Ali Sunyaev

Determinants of physicians’ technology acceptance for e-health in ambulatory care

BACKGROUND Germany is introducing a nation-wide telemedicine infrastructure that enables electronic health services. The project is facing massive resistance from German physicians, which has led to a delay of more than five years. Little is known about the actual burdens and drivers for adoption of e-health innovations by physicians. OBJECTIVE Based on a quantitative study of German physicians who participated in the national testbed for telemedicine, this article extends existing technology acceptance models (TAM) for electronic health (e-health) in ambulatory care settings and elaborates on determinants of importance to physicians in their decision to use e-health applications. METHODS This study explores the opinions, attitudes, and knowledge of physicians in ambulatory care to find drivers for technology acceptance in terms of information technology (IT) utilization, process and security orientation, standardization, communication, documentation and general working patterns. We identified variables within the TAM constructs used in e-health research that have the strongest evidence to determine the intention to use e-health applications. RESULTS The partial least squares (PLS) regression model from data of 117 physicians showed that the perceived importance of standardization and the perceived importance of the current IT utilization (p<0.01) were the most significant drivers for accepting electronic health services (EHS) in their practice. Significant influence (p<0.05) was shown for the perceived importance of information security and process orientation as well as the documentation intensity and the e-health-related knowledge. CONCLUSIONS This study extends work gleaned from technology acceptance studies in healthcare by investigating factors which influence perceived usefulness and perceived ease of use of e-health services. Based on these empirical findings, we derive implications for the design and introduction of e-health services including suggestions for introducing the topic to physicians in ambulatory care and incentive structures for using e-health.

Availability and quality of mobile health app privacy policies

Mobile health (mHealth) customers shopping for applications (apps) should be aware of app privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app privacy policies on iOS and Android. Over 35,000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of privacy policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app privacy policies. The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.

Evaluation Framework for Personal Health Records: Microsoft HealthVault Vs. Google Health

Personal health records (PHR) is a technology for managing the information playing field in healthcare. With multiple vendors competing on this relatively new market, an evaluation framework for end-user feature comparison can provide a foundation for system adoption decisions. Also it can serve as a starting point for requirements analysis for new systems. In this work we elicit a list of 25 end-user features, which in our view are necessary for a successful PHR implementation. We provide rationale for their inclusion as well as suggestions towards their realization. Using Microsoft HealthVault and Google Health, we test the suitability of our framework for evaluating the current two largest commercial PHR platforms.

Cloud services certification

How to address the lack of transparency, trust, and acceptance in cloud services.

Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing

Cloud computing (CC) is an emerging form of IT outsourcing (ITO) that requires organizations to adjust their sourcing processes. Although ITO researchers have established an extensive knowledge base on the determinant factors that drive sourcing decisions from various theoretical perspectives, the majority of research on cloud-sourcing decisions focuses on technological aspects. We reviewed the CC and ITO literature and systematically coded the determinant factors that influence sourcing decisions. We show that most determinant factors of sourcing decisions in the ITO context remain valid for the CC context. However, the findings for some factors (i.e., asset specificity, client firm IT capabilities, client firm size, institutional influences, and uncertainty) are inconclusive for the CC and ITO contexts. We discuss how the peculiarities of CC can explain these inconclusive findings. Our results indicate that CC researchers should draw from research on ITO decision making but re-examine ITO concepts in the light of the peculiarities of CC, such as the differences between software and infrastructure services, the self-service procurement of cloud services, or the evolving role of IT departments. By summarizing determinant factors of cloud-sourcing decisions for consideration in future research, we contribute to the development of endogenous theories in the IS domain.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

Supporting chronic disease care quality: Design and implementation of a health service and its integration with electronic health records

Chronic medical conditions take a huge toll on lives of a growing number of people and are a major contributor to the rising costs in healthcare. As patients are increasingly willing to take an active part in managing their conditions, chronic disease self-management programs and information systems that support them are recognized for their potential to improve the quality of healthcare delivery. These programs often rely on recording longitudinal patient data and analyzing it. Therefore, maintaining appropriate data quality is important for self-management programs to be efficient and safe. We designed and implemented a prototype of a health self-management service for chronically ill people. It is a distributed application that supports patients with diabetes at tracking their blood glucose levels. The main design goals were usability, extensibility, security, and interoperability. The system integrates with the Microsoft HealthVault and Google Health personal health record platforms. It utilizes industry-strength storage and security mechanisms, is scalable, and as a result, can be used to gather, securely store, and analyze patient data over long periods of time. In this article we examine how software information technology can support chronic disease self-management and its impact on the quality of patient data. Furthermore, we describe the requirements that drove the systems development, its architecture, and design decisions.

Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing

Cloud service certifications (CSC) attempt to assure a high level of security and compliance. However, considering that cloud services are part of an ever-changing environment, multi-year validity periods may put in doubt reliability of such certifications. We argue that continuous auditing (CA) of selected certification criteria is required to assure continuously reliable and secure cloud services, and thereby increase trustworthiness of certifications. CA of cloud services is still in its infancy, thus, we conducted a thorough literature review, interviews, and workshops with practitioners to conceptualize an architecture for continuous cloud service auditing. Our study shows that various criteria should be continuously audited. Yet, we reveal that most of existing methodologies are not applicable for third party auditing purposes. Therefore, we propose a conceptual CA architecture, and highlight important components and processes that have to be implemented. Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of continuous cloud service auditing. We contribute to knowledge and practice by providing applicable internal and third party auditing methodologies for auditors and providers, linked together in a conceptual architecture. Further on, we provide groundings for future research to implement CA in cloud service contexts.

A Proposed Solution for Managing Doctor's Smart Cards in Hospitals Using a Single Sign-On Central Architecture

This paper describes a single sign-on solution for the central management of health care providers smart cards in hospitals. The proposed approach which is expected to be an improvement over current methods is made possible through the introduction of a national healthcare telematics infrastructure in Germany where every physician and every patient will automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). This introduction will cause changes in many existing health care administrative processes. The example process of writing a discharge letter is used in the paper to compare two existing approaches for integrating the new smart cards to the proposed single sign-on approach. Based on the findings we support a centralized single sign-on card management approach which allows us to exploit possible process improvements now and in the future. In closing we outline further application potentials of the described approach for management of smart cards in health care and, in particular, in hospitals.

A Taxonomic Perspective on Certification Schemes: Development of a Taxonomy for Cloud Service Certification Criteria

Numerous cloud service certifications (CSCs) are emerging in practice. However, in their striving to establish the market standard, CSC initiatives proceed independently, resulting in a disparate collection of CSCs that are predominantly proprietary, based on various standards, and differ in terms of scope, audit process, and underlying certification schemes. Although literature suggests that a certifications design influences its effectiveness, research on CSC design is lacking and there are no commonly agreed structural characteristics of CSCs. Informed by data from 13 expert interviews and 7 cloud computing standards, this paper delineates and structures CSC knowledge by developing a taxonomy for criteria to be assessed in a CSC. The taxonomy consists of 6 dimensions with 28 subordinate characteristics and classifies 328 criteria, thereby building foundations for future research to systematically develop and investigate the efficacy of CSC designs as well as providing a knowledge base for certifiers, cloud providers, and users.