Use of big data by Blue Cross and Blue Shield of North Carolina.

The health care industry is grappling with the challenges of working with and analyzing large, complex, diverse data sets. Blue Cross and Blue Shield of North Carolina provides several promising examples of how big data can be used to reduce the cost of care, to predict and manage health risks, and to improve clinical outcomes.

A stimulus to define informatics and health information technology.

BACKGROUND: Despite the growing interest by leaders, policy makers, and others, the terminology of health information technology as well as biomedical and health informatics is poorly understood and not even agreed upon by academics and professionals in the field. DISCUSSION: The paper, presented as a Debate to encourage further discussion and disagreement, provides definitions of the major terminology used in biomedical and health informatics and health information technology. For informatics, it focuses on the words that modify the term as well as individuals who practice the discipline. Other categories of related terms are covered as well, from the associated disciplines of computer science, information technology and health information management to the major application categories of applications used. The discussion closes with a classification of individuals who work in the largest segment of the field, namely clinical informatics. SUMMARY: The goal of presenting in Debate format is to provide a starting point for discussion to reach a documented consensus on the definition and use of these terms.

A blueprint for 21st century health care: requirements for standard, electronic administrative data.

Starting this year, health care providers and payers in Minnesota will be required to use a single set of data specifications to electronically exchange information about patients' eligibility for insurance coverage and benefits, submit and pay claims, and exchange and record payment remittance advice. Minnesota is the first state in the nation to require such electronic transactions, which could reduce administrative costs by more than $60 million a year. This article describes the 2007 law that led to this change, the transactions to which it applies, and the penalties for noncompliance.

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

BACKGROUND: The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. OBJECTIVE: To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. METHODS: We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. RESULTS: We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. CONCLUSIONS: The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

Advanced patient records: some ethical and legal considerations touching medical information space.

The application of advanced computer-based information technology to patient records presents an opportunity for expanding the informational resource base that is available to health-care providers at all levels. Consequently, it has the potential for fundamentally restructuring the ethics of the physician/patient relationship and the ethos of contemporary health-care delivery. At the same time, the technology raises several important ethical problems. This paper explores some of these implications. It suggests that the fundamental ethical issue at stake in these developments is the status of the electronic record which functions as the analog of the health-care consumer in health-care decision making. Matters such as control and patient dignity are implicated. Other important ethical issues requiring solution include data ownership, data liability, informed consent to use and retrieval, security and access. The paper suggests that the ethical problems that arise cannot be solved in piecemeal fashion and on a purely national basis. They should be addressed in a coordinated international fashion and receive appropriate legal expression in the relevant countries and be incorporated into appropriate codes of ethics.

Data protection in health information systems (HIS).

Information and communication systems in a health (care) environment are risky systems as the data processed, transmitted, stored and retrieved are person-related. An unjustified disclosure may compromise the individual's personal or social life. Therefore these systems must be subject to carefully designed and implemented protection procedures guaranteeing the correct use of those data, corresponding in the medical sphere with the ancient Oath of Hippokrates, as well as the preservation of their correctness, completeness etc., as requested by legal regulations valid for the location of the respective computer-aided information system. The same is true for the manual handling of person-related health data by conventional methods. In any case, the data subject's right of informational self determination must be taken into account.