Information security strategy in telemedicine and e-health systems: A case study of England’s shared electronic health record system

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 9/11/2010.Shared electronic health record (EHR) systems constitute an important Telemedicine and e-Health application. Successful implementation of shared health records calls for a satisfactory level of security. This is invariably achieved through applying and enforcing strict, and often quite complicated, rules and procedures in the access process. For this reason, information security strategy for EHR systems is needed to be in place. This research reviewed the definition of different terms that related to electronically stored and shared health records and delineated related information security terms leading to a definition of an information security strategy. This research also made a contribution to understanding information security strategy as a significant need in EHR systems. A major case study of the National Programme for IT (NPfIT) in England is used to be the container of other two sub-case studies in two different Acute Trusts. Different research methods used: participant observation and networking, semi-structured interviews, and documentary analysis. This research aimed to provide a comprehensive understanding to the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulatory documents. Six factors that influence the building of an information security strategy in EHR systems, were identified in this research, political, social, financial, technical, clinical and legal. Those factors are considered to be driving the strategy directly or indirectly. EHR systems are technical-clinical systems, but having other factors (than technical and clinical) that drive this technical-clinical system is a big concern. This research makes a significant contribution by identifying these factors, and in addition, this research shows not only how these factors can influence building the information security strategy, but also how they can influence each other. The study of the mutual influence among the six factors led to the argument that the most powerful factor is the political factor, as it directly or indirectly influences the remaining five factors. Finally, this research proposes guidelines for building an information security strategy in EHR systems. These guidelines are presented and discussed in the form of a framework. This framework was designed after literature analysis and after completing the whole research journey. It provides a tool to help putting the strategy in line by minimising the influence of various factors that may steer the strategy to undesirable directions.The Ministry of Health and Ministry of Higher Education in Syri

Information security strategy in telemedicine and e-health systems : a case study of England’s shared electronic health record system

Shared electronic health record (EHR) systems constitute an important Telemedicine and e-Health application. Successful implementation of shared health records calls for a satisfactory level of security. This is invariably achieved through applying and enforcing strict, and often quite complicated, rules and procedures in the access process. For this reason, information security strategy for EHR systems is needed to be in place. This research reviewed the definition of different terms that related to electronically stored and shared health records and delineated related information security terms leading to a definition of an information security strategy. This research also made a contribution to understanding information security strategy as a significant need in EHR systems. A major case study of the National Programme for IT (NPfIT) in England is used to be the container of other two sub-case studies in two different Acute Trusts. Different research methods used: participant observation and networking, semi-structured interviews, and documentary analysis. This research aimed to provide a comprehensive understanding to the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulatory documents. Six factors that influence the building of an information security strategy in EHR systems, were identified in this research, political, social, financial, technical, clinical and legal. Those factors are considered to be driving the strategy directly or indirectly. EHR systems are technical-clinical systems, but having other factors (than technical and clinical) that drive this technical-clinical system is a big concern. This research makes a significant contribution by identifying these factors, and in addition, this research shows not only how these factors can influence building the information security strategy, but also how they can influence each other. The study of the mutual influence among the six factors led to the argument that the most powerful factor is the political factor, as it directly or indirectly influences the remaining five factors. Finally, this research proposes guidelines for building an information security strategy in EHR systems. These guidelines are presented and discussed in the form of a framework. This framework was designed after literature analysis and after completing the whole research journey. It provides a tool to help putting the strategy in line by minimising the influence of various factors that may steer the strategy to undesirable directions.EThOS - Electronic Theses Online ServiceMinistry of Health and Ministry of Higher EducationSyriaGBUnited Kingdo

A Web-based Statistical Analysis Framework

Statistical software packages have been used for decades to perform statistical analyses. Recently, the emergence of the Internet has expanded the potential for these packages. However, none of the existing packages have fully realized the collaborative potential of the Internet. This medium, which is beginning to gain acceptance as a software development platform, allows people who might otherwise be separated by organizational or geographic barriers to come together and tackle complex issues using commonly available data sets, analysis tools and communications tools. Interestingly, there has been little work towards solving this problem in a generally applicable way. Rather, systems in this area have tended to focus on particular data sets, industries, or user groups. The Web-based statistical analysis model described in this thesis fills this gap. It includes a statistical analysis engine, data set management tools, an analysis storage framework and a communication component to facilitate information dissemination. Furthermore, its focus on enabling users with little statistical training to perform basic data analysis means that users of all skill levels will be able to take advantage of its capabilities. The value of the system is shown both through a rigorous analysis of the system’s structure and through a detailed case study conducted with the tobacco control community