For_Dummies_HCM

86 PART III Rollout of an HCM Specify which data you want to share for each target group. A good classification based on a filing plan as well as a multi-format viewer, which allows you to select, provide or send data in a targeted manner, are helpful here. When actively sending data, you should ensure that the recipients can be specifically selected and that the data can only be seen by the selected recipients. Some interfaces support you in this: IHE XDS and DICOM interfaces acknowledge the receipt of data in a technical manner and support secure encryption procedures that ensure the authenticity of the recipient. Be sure to test in advance whether data will reach the appropriate recipient in a targeted manner. With regard to your own data security, it makes sense not to provide data that is intended for external access directly by your live system. Due to software errors or vulnerabilities, external parties may gain unauthorized access to data. It is therefore better to copy the data to a specially secured area. In technical jargon this area is also called the »demilitarized zone (DMZ)«. While taking data protection and your access rights concept into account, external users can then access the data via a web-based multi-format viewer. Web-based interfaces based on the IHE XDS profile are frequently used. The required interfaces must be provided by your HCM system. This also includes the requirement that all outgoing data is classified according to the cross-institutional filing plan, because this classification must be supplied with the data. Record what data you shared with whom at which time. If in doubt, retain such data separately or longer than you have to. A good HCM system will support you in doing this. When the need arises you can then prove what you have and what you have not provided. Don’t disregard the patient One potential user is often overlooked: the patient. Currently, the patient receives his or her data as required in paper form or on a storage medium. Consider these processes when planning your interfaces – especially when automated systems such as CD burning robots are used to write to digital media. The best thing to do is to completely rethink the subject. After all, the HCM system offers you completely new opportunities. And direct patient communication should also benefit from them. Because creating paper printouts or a CD for patients is cost-intensive, you should move toward offering your patients data for viewing and downloading, either directly from the HCM system (naturally with a DMZ as intermediary) or via a patient portal.