization’s network used in house and the internet (Wager, Lee, & Glaser, 2009). One of the most common problems with computers in general is viruses. Virus can come in many forms and can be fatally destructive.
The most typical type of virus is the worm which can come in the form of an email. The unsuspecting person opens the email; the worm stores itself on the computer and then starts to duplicate itself over and over again. This type of email usually is mass produced to many email addresses and each person may be subject to this virus. This is why people are encouraged not to open suspicious looking email or email from unknown parties. To help prevent becoming victim to such viruses, antivirus software is recommended. Create at Least Three (3) Best Practices for Effective IT Alignment and Strategic Planning
In an effort to reach the goal of IT alignment and strategic planning, there must be a sound relationship between what IT invest will cost and the organization’s goals. Both the alignment and the organization’s strategy must be understood by the organization and both meet the organizational needs.
Running head: Life Cycles, Standards and Best Practices 9 The three best practices for effective IT alignment and strategic planning I found that will be suffice in creating the relationship between IT and the organization’s goals are diversity within the groups, looking at the big picture and open dialogue among senior management of all levels.
In order to achieve the set goals, the organization must realize that excluding areas in the organization may be harmful to the success and some people may feel slighted. This is why it is imperative for the company to include people from all areas of the company. Those people included in the group should also include all types of managers from lower level management all the way up to senior an executive managers. Including all types of managers provides the diversity among the group. They understand the day to day operations of the organization and each area, each manger can bring something viable to the table (Strategic Communications, 2010).
No one should be stifled. Everyone should have a voice. This open dialogue should be encouraged and it should be understood from the beginning that no one is there to criticize and because there is diversity among the group, there will be times that something is said that may not set well with another department or perhaps a manager. It should be understood that all dialogue should be constructive. Strategic planning is not an easy task and everyone should realize that it is for the betterment of the organization that everyone works together in an effort to accomplish the goal (Strategic Communications, 2010).
Everyone in the organiztion must keep their eyes on the big picture. The organization’s misison, vision and values must be kept in the forefront of everyone’s mind. During the strategic planning process, there will debates as everyone will not agree, but it is important for the goup to Running head: Life Cycles, Standards and Best Practices 10 remember why they are holding the planning process and also what goal they are attempting to achieve.
In summary, the organization must include all the key players, but it must not forget about the key stakeholders. The key stakeholders are those people that will be charged with implementation of the plan. The orgaziniation may also find it beneficial to give these stakeholders a voice along the way as well. With open dialogue, management at all levels and a sound plan, the organization will most likely stay on the path to success.