Zuraini Ismail

Security threats categories in healthcare information systems

This article attempts to investigate the various types of threats that exist in healthcare information systems (HIS). A study has been carried out in one of the government-supported hospitals in Malaysia.The hospital has been equipped with a Total Hospital Information System (THIS). The data collected were from three different departments, namely the Information Technology Department (ITD), the Medical Record Department (MRD), and the X-Ray Department, using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The results show that the most critical threat for the THIS is power failure followed by acts of human error or failure and other technological factors. This research holds significant value in terms of providing a complete taxonomy of threat categories in HIS and also an important component in the risk analysis stage.

Threats to Health Information Security

The purpose of this paper is to identify the threats that exist in Healthcare Information Systems (HIS). The study has been carried out in three different departments namely, Information Technology Department (ITD), Medical Record Department (MRD) and X-Ray Department in one of the leading government supported hospital in Malaysia. The hospital was equipped with Total Hospital Information System (THIS) environment. The data were collected using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The result shows the most critical threat for the THIS is the power failure. In addition, acts of human error or failure threat also show high frequency of occurrence. The contribution of the paper will be categorization of threats in HIS and can be used to design and implement effective security systems and policies in healthcare setting.

Safeguarding Malaysia's critical national information infrastructure (CNII) against cyber terrorism: Towards development of a policy framework

Critical National Information Infrastructure (CNII) is crucial to the survivability of a nation. The destruction or disruption of these systems and communication networks would significantly affect the economic strength, image, defense and security, government capabilities to function, and public health and safety. CNII would probably become an attractive target for terrorists as the result of cyber attacks could leave the nation with difficult conditions due to the disruption of critical services. This paper provides an overview on the concept and fundamental elements of cyber terrorism. This paper also highlights the cyber security policy initiatives as a guideline for the development of the policy framework. This paper further recommends the need of policy development addressing the protection of CNII from cyber terrorism activities specifically for Malaysia.

A Framework for the Governance of Information Security in Banking System

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches are highly increase in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in banking system. This paper highlights the information assets and potential threats for banking system. It further examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. This paper further proposes the initial framework for governing the information security in banking system. The framework is categorized into three levels which are strategic level, tactical, operational level, and technical level. This proposed framework will be implemented in real banking environment.

Information privacy concerns in electronic healthcare records: A systematic literature review

The concerns in healthcare services is needed to deal with privacy and data security risks in handling electronic healthcare records (EHR). With the limitation of the existing literature dealing with number of factors that influence information privacy concerns in EHR, the main objective of this study is to review recent studies on information privacy concerns in EHR and then also to categorize the related factors. A total of 199 articles were extracted using a predefined search string. A quality criterion was applied on this set of articles, a total of 18 articles were determined for further analysis. Nine factors were found to influence information privacy concerns. However, two factors, namely information dissemination and computer literacy were commonly revealed as factors attributing to information privacy concerns in the healthcare domain. The unit of analysis was further examined from two perspectives; healthcare practitioners and patients.

Key Factors Influencing the Adoption of E-government in Iran

Compare to developed countries, e-Government implementation in developing countries seems to be slower. One of the important issues for the e-Government services is adoption of users. Finding the factors which impact on the adoption of government e-Services would lead the managers to a better technology adoption model which is more suitable for e-Government. This study presents the essential factors based on the interviews with the IT managers in the public organization using e-Government services. This study uses the most discussed adoption models to identify the factors. Based on interviews done in Irans public organizations, this study finds the suitable factors and includes trustworthiness as an external key factor influencing the adoption of e-Government services.

A comprehensive adoption model of e-Government services in developing countries

Governments in the world are developing electronic governments (e-Governments) to offer better services to their citizens. By transferring from traditional government to e-Government, users will get services from government agencies much quicker without the delay caused by paper submission. Faster Government response will improve and enhance the relationship between citizens and their governments and improve the overall quality of the government services. Furthermore, governments will be more efficient and transparent as they transfer their services to e-Services. Studies show that in many cases implementing the e-Government services were not as successful as it was expected. Technology is the first need in implementing e-Government services; success in e-Government service implementation is 20 percent technology and 80 percent people, processes, and organizations. One of the problematic issues is the improper adoption of the e-Services. Several adoption models were introduced and tested, especially in developed countries. This study tries to define and propose a comprehensive adoption model suitable for developing countries using the most popular models which are TAM, TAM2, DOI and UTAUT. Also, in this model, trustworthiness as an important influencing factor is included.

Classification of antecedents towards safety use of health information technology: A systematic review.

OBJECTIVES This paper provides a systematic review of safety use of health information technology (IT). The first objective is to identify the antecedents towards safety use of health IT by conducting systematic literature review (SLR). The second objective is to classify the identified antecedents based on the work system in Systems Engineering Initiative for Patient Safety (SEIPS) model and an extension of DeLone and McLean (D&M) information system (IS) success model. METHODS A systematic literature review (SLR) was conducted from peer-reviewed scholarly publications between January 2000 and July 2014. SLR was carried out and reported based on the preferred reporting items for systematic reviews and meta-analyses (PRISMA) statement. The related articles were identified by searching the articles published in Science Direct, Medline, EMBASE, and CINAHL databases. Data extracted from the resultant studies included are to be analysed based on the work system in Systems Engineering Initiative for Patient Safety (SEIPS) model, and also from the extended DeLone and McLean (D&M) information system (IS) success model. RESULTS 55 articles delineated to be antecedents that influenced the safety use of health IT were included for review. Antecedents were identified and then classified into five key categories. The categories are (1) person, (2) technology, (3) tasks, (4) organization, and (5) environment. Specifically, person is attributed by competence while technology is associated to system quality, information quality, and service quality. Tasks are attributed by task-related stressor. Organisation is related to training, organisation resources, and teamwork. Lastly, environment is attributed by physical layout, and noise. CONCLUSIONS This review provides evidence that the antecedents for safety use of health IT originated from both social and technical aspects. However, inappropriate health IT usage potentially increases the incidence of errors and produces new safety risks. The review cautions future implementation and adoption of health IT to carefully consider the complex interactions between social and technical elements propound in healthcare settings.

A Tree Model for Identification of Threats as the First Stage of Risk Assessment in HIS

Security remains to be a critical issue in the safe operation of Information Systems (IS). Identifying the threats to IS may lead to an effective method for measuring security as the initial stage for risk management. Despite many attempts to classify threats to IS, new threats to Health Information Systems (HIS) remains a continual concern for system developers. The main aim of this paper is to present a research agenda of threats to HIS. A cohesive completeness study on the identification of possible threats on HIS was conducted. This study reveals more than 70 threats for HIS. They are classified into 30 common criteria. The abstraction was carried out using secondary data from various research databases. This work-in-progress study will proceed to the next stage of ranking the security threats for assessing risk in HIS. This classification of threats may provide some insights to both researchers and professionals, who are interested in conducting research in risk management of HIS security.

Towards implementing a privacy policy: an observation on existing practices in hospital information system

In order to safeguard the confidentiality and sensitivity of personal health information belongs to individual, a privacy law is needed to be in place. There are numerous cases of unauthorised intrusions of personal health information occurred but no legal action can be exerted due to the absence of a privacy act in Malaysia. Therefore, a preliminary observation has been conducted to review the current privacy implementations in management of personal health information at Malaysian government hospitals. Analysis was conducted based on OECD Fair Information Practices Guideline which has been the benchmark of most of the privacy and data protection legislation in the world. Interviews were conducted with key personnel in medical informatics and legal expertise using Privacy Impact Assessment (PIA) technique as guidance. The findings of the observation were then compared with the existing health information privacy acts. Then, recommendations were made to include those findings in the proposed privacy law or policy in Malaysia.