Relationship between EBP and Informatics: Clinical Guidelines
Evidence-based practice (EBP) can be defined as the application and translation of previous research discoveries to everyday patient care practices and clinical decision-making. More so nowadays, as technology advances and is widely being adopted, a clear relationship between EBP and Informatics can be observed. With the help of Informatics and the technologies and methods that come of it, the acquisition, processing, and analysis of a wide variety of healthcare data is made abundantly simpler. The same can be said regarding research data. Informatics methods and technologies can be leveraged for use on research data with an end goal of translating it and applying it in day-to-day clinical practice settings, and thus reaching a level of EBP.
The combination of these two ideas, EBP and Informatics, has been at times referred to as Evidence-based Health Informatics (EBHI). Rigby (2016) has defined this concept as “the conscientious, explicit, and judicious use of the current best evidence when making decision about the introduction and operation of IT in a given healthcare setting”. Rigby also goes on to make the point that EBHI must be an “ethical imperative” since there should be no changes in healthcare practice implementations unless these changes are proven to be safe, beneficial, and optimized to produce net benefits. This idea plays exactly into what broad Informatics does to support clinical activities or constructs, such as clinical guidelines.
Clinical guidelines are best-practice statements that have been systematically designed to provide direction for both clinician and patient decisions. These guidelines come in a variety of forms. From extremely detailed step-by-step guides to more stylistic graphical depictions, and even patient management algorithms, guidelines of all types are ultimately developed to assist the end user(s). An example of a clinical guideline can be seen in the graphical depiction below, which was gathered from the Journal of the National Comprehensive Cancer Network (JNCCN).
This graphical clinical guideline depicts just part of the process of breast cancer screening and diagnosis, showcasing some of the many paths taken when evaluating a patient during a breast cancer screening. It is safe to assume that to construct such a detailed clinical guideline, the use of current Informatics methods and tools were needed. Per the class reading by Horn (2015), it is showcased how a sophisticated and targeted study yields data and information on the best possible treatment of individuals with varying and unique characteristics stemming from instances of traumatic brain injury (TBI). An outcome from the study was a baseline admission FIM cognitive score for the use of analyzing best possible treatment combinations. Although probably just short of being called a formal clinical guideline, this and the other findings can surely serve as the groundwork for a guideline to-be.
The same can be said of other clinical guideline development. With the same or similar sophisticated statistical methods and tools, baseline knowledge that goes through several iterations and contributions becomes a robust guideline, like the breast cancer screening and diagnosis guideline published in the JNCCN that can be leveraged for clinical use.
Additionally, because of technologies and tools such as large data repositories (like databases), centralized or in the cloud, previous research can easily be queried and leveraged for any future clinical guideline creation. There is an abundance of data already collected on various topics. A quick and simple search tends to yield results. Results that can usually be easily exported for plug-and-play use in various Informatics tools. If there is a lack of data, then studies can be conducted and Informatics methods and tools (i.e., Data Mining) can also be leveraged to completely analyze the new data set(s), with the intent to further medical knowledge through new guideline creation and dissemination of findings.
Evaluation of clinical guidelines can come about from a variety of reasons. From a need to revisit outdated or conflicting data, or to further previous medical findings in a certain area, there are a variety of reasons and methods to evaluate clinical guidelines. One common method, that was discussed in the Penny (2012) reading, was the use of various data mining techniques. Pouring through previous research data and gathered evidence can be a daunting and sometimes difficult task. However, using data mining techniques such as algorithms, decision/classification trees, etc. the data can be thoroughly investigated, scrubbed, and analyzed for hidden meanings or higher-level evidence that can then be leveraged as new information for dissemination or guideline creation. Additional Informatics tools and technologies that can be leveraged for the same, include but are not limited to databases, EHR and EMRs, etc. which can be accessed through tools such as HIEs. Even more specifically, for the use of federated HIE models (Braunstein, 2014), Direct technologies are a perfect example of Informatics in use for the access and communication of data, evidence and even guidelines in clinical settings.
Data source (standard terminologies) have the potential to play a substantial role in the maturity of any clinical guideline, as well as other standardized healthcare processes. Because there is no one universally used or centrally managed system, different healthcare settings are left to make their own decisions as to what data they decide to collect and in what fashion. For example, it is common that an EHR/EMR in one part of the US will not look the same or house the same form of data in another part of the country. The collected information could be the same, but perhaps the wording or data types collected are not i.e., strings of characters vs. integers for prescribed amounts of medications. However, there are standardization codes to aid in such cases. A couple that have been discussed through readings (Braunstein, 2014) are ICD-9-CM and SNOMED CT diagnostic codes. Unless a computer is collecting the data (and sometimes even this isn’t good enough for standardization either), human provided data should be overly trusted since they tend to record information differently from one person to another. Using standard language/syntax, collected data and evidence can be transcribed and leveraged in the construction of clinical guidelines. Doing so would bring the healthcare industry one step closer to achieving standardization of data, information and evidence used in the clinical setting. For example, if the same language presented in the breast cancer screening and diagnosis guidelines were standardized, then the information later collected and used in practice would be more uniform across the board. Although an undertaking that is easier said than done, the use of Informatics can make this an achievable endeavor.
Informatics on Clinical Guidelines and IT Security:
For my particular focus area, that being the intersection of IT Security and Healthcare Informatics, there are several “guidelines” or best-practice standards to follow when implementing technology into a healthcare setting. In general, there are organizations such as the National Institute of Standards and Technology (NIST) that provide broad guidelines known as cybersecurity frameworks for public use in various settings. These same guidelines can be applied to more specific settings, like clinics. Health Informatics and Health centered organizations like the Office of the National Coordinator for Health Information Technology (ONC) and the United States Department of Health and Human Services (HHS) have developed their own guidelines for this intersection. The “Guide to Privacy and Security of Electronic Health Information” and “Reassessing Your Security Practices in a Health IT Environment: A Guide for Small Health Care Practices” are two examples, respectively. Just these two examples seem more than adequate in providing the necessary baseline understanding and steps in setting up a secure network that protects assets, monitors, and manages IT-related risks.
The beauty of organizations like NIST and their broad guidelines, as that they can easily be applied to many different settings, of different sizes or specializations. Personally, the only thing that I would change with the guideline provided by the HHS is to provide literature on a broader body of clinics, and not just small-scale sites. Although it is very likely that a resource like that exists, I was not able to readily find it on the HHS site.
One way that Informatics solutions could be used to improve guidelines, particularly the two previous examples, would be to leverage newer data being collected at the clinic level to drive novel examples that end up in the guidelines. These current use cases would entail technologies that have not yet been addressed, such as Health Information Service Provider (HISP) use for verifiable internal or external messaging and communication through Direct. To qualify such a technology for being a use-case, data could be gathered to observe how extensively the solution is used in healthcare settings. Subsequently, data and information on security issues that result from this Informatics solution can also be collected and presented, to ultimately provide guidance for those users looking to implement the solution in their environments.
Relationship between PBE and Informatics: Evidence Derived from Practice
The relationship between Practice-based Evidence (PBE) and Informatics, tends to overlap quite a bit with that of the relationship with EBP. After all, PBE tends to be the precursor and ultimate driver of EBP efforts. Touched upon briefly before, the field of Informatics along with its methods and common tools, sets itself up nicely to assist in multiple facets of PBE. Starting from the actual gathering of evidence (data) from clinical practice settings to the application of said data in advanced studies or out in the field, Informatics brings along with it advanced developmental, communication, and analytical tools that make the feat of producing PBE a lot less problematic.
As mentioned previously, Informatics lends a hand in the complex field of research studies, particularly when it comes time for advanced statistical analysis. After data for PBE use has been selected, whether the data is freshly collected or not, researchers are still presented with the challenge of making sense of the data, to ultimately prove or disprove a healthcare related hypothesis. At this point various statistical techniques can be employed, such as multivariate analysis, or even newer and far more sophisticated data mining techniques. These techniques can be leveraged to evaluate and find meaning in the dataset(s), that otherwise could not be done with more traditional techniques or at the very least not as easily.
Once conclusions have been drawn from the analyzed data and findings have been published, the next logical step for PBE would be the dissemination of said findings to the healthcare community. Although a main issue that plagues the healthcare community today is a lack of time or incentive for clinicians to review all the extensive published research out there, Informatics tools have made the access and communication of said research a lot simpler over time. Currently, there are numerous reputable public and private sites, each with their own databases, modules, and even analytical tools to assist in the retrieval of research data and findings. Whereas a few years ago, a clinician might have had to compare certain findings from a research study in-house with their own unique dataset (i.e., population of overweight urban children under 15 years old), there is a very good chance that the data already exists, or the actual analytical work has been done or can be easily done. So, all a clinician would need to do is access the wide array of resources currently available and conduct some less-intensive research for the desired information.
Data Mining at the Crossroads of Healthcare Informatics and IT Security:
Even though data mining is a relatively newer field, it certainly has caught a lot of traction since its inception. First being leveraged heavily in the marketing business world to capture untapped profits, nowadays the technology is slowly but surely being adopted in various other areas. One such area is Healthcare. Another area that is also seeing the emergence of data mining techniques is IT Security. Data mining techniques are being heavily leveraged in IT Security for its advanced capabilities to detect malware before it is too late. Through pattern detection techniques, data collected on infiltration efforts can shed light as to when attackers are more likely to strike, why (certain events), or how. Since both the Healthcare industry and IT Security have been seeing growth in the areas of data mining and machine learning, I believe that the marrying of both areas around the idea of utilizing both advanced Informatics techniques can only benefit any healthcare setting that adopts these practices.
One particular use case for data mining in healthcare, with an emphasis on IT Security, would be to collect data on possible entry points for attackers to infiltrate a healthcare network, possibly in the form of event logs. One particular entry point that stood out to me from Braunstein’s work was the use of HISPs and Direct messaging for provider and even patient communication (2014). Although the technology seems robust, and the use of PKIs is a commonly used tactic to combat unwanted infiltration, email and messaging communication vectors tend to still be an all-time favorite method that attackers like to leverage to wreak havoc on a network and even compromise an organization with precious data like Protected Health Information (PHI). It would be an interesting study to see if users are careful with their Direct emails, whether clicks on malicious URLs occur using those emails, and whether any unwanted malware ends up anywhere during the communication cycle. To do so, techniques like data mining would come in handy, especially to sift through thousands of potential email phishing log data. However, there a couple of issues that come with the use of log data for security recon. One being the sheer amount of data. Although data mining could be used to dig through it, this process would most likely be resource intensive. Not to mention that log data tends to not be as straight forward or easy to read unless properly parsed. There are various vendors out there that provide solutions for working with machine-generated data, one being Splunk. Again, solutions like these are both financially and resource intensive, so electing to use them would necessitate buy-in from most if not all applicable stakeholders, something that seems particularly difficult in smaller or privately owned clinical settings.
CDS and IT Security: Opportunities for Integration, Required Management, and Efficiencies
Clinical Decision Support (CDS) is a key functionality found in Health Information Technology that helps provide clinicians or patients with timely information that helps inform decisions at the point of care. This is commonly accomplished by sifting through enormous amounts of collected data, stemming from EHRs or repositories, and then suggesting the best next steps for treatment(s).
I believe that there is some opportunity to implement CDS type functionality and tools in conjunction with one of the major areas of focus in IT Security, that being data Integrity. The idea of a Personal Health Record (PHR) was particularly of interest to me when first reading about it. The first thing that came to mind was how the data being input by a patient would align with the data standards set by a healthcare organization. Like a children’s toy involving shaped pegs and holes, would patient provided data in the shape of a square peg be allowed in a triangle opening? Then, the ideas of data scrubbing and standardization and even proper data capture design occurred to me. These ideas allow this technology to not be overly difficult to implement at an organization attempting to leverage patient provided data. For example, if standardized patient forms with just drop-down menus are used, this could aid attempts to eliminate data-entry errors. However, at the same time, I am personally a little reluctant to completely trust a patient to provide high-level health information. If a device like a smartwatch could provide heartrate readings, then that would be acceptable, but anything less, not so much. So, this is where the idea of crossing CDS systems with IT Security, particularly checks for data integrity could come in handy.
The general concept would follow a decision tree style format, where one of the first gates for PHR data input would be something along the lines of “Was this data auto-generated by an approved medical device?” or “Was this data manually collected by the patient?”. This would then trigger appropriate checks to properly vet, transform, or mark the data as “non-official”. Later, at the point of care, CDS systems would be able to recognize these more or less “data compliance” checks and be able to suggest appropriate treatment options. For example, if a patient had recently conducted some simple vitals or blood tests at home, then these would not be required upon admittance at a clinic or hospital.
In essence the goal of CDS, in conjunction with IT Security, would be to provide the necessary mitigative steps, or “checks”, to allow for increased efficiency and cost savings initiatives. By looping in an IT Security mindset and applying it to innovative ideas, CDS technologies would be allowed to function without any worry of data integrity or compliance issues. This is a currently popular idea when developing new and efficient technologies. The idea of putting IT Security at the forefront of any new technology development, is sure to prevent any security or compliance headaches down the line.
Ultimately, CDS would be the most effective in the hands of the clinicians wielding the technologies and making the health-related decisions. In my previous example, data provided by a patient would need to be taken with a grain of salt, unless a clinician has a very good reason to think that it is quality data. The systems would automatically deem the data as “unofficial”; the ultimate decision would be handed down to the authority, in this case a clinician. In an outcomes-based clinical setting, this particular use of CDS tools would end up saving considerable amounts of resources of various types. However, implementation of such tools would be dependent upon stakeholder buy-in. If approved, the tools could be implemented at various points in the data gathering process, not just limited to PHRs. The same concept could be translated to EHRs, where data checks would ensure data is up to date and not stale, otherwise alerting if so. Such an undertaking would require significant documentation and subsequent review and approval of said documentation. This documentation would need proper vetting from various stakeholders, namely a review board, physicians, and informaticists. The goal remains the same, and that would be the ability to capture patient level data that the healthcare organization is comfortable in accepting as valid, and eventually promoting to a patient’s EHR/EMR. Data that could very well end up in formal research studies, and thus requiring high levels of integrity to be accepted.
Works Cited
Tallie Casucci, M.-J. (G. A., Tallie Casucci and Barbara Wilson | 4 minutes, & minutes, K. G. | 4. (2021, February 26). What is evidence-based practice? What is Evidence-Based Practice? Retrieved October 5, 2021, from https://accelerate.uofuhealth.utah.edu/improvement/what-is-evidence-based-practice.
Rigby, M., Magrabi F., Scott, P., Doupi, P., Hypponen, H., & Ammenwerth, E. (2016). Steps in
Moving Evidence-Based Health Informatics from Theory to Practice. Healthcare informatics research, 22(4), 255-260. https://doi.org/10.4258/hir.2016.4.255
Clinical guideline. IAHPC Pallipedia. https://pallipedia.org/clinical-guideline/. Accessed October 4, 2021.
Bevers, T. B., Helvie, M., Bonaccio, E., Calhoun, K. E., Daly, M. B., Farrar, W. B., Garber, J. E., Gray, R., Greenberg, C. C., Greenup, R., Hansen, N. M., Harris, R. E., Heerdt, A. S., Helsten, T., Hodgkiss, L., Hoyt, T. L., Huff, J. G., Jacobs, L., Lehman, C. D., … Kumar, R. (2018). Breast cancer screening and diagnosis, version 3.2018, NCCN clinical practice guidelines in oncology. Journal of the National Comprehensive Cancer Network, 16(11), 1362–1389. https://doi.org/10.6004/jnccn.2018.0083
HealthIT.gov. (2015, April). Guide to privacy and security of electronic health information. Retrieved October 5, 2021, from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf.
United States Department of Health and Human Services. (n.d.). Small practice security guide – hhs.gov. Retrieved October 5, 2021, from https://www.hhs.gov/sites/default/files/small-practice-security-guide-1.pdf.
Horn, Susan D., et al. Traumatic Brain Injury–Practice Based Evidence study: design and patients, centers, treatments, and outcomes. Archives of physical medicine and rehabilitation 96.8 (2015): S178-S196.
Penny, K. I., & Smith, G. D. (2012). The use of data‐mining to identify indicators of health‐related quality of life in patients with irritable bowel syndrome. Journal of clinical nursing, 21(19pt20), 2761-2771.
CMS – Centers for Medicare and Medicaid Services. (n.d.). Clinical decision support Tipsheet – CMS. Retrieved October 5, 2021, from https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/ClinicalDecisionSupport_Tipsheet-.pdf.