A drug information system is a tool that enables authorized health care providers to access, manage, share and safeguard patients' medication histories. A drug information system supports the storage and retrieval of patient prescription and medication information, and may provide application services supporting dispensing activities such as drug-usage evaluation.
Infoway pre-implementation DIS certification is relevant to health information technology solutions for drug information services.
The DIS pre-implementation certification evaluates and assesses drug information system solutions offered as a hosted service and/or a product deployed at client sites.
There are two categories of drug information systems:
- Category I Drug Information System A Drug Information System that serves only as a medication information repository, and does not provide any clinical application functionality, such as Drug Usage Evaluation or interaction checking. A Category 1 Drug Information System also does not support storage and retrieval of allergies or adverse reactions.
- Category II Drug Information System A Drug Information System that serves as a medication information repository, provides clinical application functionality, such as Drug Usage Evaluation or interaction checking, and supports storage and retrieval of allergies or adverse reactions.
The pre-implementation certification assessment requirements are focused on four areas to evaluate drug information systems:
- Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
- Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
- Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
- Interoperability requirements (optional) specifically apply to a DIS.