Policy conflict handling as a monitoring activity of hospital information systems

Alignment of business and IT is a serious challenge in enterprises due to continuously changing business environments and at the same time changing organizational IT infrastructures. The same challenges can be detected in health information technology accompanied by domain-specific information security demands regarding the access to patient-related information and medical data. The paper addresses a specific aspect in this area, which is of high relevance for business and IT alignment: how to define and apply policies as means to translate organizational requirements into guidelines and rules in IT management. The scope of the paper is limited to hospital information systems and policies in information security. The main contributions of this paper are (1) to present a case study from hospital information security confirming the need for supporting policy implementation, (2) to identify and describe the problem of policy conflict management as part of IT and business alignment, and (3) to define the research design for addressing this problem from a design science perspective