Facing Business-IT-Alignment in Healthcare

The ongoing reform efforts and an aftermath of increasing regulation in the Swiss healthcare sector make it imperative for hospitals to develop strategies to work more efficiently and have better control over their medical, nursing, and administrative processes. These endeavors make hospitals to enhance and integrate concepts of Business-IT-Alignment and IT Governance, IT Risk management, and IT Compliance (IT GRC). This paper proposes a novel method for the management of IT with respect to closely-meshed organizational and social structures within hospitals. One key contribution of this method is its hybrid approach to combine collective know-how of the CObIT 5 framework with an iterative process model approach. The application of this method under real-world conditions within different Swiss hospitals has led to a positive outcome whereby all hospitals concurred that the method allows for the adoption of IT GRC principles while taking into consideration the individual styles and patterns of behavior

IT in health care : a business enabler?

Information processing in health care demands reliable, relevant, systematic, integrated, and managed data throughout care delivery. This leads, even with IT, to increased and time-consuming activities and can cause potentially dangerous situations for the patient as important data may not be available when needed, which in turn can lead to wrong diagnostic or therapeutic decisions. Consequently, hospital IT executives must balance many competing priorities. These endeavours require, in addition to the appropriate utilisation of given IT resources, a farsighted alignment of IT issues with objectives, and a thorough understanding of uncertainties and legal obligations. This approach to integrated IT governance, IT risk management, and IT compliance (IT GRC) in the hospital Environment is the subject of the work presented here. This investigation is associated with a survey that has been conducted in 2009 and allows therefore drawing conclusions on the progress of IT GRC management in Swiss hospitals over the last 5 years. The findings revealed that IT GRC in health care is still all too often seen as the realm and sole responsibility of the CIO and the IT department. The findings proved that IT GRC has not been utilised sufficiently by the executive management of many hospitals, especially the public ones. The findings revealed the reasons for a less pervasive spread of managed IT GRC can be structured into four main categories representing the greatest barriers to a successful convergence of integrated IT GRC

A framework for the adoption of bring your own device (BYOD) in the hospital environment

The concept of Bring Your Own Device (BYOD) – the use of a personally owned device in a working environment – is all over the place, nobody talks about it but many are using it. To find out the state of the art of BYOD in Swiss hospitals, an intense literature research revealed a research gap in the combination of BYOD and healthcare related topics. Six hospitals in Switzerland were examined, were questioned about their IT organization and services as well as their usage of mobile devices with a special focus on BYOD. As the Swiss hospital system is organized in a federalist way – much alike the Swiss state structure – it was to no surprise that the results among the study sites varied quite a bit. BYOD is used in many ways and for a mature implementation of BYOD, an EMM solution is crucial

Information Technology Supplier Management in Hospitals

In this study, we developed a document for managing Information Technology suppliers in hospitals. This document is used to ensure the proper management of IT suppliers in the hospital. Products and services in Information Technology have characteristics and specifications that are always up to date, making it difficult for non-IT people to understand. Hospitals whose main business in the health sector is often lack of human resources who understand IT. Observations and interviews were conducted in Indonesian hospital, to identify the characteristics and problems in supplier management. Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL) and government regulations on supplier management were reviewed and combined as a benchmark and guidance on how supplier management activities are carried out. The result of the process is a Standard Operating Procedure (SOP) document.    The parties involved in the supplier management process have evaluated the SOP document. From the results of the study, it is known that currently, the hospital is still focused on procedures procurement of goods and services that are government regulated. This study proposes some new activities that are not currently done by the hospital

Quality and Investment Decisions in Hospital Care when Physicians are Devoted Workers

This paper analyses the decision to invest in quality by a hospital in an environment where doctors are devoted workers, i.e. they care for specific aspects of the output they produce. We assume that quality is the result of both an investment in new technology and the effort of the medical staff. Hospital services are paid on the basis of their marginal cost of production while the number of patients treated depends on a purchasing rule which discriminates for the level and timing of the investment. We show that the presence of devoted doctors affects the trade-off between investment and the purchasing rule so that for the hospital it is not always optimal to anticipate the investment decision.Hospital technology, Devoted worker, Quality, Irreversible investment, Real options

Examining the application of STAMP in the analysis of patient safety incidents

This thesis examines the application of Systems-Theoretic Accident Model and Processes (STAMP) in healthcare and the analysis of patient safety incidents. Healthcare organisations have a responsibility for the safety of the patients they are treating. This includes the avoidance of unintended or unexpected harm to people during the provision of care. Patient safety incidents, that is adverse events where patients are harmed, are investigated and analysed as accidents are in other safety-critical industries, to gain an understanding of failure and to generate recommendations to prevent similar incidents occurring in the future. However, there is some dissatisfaction with the current quality of incident analysis in healthcare. There is dissatisfaction with the recommendations that are generated from healthcare incident analysis which are felt to produce weak and ineffective remedial actions, often including retraining of individuals and small policy change. Issues with current practice have been linked to the use of Root Cause Analysis (RCA), an analysis method that often results in the understanding of an accident as being the result of a linear chain of events. This type of simple linear approach has been the target of criticism in safety science research and is not felt to be effective in the analysis of incidents in complex systems, such as healthcare. Research in accident analysis methods has developed from a focus on technical failure and individual human actions to consideration of the interactions between people, technology and the organisation. Accident analysis methods have been developed that guide investigations to consideration of the whole system and interactions between system components. These system approaches are judged to be superior to simple linear approaches by the research community, however, they are not currently used in healthcare incident investigation practice. The systems approach of STAMP is felt to be a promising method for the improvement of healthcare incident analysis. STAMP strongly embodies the concepts of systems theory and analyses human decision-making. The application of STAMP in healthcare was investigated through three case studies, which applied STAMP in: 1. The analysis of the large-scale organisational failure at Mid-Staffordshire NHS Trust between 2005-2009. 2. The analysis of a common small-scale hospital-based medication prescription error. 3. The analysis of patient suicide in the community-based services of a Mental Health Trust. The effectiveness of the STAMP applications was evaluated with feedback from healthcare stakeholders on the usability and utility of STAMP and discussion of the STAMP applications against criteria for accident analysis models and methods. Healthcare stakeholders were generally positive about the utility of STAMP, finding it to provide a system view and guide consideration of interactions between system components. They also felt it would help them generate recommendations and were positive about the future application of STAMP in healthcare. However, many felt it to be a complicated method that would need specialist expertise to apply. The STAMP applications demonstrated the ability of STAMP to consider the whole system and guide an analysis to the generation of recommendations for system measures to prevent future incidents. From the findings of the research, recommendations are made to improve STAMP and to assist future applications of STAMP in healthcare. The research also discusses the other factors that influence incident analysis beyond that of the analytical approach used and how these need to be considered to maximise the effectiveness of STAMP

The status of IT service management in health care - ITIL® in selected European countries

<p>Abstract</p> <p>Background</p> <p>Due to the strained financial situation in the healthcare sector, hospitals and other healthcare providers are facing an increasing pressure to improve their efficiency and to reduce costs. These trends challenge health care organizations to introduce innovative information technology (IT) based supportive processes. To guarantee that IT supports the clinical processes perfectly, IT must be managed proactively. However, until now, there is only very few research on IT service management especially on ITIL^®implementations in the health care context.</p> <p>Methods</p> <p>The current study aims at exploring knowledge about and acceptance of IT service management (especially ITIL^®) in hospitals in Austria and its neighboring regions Bavaria (Germany), Slovakia, South Tyrol (Italy) and Switzerland. Therefore highly standardized interviews with the respective head of information technology (CIO, IT manager) were conducted for selected hospitals from the different regions. In total 75 hospitals were interviewed. Data gathered was analyzed using descriptive statistics and where necessary methods of qualitative content analysis.</p> <p>Results</p> <p>In most regions, two-thirds or more of the participating IT managers claim to be familiar with the concepts of IT service management and of ITIL^®. IT managers expect from ITIL^®mostly better IT services, followed by an increased productivity and a reduction of IT cost. But only five hospitals said to have implemented at least parts of ITIL^®, and eight hospitals stated to be planning to do this in the next two years. When it comes to ITIL^®, Switzerland and Bavaria seem to be ahead of the other countries. There, the highest levels of knowledge, the highest number of implementations or plans of an implementation as well as the highest number of ITIL^®certified staff members were observed.</p> <p>Conclusion</p> <p>The results collected through this study indicate that the idea of IT services and IT service management is still not widely recognized in hospitals in the countries and regions of the study. It is also indicated that hospitals need further assistance in order to be able to successfully implement ITIL^®. Overall, research on IT service management and ITIL^®in health care is rare.</p

Compliance framework for change management in cloud environments

Mención Internacional en el título de doctorThe Governance, Risk and Compliance (GRC) area is one of the critical management areas for every organization. This is particularly the case for information technology (IT) departments where both human resources and technical infrastructures (software and hardware) need to work seamlessly in order to provide the expected benefits. The study of the literature shows that sound GRC methods are key to running and maintaining secure and compliant computing infrastructures. An important and particularly challenging aspect of the IT landscape is its constant and perpetual evolution in order to keep pace with new and emerging technologies that find their way faster and faster into the organizational infrastructure. Since assessments of risks and compliance aspects always refer to a certain (more or less static) situation, such frequent changes pose a real danger to the overall relevance of these assessments in the mid and longterm perspective. So, a sound approach to ensuring compliance not only punctually (both in time and space) but holistically – considering the complete IT landscape in a continuous way – needs to integrate with the change management function of the organization. Another important development in the last eight to ten years was the emergence of Cloud Computing (CC) as a straightforward and efficient way of providing IT functionality to organizations. While it poses many various challenges to IT management in general, CC is particularly relevant for GRC as it makes an IT provision approach that was previously sometimes applied – outsourcing – to a predominant approach to provide infrastructure (called Infrastructure‐as‐a‐Service or IaaS), platforms (called Platform‐as‐a‐Service or PaaS), and software (called Software‐as‐a‐Service or SaaS) within an organization. CC and outsourcing entail wider challenges for GRC as it involves the inclusion of an external party as a service provider within an organization reflecting specific aspects of provider selection, contract management, service level agreements (SLAs), and monitoring. They become even more challenging in the context of frequent and interdependent changes. Therefore, this thesis is aimed at the definition and validation of a Compliance Framework for Change Management in Cloud Environments (short: CFC MCC). The proposed solution of the problem has been approached from a multidisciplinary point of view taking in consideration aspects from computer science, IT management and IT governance, but also such aspects as legal and cultural dimensions. The proposed solution provides a framework to support the solicitation of requirements from different subject areas (e.g., organizational, technological, cultural) and their subsequent consideration within the change management process of established IT management frameworks such as ITIL. It can be tailored to the specific situation of most organizations and provides a consistent approach to address GRC aspects in rapidly evolving cloud‐based organizational IT landscapes. The scientific discourse within the thesis has been structured following best academic practices and recommendations. In the last phase of the research methodology an empirical validation has been performed to verify the applicability of the framework. The data obtained from the validation indicate that the application of the framework for ensuring compliance in CC environments constitutes a relevant improvement of the change management process.El área de gobernanza, riesgo y cumplimiento (por sus siglas en inglés GRC) es una de las áreas de gestión clave en todas las organizaciones. En el caso de los departamentos de Tecnología de la Información (por sus siglas en inglés IT de Information Technology) el área cuenta con una importancia igualmente crucial. Estos departamentos deben orquestar los recursos de capital intelectual y las infraestructuras hardware y software para contribuir a la generación de beneficios empresariales. La literatura ha demostrado que un conjunto de procedimientos en el área GRC es clave para prestar el servicio de forma eficiente a partir del mantenimiento de una infraestructura tecnológica segura y compatible. Un aspecto importante y particularmente retador en el entorno IT es su constante evolución con el propósito de habilitar la adopción de nuevas tecnologías en apoyo de los procesos corporativos. Dado que la evaluación de riesgos y los aspectos de cumplimiento se refieren a una determinada situación que se puede considerar más o menos estática, los continuos cambios en el entorno IT representan una amenaza para la incorporación de nuevas tecnologías en ámbitos corporativos desde el punto de vista GRC. Por ello, un enfoque sólido para garantizar el cumplimiento no sólo de forma puntual en tiempo y espacio sino de forma integral, considerando el entorno IT en una forma continua e integrada con la gestión del cambio corporativa. Otro desarrollo importante y modificador de la situación actual es la emergencia de la computación en la nube (CC, siglas en inglés de Cloud Computing) como una forma efectiva y eficaz de proporcionar la función IT en las organizaciones. Pese a que CC suscita diversos desafíos para la administración IT, es en particular relevante para GRC ya que habilita la externalización del servicio como una aproximación predominante para proporcionar infraestructura (llamado Infraestructure‐as‐a‐Service o IaaS), plataformas (llamado Platformas‐ a‐Service o PaaS) y software (llamado Software‐as‐a‐Service o SaaS) dentro de una organización. CC y la externalización suponen retos más amplios para GRC, ya que implican la inclusión de un proveedor de servicios externo dentro de una organización. Esta circunstancia aflora cuestiones relativas a la selección de proveedores, la gestión de contratos, los acuerdos de nivel de servicio (por sus siglas en inglés SLA), y el seguimiento de las relaciones y los servicios prestados. Estos aspectos, se convierten en un reto aún mayor en el contexto de los cambios frecuentes e interdependientes en el ámbito IT. Por lo tanto, esta tesis está dirigida a la definición y validación de un marco de cumplimiento para la gestión del cambio en entornos relativos a la nube (abreviatura: CFC MCC). La solución propuesta del problema ha sido abordada desde un punto de vista multidisciplinar, tomando en consideración aspectos de la informática, la gestión de IT y el gobierno de IT pero incorporando también aspectos tales como las dimensiones legales y culturales. La solución propuesta proporciona un marco para apoyar la solicitud de requisitos de diferentes áreas (por ejemplo, organizativos, tecnológicos, culturales) y su posterior consideración en el proceso de gestión del cambio de los marcos establecidos de gestión de TI como pueda ser ITIL. EL marco puede ser adaptado a la situación específica de las organizaciones y proporciona un enfoque coherente para abordar los aspectos de GRC en rápida evolución entornos de TI de la organización basados en la nube. El discurso científico dentro de la tesis se ha estructurado siguiendo las prácticas académicas y recomendaciones de investigación. En la última fase de la metodología de la investigación empírica una validación se ha realizado para verificar la aplicabilidad del marco. Los datos obtenidos de la validación indican que la aplicación del marco para garantizar el cumplimiento en entornos CC constituye una mejora relevante del proceso de gestión del cambio de las organizaciones.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Antonio de Amescua Seco.- Secretario: José Antonio Manzano Calvo.- Vocal: Ahmed Barnaw

Trust and Fiscal Performance: A Panel Analysis with Swiss Data

Citizens are willing to abandon their short-term financial interest in free-riding considerably, if governments act in their interest, if procedures of the public decisions-making process are felt to be fair and if other fellow-citizens have to contribute also an adequate share to the community. In such a situation trustworthiness of a government and trust in a government is high. This paper provides empirical evidence that trust is crucial for fiscal performance using data for the full sample of Swiss cantons over the 1981-2001 period. In cantons with high levels of trust, the level of indebtedness is significantly lower. Trust supports fiscal discipline. In order to get a useful approximation for mutual trust among citizens and between citizens and their representatives, we use information from direct voter participation on political issues (initiatives and public referenda) held in Swiss state (cantonal) governments. Electoral support of government proposals reveals an important aspect of trust in a real world setting. Hence, our trust variable measures the behavior at the ballots thereby reducing possible subjective biases derived from surveys and questionnaires.Trust, Social capital, Fiscal performance, Indebtedness