Information security strategy in telemedicine and e-health systems: A case study of England’s shared electronic health record system

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 9/11/2010.Shared electronic health record (EHR) systems constitute an important Telemedicine and e-Health application. Successful implementation of shared health records calls for a satisfactory level of security. This is invariably achieved through applying and enforcing strict, and often quite complicated, rules and procedures in the access process. For this reason, information security strategy for EHR systems is needed to be in place. This research reviewed the definition of different terms that related to electronically stored and shared health records and delineated related information security terms leading to a definition of an information security strategy. This research also made a contribution to understanding information security strategy as a significant need in EHR systems. A major case study of the National Programme for IT (NPfIT) in England is used to be the container of other two sub-case studies in two different Acute Trusts. Different research methods used: participant observation and networking, semi-structured interviews, and documentary analysis. This research aimed to provide a comprehensive understanding to the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulatory documents. Six factors that influence the building of an information security strategy in EHR systems, were identified in this research, political, social, financial, technical, clinical and legal. Those factors are considered to be driving the strategy directly or indirectly. EHR systems are technical-clinical systems, but having other factors (than technical and clinical) that drive this technical-clinical system is a big concern. This research makes a significant contribution by identifying these factors, and in addition, this research shows not only how these factors can influence building the information security strategy, but also how they can influence each other. The study of the mutual influence among the six factors led to the argument that the most powerful factor is the political factor, as it directly or indirectly influences the remaining five factors. Finally, this research proposes guidelines for building an information security strategy in EHR systems. These guidelines are presented and discussed in the form of a framework. This framework was designed after literature analysis and after completing the whole research journey. It provides a tool to help putting the strategy in line by minimising the influence of various factors that may steer the strategy to undesirable directions.The Ministry of Health and Ministry of Higher Education in Syri

Designing an information system for updating land records in Bangladesh: action design ethnographic research (ADER)

Open Access. This article is distributed under the terms of the Creative Commons Attribution License which permits any use, distribution, and reproduction in any medium, provided the original author(s) and the source are credited.This article has been made available through the Brunel Open Access Publishing Fund.Information Systems (IS) has developed through adapting, generating and applying diverse methodologies, methods, and techniques from reference disciplines. Further, Action Design Research (ADR) has recently developed as a broad research method that focuses on designing and redesigning IT and IS in organizational contexts. This paper reflects on applying ADR in a complex organizational context in a developing country. It shows that ADR requires additional lens for designing IS in such a complex organizational context. Through conducting ADR, it is seen that an ethnographic framework has potential complementarities for understanding complex contexts thereby enhancing the ADR processes. This paper argues that conducting ADR with an ethnographic approach enhances design of IS and organizational contexts. Finally, this paper aims presents a broader methodological framework, Action Design Ethnographic Research (ADER), for designing artefacts as well as IS. This is illustrated through the case of a land records updating service in Bangladesh

Information security strategy in telemedicine and e-health systems : a case study of England’s shared electronic health record system

Shared electronic health record (EHR) systems constitute an important Telemedicine and e-Health application. Successful implementation of shared health records calls for a satisfactory level of security. This is invariably achieved through applying and enforcing strict, and often quite complicated, rules and procedures in the access process. For this reason, information security strategy for EHR systems is needed to be in place. This research reviewed the definition of different terms that related to electronically stored and shared health records and delineated related information security terms leading to a definition of an information security strategy. This research also made a contribution to understanding information security strategy as a significant need in EHR systems. A major case study of the National Programme for IT (NPfIT) in England is used to be the container of other two sub-case studies in two different Acute Trusts. Different research methods used: participant observation and networking, semi-structured interviews, and documentary analysis. This research aimed to provide a comprehensive understanding to the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulatory documents. Six factors that influence the building of an information security strategy in EHR systems, were identified in this research, political, social, financial, technical, clinical and legal. Those factors are considered to be driving the strategy directly or indirectly. EHR systems are technical-clinical systems, but having other factors (than technical and clinical) that drive this technical-clinical system is a big concern. This research makes a significant contribution by identifying these factors, and in addition, this research shows not only how these factors can influence building the information security strategy, but also how they can influence each other. The study of the mutual influence among the six factors led to the argument that the most powerful factor is the political factor, as it directly or indirectly influences the remaining five factors. Finally, this research proposes guidelines for building an information security strategy in EHR systems. These guidelines are presented and discussed in the form of a framework. This framework was designed after literature analysis and after completing the whole research journey. It provides a tool to help putting the strategy in line by minimising the influence of various factors that may steer the strategy to undesirable directions.EThOS - Electronic Theses Online ServiceMinistry of Health and Ministry of Higher EducationSyriaGBUnited Kingdo

Modeling health inequities research in context and the minority researcher’s role

Current health inequities research templates are flawed and self-defeating because they do not include historical inequalities as the central context that points to the root causes of health inequities. The context includes structural malformations which are products of the history of colonization and slavery that created racial separation and hierarchies which established Whites as the dominant group and non-Whites (minorities) as the subordinate group. Consequently it is difficult for mainstream researchers to capture the minorities’ core knowledge necessary for the creation of relevant and effective interventions for fundamental and sustainable improvement of their health. This paper proposes a health inequities research model that captures the context of health inequities and the essential and unique role of minority researchers

"There are too many, but never enough": qualitative case study investigating routine coding of clinical information in depression.

We sought to understand how clinical information relating to the management of depression is routinely coded in different clinical settings and the perspectives of and implications for different stakeholders with a view to understanding how these may be aligned

Making choices: research paradigms and information management: practical applications of philosophy in IM research

Purpose – The purpose of this paper is to examine a variety of research approaches which information managers may find useful to meet the needs of working in the networked, digitized age. Design/methodology/approach – This is achieved by a discussion of the research paradigms inherent within both information theory and social theory. Findings – The findings work towards a final justification for an interpretist approach as the most appropriate context in which to work, in order to meet the emerging trends and current challenges of information technology management. Practical implications – The central theme of this paper is that research which deals primarily with people and information in a world of change, competition, and fluid communications technology should take into account and allow for an understanding of human behaviour. This understanding helps to highlight different contexts, backgrounds, and cultures and therefore provides assistance in making appropriate choices concerning research paradigms and information management, which in turn will ensure thoughtful methodology and justifiable research results. Originality/value – This paper examined questions regarding the choices of research paradigms and the practical application of philosophy to the life of professional information managers

Understanding safety-critical interactions with a home medical device through Distributed Cognition

As healthcare shifts from the hospital to the home, it is becoming increasingly important to understand how patients interact with home medical devices, to inform the safe and patient-friendly design of these devices. Distributed Cognition (DCog) has been a useful theoretical framework for understanding situated interactions in the healthcare domain. However, it has not previously been applied to study interactions with home medical devices. In this study, DCog was applied to understand renal patients’ interactions with Home Hemodialysis Technology (HHT), as an example of a home medical device. Data was gathered through ethnographic observations and interviews with 19 renal patients and interviews with seven professionals. Data was analyzed through the principles summarized in the Distributed Cognition for Teamwork methodology. In this paper we focus on the analysis of system activities, information flows, social structures, physical layouts, and artefacts. By explicitly considering different ways in which cognitive processes are distributed, the DCog approach helped to understand patients’ interaction strategies, and pointed to design opportunities that could improve patients’ experiences of using HHT. The findings highlight the need to design HHT taking into consideration likely scenarios of use in the home and of the broader home context. A setting such as home hemodialysis has the characteristics of a complex and safety-critical socio-technical system, and a DCog approach effectively helps to understand how safety is achieved or compromised in such a system

Information Flow to Front-line Employees

This research is a case study within a large bureaucracy; the physical plant operations of a Tier-one university in the United States. The organization of study received low scores for internal communication in their all-employee surveys in 2012 and 2014 and was cited for “lack of information flow to front-line employees” in a peer audit conducted in 2011. Root causes for these deficiencies are investigated through (1) Activity Theory analysis, (2) Leader-Member Exchange Theory and (3) linear regression analysis of all-employee survey data. No formal initiatives addressing internal communications had been initiated when this study was launched so the research was used to identify areas for improvement within the organization.Human Dimensions of Organization

Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology

This article presents the findings from a longitudinal research study on regulatory technology in the UK financial services industry. The financial crisis with serious corporate and mutual fund scandals raised the profile of compliance as governmental bodies, institutional and private investors introduced a ‘tsunami’ of financial regulations. Adopting a multi-level analysis, this study examines how regulatory technology was used by financial firms to meet their compliance obligations, pre- and post-crisis. Empirical data collected over 12 years examine the deployment of an investment management system in eight financial firms. Interviews with public regulatory bodies, financial institutions and technology providers reveal a culture of compliance with increased transparency, surveillance and accountability. Findings show that dialectic tensions arise as the pursuit of transparency, surveillance and accountability in compliance mandates is simultaneously rationalized, facilitated and obscured by regulatory technology. Responding to these challenges, regulatory bodies continue to impose revised compliance mandates on financial firms to force them to adapt their financial technologies in an ever-changing multi-jurisdictional regulatory landscape