Rose-Mharie Åhlfeldt

Improving the Information Security Model by using TFI

In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.

Introducing a process manager in healthcare: an experience report

To be efficient and patient focused, healthcare units need to be process oriented and integrated with the processes and IT systems of other healthcare units. A process manager facilitates integration of different systems by using graphical and executable process models. The process manager also communicates directly with healthcare personnel via desktop computers and mobile devices. This article reports on a Swedish project where a prototype system was developed and tested with several healthcare units. The experience shows several advantages and opportunities. For example, current information about patients can be transferred automatically between healthcare units; resource intensive manual tasks can be replaced with automated tasks; and long-term process monitoring and quality assessment can be enabled. However, introducing a process manager requires attention to issues of security, ethics and legality. Healthcare units may also show differences in security awareness and IT maturity, which could obstruct the introduction of a process manager.

Cancer patients' attitudes and experiences of online access to their electronic medical records : A qualitative study

Patients’ access to their online medical records serves as one of the cornerstones in the efforts to increase patient engagement and improve healthcare outcomes. The aim of this article is to provide in-depth understanding of cancer patients’ attitudes and experiences of online medical records, as well as an increased understanding of the complexities of developing and launching e-Health services. The study result confirms that online access can help patients prepare for doctor visits and to understand their medical issues. In contrast to the fears of many physicians, the study shows that online access to medical records did not generate substantial anxiety, concerns or increased phone calls to the hospital.

Supporting Active Patient and Health Care Collaboration : A Prototype for Future Health Care Information Systems

This article presents and illustrates the main features of a proposed process-oriented approach for patient information distribution in future health care information systems, by using a prototype of a process support system. The development of the prototype was based on the Visuera method, which includes five defined steps. The results indicate that a visualized prototype is a suitable tool for illustrating both the opportunities and constraints of future ideas and solutions in e-Health. The main challenges for developing and implementing a fully functional process support system concern both technical and organizational/management aspects.

Process Oriented Information Systems Architectures in Healthcare

In order to create value for customers efficiently and to avoid unnecessary or redundant activity, organizations need IT support that interacts well with their business processes. In addition, healthcare organizations require transparent communication between the various actors and between IT systems. A new type of process oriented integration architecture has been developed using software devices known as process managers. These use simple graphical models to visualize business process integration and facilitate its management and monitoring. This article discusses the benefits and difficulties of introducing process manager technology into healthcare, based on a project to integrate IT systems over the patient process and across several organizations. Particular problems are caused by communication across organizational boundaries, e.g. due to security issues. However, the technology is able to manage and monitor processes and to make communication simpler and saf

Standards for information security and processes in healthcare

Purpose – Regardless of who or where we are and when we get sick, we expect healthcare to make us well and to handle us and our information with care and respect. Today, most healthcare institutions work separately, making the flow of patient information sub‐optimal and the use of common standards practically unheard of. The purpose of this paper is to emphasise the use for standards to improve information security in process‐oriented distributed healthcare.Design/methodology/approach – The paper introduces a real‐life case which is analysed to highlight how and where standards can and should be used in order to improve information security in process‐oriented distributed healthcare.Findings – In total, 11 flaws or problems in information security and process‐orientation are identified. From these, six changes are suggested which address how information is handled, and how organizational routines should be standardized.Research limitations/implications – The case setting is Swedish healthcare, but problem...

Introducing the Common Non-Functional Ontology

Enterprise systems interoperability is impeded by the lack of a cohesive, integrated perspective on non-functional aspects (NFA). We propose to respond to the fragmentation in NFA research by supporting a shared, common understanding. For this purpose:- first, we propose a common NFA ontology, which generalizes and integrates the different non-functional aspects under a common top-level ontology. Second, we introduce a series of specialized ontologies on specific non-functional aspects, such as trust, risk, privacy, threat and misuse. By fostering a consensual and shared view of the non-functional aspects domain, we aim to move closer to enhancing semantic enterprise interoperability. This shared perspective on what non-functional aspects are and how they relate to the other ‘functional’ aspects of enterprise systems, is the key towards enterprise interoperability.

Disturbing or facilitating?--on the Usability of Swedish eHealth Systems 2013.

As many evaluations show, healthcare organizations do not accomplish the intended effects of their eHealth systems due to inadequate usability. On behalf of the Swedish Ministry of Health and Social Affairs, the usability of current eHealth systems in Swedish healthcare have been analysed from the perspective of healthcare and social service professionals. The objective of the study was to report on current problems, potential solutions as well as to relate these to research in relevant areas. Using a participatory approach, seven workshops were held where researchers within health informatics collaborated with staff from different care providers, representatives of the national associations of health and social care professionals and the national eHealth system vendor organization. This paper presents a foundation for further development of eHealth systems, condensed into 10 issues that the Swedish health and social care professionals find imperative to improve. The study emphasizes that the development of eHealth systems is always a matter of organizational and process development and must be integrated into the care practice improvement process. Further, based on the findings, some identified challenges are discussed.

Patient Safety and Patient Privacy When Patient Reading Their Medical Records

When patients get access to their personal health information new security demands arise. This paper presents results from a study aiming to improve the understanding of how the patients’ different perceptions of their own personal health and health information preferences can be linked to anticipated positive and negative security concerns. The analysis and discussion focuses on investigating how the security issues and patients’ perception on the benefits and threats of accessing their medical records relate to each other. The results show that a more holistic systemic perspective to information security is needed to support the effective use of medical records in the healthcare in information and data driven society in order to improve both patient safety and patient privacy.

Information Security Problems and Needs in Healthcare : A Case Study of Norway and Finland vs Sweden

In healthcare, the right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is also common for patients to visit more than one healthcare provider, which implies the need for crossborder healthcare and a focus on the patient process. Countries work differently with these issues. This paper is focused on three Scandinavian countries, Norway, Sweden and Finland, and their information security problems and needs in healthcare. Data was collected via case studies, and the results were compared to show both similarities and differences between these countries. Similarities include the too wide availability of patient information, an obvious need for risk analysis, and a tendency to focus more on patient safety than on patient privacy. Patients being involved in their own care, and the approach of exchanging patient information are examples of differences.