Transcript Slide 1

Privacy in a Healthcare Environment
David S. Muntz, SVP-IS/CIO
For Baylor Health Care System
November 19, 2007
Founding Statement
“Is it not now time to build a
great humanitarian hospital,
one to which men of all creeds
and those of none may come
with equal confidence?”
Dr. George W. Truett, 1903
George W. Truett
(In His World War I Uniform)
10/28/2007
Co-founder of Texas Baptist Memorial
Sanitarium, predecessor of Baylor Health
Care System
Baylor Health Care System
2
© 2007 Baylor Health Care System
Circle of Care
Guided by
Baylor Values
 Integrity
 Servanthood
 Quality
 Innovation
 Stewardship
10/28/2007
Baylor Health Care System
3
© 2007 Baylor Health Care System
Baylor Health Care System
• 2007 Preliminary and Unaudited Financial
Performance
• $2.7 Billion Net Patient Revenue
• $318 Million Net Operating Income (all sources)
• 16,600 employees
• 13 hospitals
• Significant teaching and research programs
• No health plan
• 3,500 physicians including 450 employed
• 128+ access points
• 130 mile diameter, all in Texas
10/28/2007
Baylor Health Care System
4
© 2007 Baylor Health Care System
Confluence of Factors Impacting Healthcare
Information Systems
• Quality indicators are universally available. Top quality is BHCS’
only option.
• The Board required “extraordinary” performance.
• The future demands a fundamental change in the underlying
processes related to delivery of health care.
• There are limited resources and a high demand for new
products, processes, and services.
• The healthcare consumer will have more choices
10/28/2007
Baylor Health Care System
5
© 2007 Baylor Health Care System
Other Influential Factors
• Quality
• Institute of Medicine’s Study of Medication Errors (national
and state implications)
• Leapfrog Group both nationally and locally
• Finance
•
•
•
•
Increasing pressures from Managed Care
Health Insurance Portability and Accountability Act of 1996
Balanced Budget Act of 1997
P4P (Pay for Performance)
• People
• Nursing shortage including other qualified and registered
clinical personnel
• Technology
10/28/2007
(Microsoft)
• Tolerance of complex systems
• Universal access
Baylor Health Care System
6
© 2007 Baylor Health Care System
Infrastructure:
Responsive & Reliable
• 2 primary data centers
• 12 satellite remote campus
communication centers
• 1 mainframe with 2 processors
• 44 midrange platforms
• 3 robotic tape silos
• Two with 6000 tapes per silo
and 120 terabytes of spinning
disk
• One with 50 tapes per silo
• 200 to 800 GB per tape
• 24 actual tape drives In the two
primary silo’s.
• Disk capacity with some form of RAID
• 2 Storage Area Networks (80
Terabytes)
• Total DAS and NAS (140
terabytes)
• 1.1 terabytes of storage on the
Mainframe
• 800+ application servers
• 22,000+ data nodes, 19,500+ voice
nodes
• 243 FON closets with 285+ UPS,
2000+ switches and routers, 1000+
WAPs
• Approximately 10,000 workstations
and 4,100 printers
• Speeds of transmission: 10/100/1000
megabits per second
• WAN – T1, DS-3, Optiman,
GigaMAN, dedicated fiber
• 2 connections to our ISP scaleable to
155 megabits total on demand
• Nine SL-100 phone switches centrally
managed
• 5,030 centralized voice mail users
• 40,000+ biomedical devices
GOAL: Create the equivalent of dial tone - 6 Sigma reliability.
10/28/2007
Baylor Health Care System
7
© 2007 Baylor Health Care System
Portal Strategy
Universal Access
• Internet based, web enabled applications
•
•
•
•
•
Physicians – myBaylorEMR.com
Trustees – BaylorBoard.com
Employees – myBaylor.com
Consumers – www.BaylorHealth.com
Education – www.BaylorHealth.edu
• Create virtual integration
• Pass user’s context to applications to avoid
multiple logins
• Pass patient context where possible
• Use desktop metaphor and place Icons for all
available applications on desktop
• Allow personalization of desktop to encourage
portal utilization
• Make security design and administration
independent of application coding
10/28/2007
Baylor Health Care System
8
© 2007 Baylor Health Care System
What are Baylor’s next
steps?
Care Model Graphic
Health System
Community
Resources &
Policies
Organization of Health Care
SelfClinical
Management
Information
Delivery
Clinical Systems
& Support
System Decision
Design Support
Productive Interactions
Informed,
Empowered
Patient and
Family
Patient Centered
Timely & Efficient
Coordinated
Evidence-based
& Safe
Prepared,
Proactive
Practice Team
Improved Outcomes
10/28/2007
Baylor Health Care System
10
© 2007 Baylor Health Care System
Relationship between clinical transformation, electronic
health record (EHR), and information systems
revision: April 24, 2007
clinical transformation
EHR
Administrative
Systems
Ancillary
Services
Clinical and Other Systems
...more than 400 applications...
Eclipsys
& GE Suites
Financial
Systems
Enterprise Project Management, Application Portfolio Management, Security, Customer Support (Help Desk, Super User, System Administrator Recruitment,
Post-implementation Support Model development), Operations, IT Infrastructure, Unified Data Strategy
Evidence, Clinical Decision Support, Process Redesign, Change Management, Governance, Customer Involvement, Training and Education
Communication, Coordination, Collaboration
Baylor Health Care System Mission, Vision, Values, Strategy, and The Care Model
·
·
·
·
·
·
·
This chart shows the relationship between functions, not departments. CT and BIS, the departments, are not represented here.
The applications are simply illustrative, not complete. The application groupings are also representative, not complete.
The dimensions are not to scale, but used to demonstrate relationships only.
Financial decision support is not shown, but does not necessarily span all activities. It is omitted from the chart.
The goal of all activities is to improve adherence to STEEEP (safe, timely, effective, efficient, equitable, patient centered care)
which can be summarized as “hardwiring STEEEP.”
There are other applications, for example payroll, which do not fit under the “clinical transformation” arc, but are important to
BHCS.
The number of applications will be reduced through a concerted effort to achieve Systemness with broad stakeholder involvement.
10/28/2007
Baylor Health Care System
11
© 2007 Baylor Health Care System
Safety and
Satisfaction
Knowledge
Based
Medicine
Clinical
Applications
Business
Operations
Foundation
The Framework for the EHR
Clinical
Decision Support
Clinical
Documentation
Common
Registration
Efficacious and Efficient
Continuous Improvement
Processes
Computerized
Physician
Order Entry
Patient
Accounting &
Patient
Management
Governance
Electronic Health
Record
Laboratory Medication Radiology
Systems Management & PACS
Contract
Management
Knowledge
Managed
Care
Respiratory
Therapy
others...
Scheduling &
Surgical
Management
Supply
Chain
Information Technology
Infrastructure
A Simple Definition
Integrating clinical and non-clinical process improvements
with enabling technologies
Hardwiring STEEEP*
• People
• Processes
• Technology
*IOM Model: Safe, Timely, Effective, Efficient, Equitable, Patient-centered care.
10/28/2007
Baylor Health Care System
13
© 2007 Baylor Health Care System
HIPAA
A Framework for Privacy in
Healthcare
HIPAA – The Intent
• HIPAA was designed to:
•
•
•
•
Ensure health insurance portability
Reduce health care fraud and abuse
Guarantee privacy and security of health information
Provide standards for electronic exchange of health information
• Examples of HIPAA’s impact include:
•
Portability.
• Guarantees medical coverage renewal, prohibits discrimination based
on health status, and eliminates some preexisting conditions
exclusions.
•
Transaction Standards and Unique Identifiers
• Creates standard formats and code sets for all major transactions that
are processed electronically provides national identifiers for providers,
employers, and health plans.
• Security Rule.
• Provides a uniform level of protection of all electronic health
information.
•
Privacy Rule.
• Addresses the rights of an individual, the procedures for exercising
these rights and the uses and disclosures of health information.
Ensure confidential treatment of patient data.
10/28/2007
Baylor Health Care System
15
© 2007 Baylor Health Care System
Evolution of The Privacy Rule
1999
2000
2001
2002
2003
Deadline
April, 2003
Final Changes
August, 2002
Proposed Changes
March, 2002
“Final” Rule
December, 2000
Proposed Rule
October, 1999
10/28/2007
Baylor Health Care System
16
© 2007 Baylor Health Care System
Baylor Health Care System’s (BHCS) Response:
People, processes, and timelines
Processes. HIPAA
standardizes how
procedures are coded and
electronic bills are
submitted. It also prompts
health care organizations to
examine processes and
change how patient
information is:
• communicated,
• shared,
• disclosed, and
• protected.
10/28/2007
People. HIPAA touches
everyone in our organization.
It requires our employees,
physicians, volunteers, and
contractors to be trained and
follow new policies,
procedures, and processes.
Baylor Health Care System
Timeline. HIPAA
sets rules for how
we should act and
penalties should
we fail to meet the
new standards.
Compliance with
HIPAA occurs in
phases, starting in
April 2003.
17
© 2007 Baylor Health Care System
National Versus State Regulation – How do we
approach that?
• Many states, including Texas, passed their own
versions of HIPAA.
• HIPAA resolved this issue by instructing that when
state and federal versions differ, the more restrictive
version applies.
• BHCS has reconciled state and federal law, and the
more restrictive law is reflected in our privacy
policies, which are the basis for our training.
10/28/2007
Baylor Health Care System
18
© 2007 Baylor Health Care System
Who Is “Covered?”
Providers. BHCS is a
health care provider. As a
physician, you are a
provider. Providers range
from large hospital systems
to individual nursing
homes, labs, and
pharmacies. Health care
providers are also doctors,
nurses, dentists,
psychotherapists, and
others who care for
patients.
10/28/2007
Plans or
insurers.
Examples include
Cigna, United
Health Care, Blue
Cross/Blue Shield,
and Aetna.
Baylor Health Care System
Clearinghouses
These are
systems that
process
information for
other companies
such as most
billing services
like WebMD
Envoy® .
19
© 2007 Baylor Health Care System
More terminology
HIPAA protects the rights of individuals, not just
patients. An individual is the subject of health
information. This can include patients and health plan
participants and their covered dependents. These same
rights extend to legally authorized representatives.
PHI stands for Protected Health Information. This is
health information—in any form—that can identify an
individual. HIPAA and Texas state law defines how PHI
may be used and disclosed.
Individually Identifiable Health Information (IIHI) is
health information that either identifies an individual or
provides a reasonable basis for identifying an individual,
by virtue of containing one or more of 18 identifiers.
10/28/2007
Baylor Health Care System
A covered entity's workforce
includes employees, volunteers,
people whose conduct is under
the direct control of a covered
entity, and people involved in a
covered entity's training
programs.
20
© 2007 Baylor Health Care System
Protected Health Information: 18 elements
•
•
•
Identifies the individual
With respect to which there is a reasonable basis to believe that the information can be used
to identify the individual
If the following information is removed, it is presumed to be non-identifiable information:
-Name
-Names of Relatives
-Street Name
-Names of Employers
-City
-Date of Birth
-County
-Telephone Numbers
-Zip Code
-Fax Numbers
-Equivalent Geocodes
-E-Mail Addresses
-Social Security #
-Medical Record #
-Health Plan #
-Account #
-Certificate/License #
-Vehicle or Device Serial #
-Finger & Voice Prints
-Internet Protocol Address
-Photo Images
10/28/2007
Baylor Health Care System
21
© 2007 Baylor Health Care System
Implementation:
System and Entity Level
Staffing
System
• Create Program
Management Office
to coordinate all
HIPAA efforts.
• Appoint System
Privacy Officer.
Local
Appoint Entity Privacy
Officer to ensure Privacy
Program implementation
at entity.
10/28/2007
Policies and
Procedures
System
Develop system-level
privacy-related policies
through entity
collaboration.
Local
Create entity-specific
procedures and
implementation plans.
Training
System
Develop and maintain
training materials for the
workforce.
• Develop courses
• HIPAA web site
•Local
Train existing and new
workforce members.
Baylor Health Care System
Reporting
Concerns
System
Oversee standard
reporting and
investigation process.
Local
Contact manager or
Entity Privacy Officer.
22
© 2007 Baylor Health Care System
Information Security Policies
0.1 Security Governance
Charter
1.0 Asset
Management
Policy
2.0 Acceptable
Use Policy
3.0 Asset
Protection Policy
1.2
Configuration
Management
Standard
2.1 Internet
Acceptable Use
Standard
3.1 Access
Control Standard
2.2 Email
Acceptable Use
Standard
3.2 Physical
Access Standard
2.3
Telecommunicati
on Acceptable
Use
3.3 Encryption
Standard
1.3 Change
Control Standard
3.5 Anti-Virus
Standard
2.4 Software
Acceptable Use
Standard
3.6 Auditing
Standard
2.5 Misuse
Reporting
Standard
3.7 Remote
Access Standard
4.0 Asset
Identification &
Classification
Policy
5.0 Threat
Assessment &
Management
Policy
6.0 Vulnerability
Assessment &
Management
Policy
4.1 Data
Classification
Standard
5.1 Threat
Assessment
Standard
6.1
Vulnerability
Assessment
Standard
4.2 Data
Handling
Standard
5.2 Threat
Monitoring
Standard
6.2 Vulnerability
Management
Standard
5.3 Incident
Management
Standard
7.0 Security
Awareness Policy
7.1 Management
SA Standard
8.0 Business
Continuity
Management
Program Policy
9.0 Risk
Management
Policy
8.1 Business Impact
Analysis Standard
9.1 Risk
Assessment
Standard
8.2 Business
Continuity Plan
Availability Strategy
Standard
9.2 Risk
Management
Standard
8.3 BCP
Maintenance &
Exercise Standard
8.4 BCP Training
Standard
8.5 EDCS Data
Backup Standard
3.8 Wireless
LAN Standard
8.6 EDCS Availability
Standard
3.9 Network
Standard
10/28/2007
Baylor Health Care System
23
© 2007 Baylor Health Care System
Privacy Policies
Privacy Policies
Consent Policy
Retention &
Destruction
Policy
Complaint
Policy
Consent
Procedure
Retention
Procedure
Complaint
Procedure
Faxing PHI
Policy
Confidential
Communications
Policy
Use &
Disclosure
Policy
HIPAA
Compliance
Monitoring Policy
Faxing PHI
Procedure
Confidential
Communications
Procedure
Use & Disclosure
Procedure
HIPAA Compliance
Monitoring
Procedure
Destruction
Procedure
Document &
Records
Retention &
Destruction
Schedule
10/28/2007
Baylor Health Care System
24
© 2007 Baylor Health Care System
Patient Rights
• Confidentiality is one of many patient's rights. Other rights
include being able to:
• read and obtain copies of their health information
• request restrictions of the use and disclosure of PHI
• request that we communicate with an individual about his/her
health information
• in a specific way or at a specific location
• request changes to health information, if an individual believes it's
incorrect or incomplete
• receive an accounting of outside disclosures
• file a complaint if an individual believes his/her confidentiality has
been violated
• These rights have exceptions and specific procedures that need
to be followed. BHCS has developed the procedures and
processes necessary to respond to patients when exercising
these rights.
• Privacy notices must be posted.
10/28/2007
Baylor Health Care System
25
© 2007 Baylor Health Care System
Organized Health Care Arrangement (OHCA)
• Establish a mechanism for free exchange of PHI
between each BHCS entity and its respective medical
staff for a hospital-based episode of care. When a
patient presents to a BHCS entity, the Notice they
receive is applicable to the entity medical staff as well
as the entity’s workforce.
Hospital-based Episode of Care
Services jointly provided to patients by a BHCS entity and members of the entity
medical staff, whether it be for inpatient or outpatient services. Does not relate to
services provided by the physician in his/her private practice setting.
10/28/2007
Baylor Health Care System
26
© 2007 Baylor Health Care System
Safeguarding PHI
Ask questions…if you
see someone
unfamiliar to you
accessing PHI.
Take precautions when
discussing PHI over the
telephone or
voicemail…make sure
that you are leaving
messages for the right
person.
10/28/2007
Conceal or secure PHI…so
that it can’t be viewed on desks,
door pockets, or in hallways.
When not in use, ensure chart
holders are closed.
Control access…to areas that
contain PHI. This means that
doors will be locked, card
access systems and other
physical access controls will be
used as necessary. The
number of designated entrances
will be minimized after normal
business hours.
Baylor Health Care System
Exercise care…when you
have to discuss PHI in
public areas such as
waiting rooms or over the
phone in public areas, so
that others don’t
accidentally hear you.
Wear your badge…so
that you can be easily
identified as an
employee, volunteer,
contractor, or
physician.
27
© 2007 Baylor Health Care System
Safeguarding PHI
Overhead Paging
Waiting Rooms
Other options
…should be limited to the
patient name and
specific instructions.
These instructions
should not identify any
PHI.
Only use the minimal
information necessary to
locate the patient or patient's
family members.
for locating the patient or
patient’s family include
using:
Message boards should
contain only the patient's
last name and initial of first
name.
• A ‘take a number’
system.
10/28/2007
Baylor Health Care System
• Electronic pagers.
28
© 2007 Baylor Health Care System
Safeguarding PHI
Whiteboards
 Should be out of public view as much
as possible.
 When in public view, boards will only
display patient last name, location, and
last name of attending physician and
caregivers.
Patient Sign-In Sheets
should not be left out for viewing by other patients
Instead of sign-in sheets, consider using:
• Individual labels that can be removed and transferred to
another sheet after each patient signs in.
• Individual sheets of paper that can be removed
• A ‘take a number’ system
10/28/2007
Baylor Health Care System
Patient Information Lists
Include medical tests,
diagnostic procedures,
surgery schedule or lab
tests. These lists should be
protected from public view.
When using clipboards, the
list should be covered with a
plain sheet of paper.
Distribution lists will be
reviewed periodically to
verify that recipients have a
need to know.
29
© 2007 Baylor Health Care System
Safeguarding PHI
Patient Identification on
Door
May contain only the
patient last name, initial of
first name, location, and
physician name. Carerelated instructions and
advisories are allowable.
Paper Records
…must be secured in storage bins until
destroyed.
Methods include:
•Document destruction services with
onsite destruction (for High Volume
Areas)
• Onsite shredding machines (for Low
Volume Areas)
• Destruction of documents by offsite
service providers—Vendors should
follow BHCS’ criteria for secure disposal
and destruction
10/28/2007
Baylor Health Care System
30
© 2007 Baylor Health Care System
Safeguarding PHI
•
Faxes
•
•
•
•
•
•
Place fax machines in secure locations
Monitor fax machines that send and receive PHI
Remove PHI from fax machines immediately after transmission
Verify fax numbers and identity of recipients before faxing PHI
Follow specific procedures when receiving or sending misdirected
faxes
Voicemail
• Listen to the entire greeting
•
Internet
• Secure sites
• Encryption for e-mails
10/28/2007
Baylor Health Care System
31
© 2007 Baylor Health Care System
Safeguarding PHI
• Electronic Health Records
• Encrypted databases
• Automated inputs
• Controlled access
•
•
•
•
•
•
10/28/2007
Security challenges
Biometrics
Quick timeouts
Role-based security
Audit trails for every screen
Active review of audit records
Baylor Health Care System
32
© 2007 Baylor Health Care System
Information Breach
Individual
The subject of
health information.
• Information breaches can result in the violation of an
individual's privacy. An information breach occurs
when PHI is:
•
•
•
10/28/2007
accessed by unauthorized individuals.
discussed without a legitimate business purpose.
revealed to those who don't have a need to know.
Baylor Health Care System
33
© 2007 Baylor Health Care System
Information Breaches
Severity level…
Minimum BHCS
corrective or
disciplinary action
includes…
Possible civil and
criminal penalties
include…
• Administering corrective
action as called for by
severity of the impact
• Requiring repeat of
applicable privacy/security
training
• Fines up to $25,000
Level-1: Carelessness
Examples include:
• Leaving documents with
sensitive information on fax
machines or printers
• Failing to completely
remove information that
could lead to an
individual’s identity from a
document
• Accidentally modifying or
altering data
10/28/2007
Baylor Health Care System
34
© 2007 Baylor Health Care System
Information Breaches
Severity level…
Minimum BHCS
corrective or
disciplinary action
includes…
Possible civil and
criminal penalties
include…
• Administering corrective
action as called for by
severity of the impact
• Requiring repeat of
applicable privacy/security
training
• Fines up to $25,000
Level-2: Curiosity or
Concern
Examples include
accessing or viewing
health information on a
family member, neighbor or
co-worker when there is no
need to know.
10/28/2007
Baylor Health Care System
35
© 2007 Baylor Health Care System
Information Breaches
Severity level…
Minimum BHCS
corrective or
disciplinary action
includes…
Possible civil and
criminal penalties
include…
• Termination of
employment
• External reporting as
necessary in compliance
with federal and state
regulations and statutory
requirements
• External reporting to
boards, professional
associations, and
certification bodies as
required
• Fines up to $250,000
• Up to 10 years in prison
Level-3: Personal Gain or
Malice
Examples include:
• Unauthorized access and
use to health information
for personal gain or
malicious intent
• Compiling mailing lists for
personal use or to be sold
or releasing celebrity
information to the media
10/28/2007
Baylor Health Care System
36
© 2007 Baylor Health Care System
It Really Happens
•
Level 2: A psychiatrist from New Hampshire was fined $1,000 for
repeatedly looking at the medical records of an acquaintance without
permission. Because there was no state law making it a crime to
breach the confidentially of medical records, the case was brought
under a law against misusing a computer. (“Psychiatrist Convicted of
Snooping in Records,” The Associated Press State & Local Wire, May
5, 1999)
•
Level 3: Country singer Tammy Wynette's medical records were sold to
the National Enquirer and Star tabloids by a hospital employee for
$2,610. William Cox's position at the hospital entitled him to authorized
access to several medical record databases. He retrieved medical
information about Tammy Wynette and faxed it to the tabloids without
her consent. In the end, Cox pleaded guilty to one count of wire fraud
and was sentenced to six months in prison. ("Selling Singer's Files
Gets Man Six Months," Houston Chronicle, December 2, 2000, p. A2)
10/28/2007
Baylor Health Care System
37
© 2007 Baylor Health Care System
General Approach:
Minimum Necessary
•
Minimum necessary guidelines apply to almost all uses, disclosures
and requests of PHI, including:
•
•
Health care operations and payment purposes.
Treatment purposes (other than the provider exception as described
next).
• Other disclosures and requests to external third parties.
•
However, every rule does have its exceptions. Exceptions to the
minimum necessary requirement include disclosures:
•
•
•
•
•
•
10/28/2007
to and requests by providers for treatment.
to the individual.
authorized by the individual.
required by law.
to HHS for compliance with the Privacy Rule.
to HHS for compliance with other HIPAA requirements.
Baylor Health Care System
38
© 2007 Baylor Health Care System
Unanticipated Impacts
•
Fundraising
•
•
•
•
•
•
•
If patient demographic data is to be used for fundraising, the Privacy Notice must state
as such
No special authorization is required if only use demographic data
May use business associates for fundraising but ensure business associate agreement
is in place
With materials sent to individuals, must include opt-out information
If individual opts-out, must be able to ensure compliance
Grateful patient referrals – problematic
Marketing
•
For marketing, authorizations are required; there are exceptions:
•
•
•
•
•
•
•
HIPAA allows communication of alternative services/treatment to patients.
•
•
•
If communication is face to face
If communication involving products or services are of nominal value, i.e., pens, calendars
Business Associate may help with marketing but ensure a Business Associate Agreement is
in place
Materials sent to individuals must include opt out clause
If individual opts-out, must be able to ensure compliance
May not sell patient’s list
Does this apply to “mass mailings”?
Not clear if Texas law offers the same latitude
Places of worship
•
•
Challenges from the pulpit
Challenges from the congregations
10/28/2007
Baylor Health Care System
39
© 2007 Baylor Health Care System
Privacy Standards:Permissible Uses and Disclosures without
Patient Authorization
•Public Health
•Reporting abuse, neglect or
domestic violence
•Health oversight activities
•Judicial and administrative
proceedings
•Law enforcement
•Decedents (coroners and funeral
directors)
10/28/2007
•Cadaveric organ, eye or tissue
donation
•Certain research
•Emergency circumstances
•Special categories (e.g.,
intelligence, military)
Baylor Health Care System
40
© 2007 Baylor Health Care System
Privacy Program
Organization
Design &
Develop
Coordinate &
Collaborate
Implement &
Monitor
System Compliance
(System Privacy Officer)
System
Privacy/
Security
Committee
Entity Privacy Officers
Entity Privacy Committees
Acknowledgements
• BHCS
• Donna Bowers, JD, RHIA
• VP of Health Information Management, Baylor Health Care
System
• Office of Information Security
• Texas Health Resources
• Patricia Johnston, CHP, FHIMSS
• System Privacy Officer for Texas Health Resources
• The Center For Learning
10/28/2007
Baylor Health Care System
42
© 2007 Baylor Health Care System
Discussion