The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences. To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Consolidated List of Requirements

This document is a consolidated catalogue of requirements for the Electronic Health Care Record (EHCR) and Electronic Health Care Record Architecture (EHCRA), gleaned largely from work done in the EU Framework III and IV programmes and CEN, but also including input from other sources including world-wide standardisation initiatives. The document brings together the relevant work done into a classified inventory of requirements to inform the on-going standardisation process as well as act as a guide to future implementation of EHCRA-based systems. It is meant as a contribution both to understanding of the standard and to the work that is being considered to improve the standard. Major features include the classification into issues affecting the Health Care Record, the EHCR, EHCR processing, EHCR interchange and the sharing of health care information and EHCR systems. The principal information sources are described briefly. It is offered as documentation that is complementary to the four documents of the ENV 13606 Parts I-IV produced by CEN Pts 26,27,28,29. The requirements identified and classified in this deliverable are referenced in other deliverables

What does it take to make integrated care work? A ‘cookbook’ for large-scale deployment of coordinated care and telehealth

The Advancing Care Coordination & Telehealth Deployment (ACT) Programme is the first to explore the organisational and structural processes needed to successfully implement care coordination and telehealth (CC&TH) services on a large scale. A number of insights and conclusions were identified by the ACT programme. These will prove useful and valuable in supporting the large-scale deployment of CC&TH. Targeted at populations of chronic patients and elderly people, these insights and conclusions are a useful benchmark for implementing and exchanging best practices across the EU. Examples are: Perceptions between managers, frontline staff and patients do not always match; Organisational structure does influence the views and experiences of patients: a dedicated contact person is considered both important and helpful; Successful patient adherence happens when staff are engaged; There is a willingness by patients to participate in healthcare programmes; Patients overestimate their level of knowledge and adherence behaviour; The responsibility for adherence must be shared between patients and health care providers; Awareness of the adherence concept is an important factor for adherence promotion; The ability to track the use of resources is a useful feature of a stratification strategy, however, current regional case finding tools are difficult to benchmark and evaluate; Data availability and homogeneity are the biggest challenges when evaluating the performance of the programmes

The evaluation of the electronic prescription service in primary care: final report on the findings from the evaluation in early implementer sites

This report presents the findings from The Evaluation of the Electronic Prescription Service in Primary Care, a Connecting for Health Evaluation Programme commissioned project. The projects aim, as stated in the proposal, was to evaluate Phase 3 (Release 2) of the Electronic Prescription Service (hereafter EPS R2) to determine effects on patient safety, satisfaction with care, work processes and economics. The methods used were a blend of ethnographically informed quantitative and qualitative approaches

A Comprehensive Study on the Global Regulatory Requirements for the submission of a Post-Approval Change, specifically a Change in Manufacturing Site

Magister Scientiae - MSc (Pharmacy Administration and Policy Regulation)Regulatory requirements for post-approval changes vary for different countries around the world. It is a challenging and costly process for pharmaceutical companies to manage changes to the approved regulatory dossier over the lifecycle of the product when it is registered in many countries. In practice the process can be complex, unpredictable and time consuming because of regional differences and frequent changes in regulatory procedures, requirements and timelines. The global regulatory requirements for the submission of a post-approval change, specifically a change in manufacturing site, were reviewed for six jurisdictions for this study. These include United States of America (US), Europe (EU), South Africa, Brazil, Russia and China. The study centred on the differences in the documentation required when submitting a post-approval change for a change in manufacturing site in these countries. The study compared and contrasted the differences and similarities between the jurisdictions. An analysis of the challenges for implementation of the change was performed. The study also examined what resources a company may need in order to meet the requirements. Some notable similarities but also many differences in the post-approval submission requirements between the countries were identified. Some of the similarities included classification of the type of variation, the submission application process, and the requirement to provide supportive stability data and updates to the common technical dossier (CTD). Differences highlighted were the types of application forms required, the amount of stability data required to support the change and the time lines for review of post-approval changes in each jurisdiction. The challenge for pharmaceutical companies arises in the effective management of these differences. Investment in a robust regulatory change management team is an essential resource requirement for pharmaceutical companies. Adoption of a QbD approach and careful consideration of the global requirements during the product development phase could potentially be of use in strategic planning within a company in order to ensure continued product access globally

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access

Design of a Domain Information Model for a Medication Profile to support Patient Care and Clinical Research

Use of medicines is the commonest intervention in healthcare. Information about an individual’s medication use over their lifetime, managed as a coherent whole but presented appropriately for context, is central to providing good quality care. Considerable investment continues to be made in specifying the information structures underpinning electronic health systems to provide clinicians with patient information to support care provision, yet medication errors continue to occur at unacceptable rates. At the same time, the quantity of healthcare information - which includes medication information – is increasing, and there is growing interest in “secondary uses” of this, particularly to support clinical research. Unfortunately, for both primary and secondary uses, the requirements for the data elements that are needed for medication information are poorly specified, despite a variety of major national and international initiatives and effort. The process for population of those data elements with high quality, consistent, trustworthy information that can be presented to the use cases efficiently and clearly is even more poorly specified. By gathering requirements from processes within clinical research alongside the requirements from the processes of patient care, an integrated data element view of a patient’s medication use over their lifetime has been described; this is termed the patient’s Medication Profile. Examination of the care processes that provide the data to populate that integrated view elicits the method and rules for the realisation of the Medication Profile. These together are provided in a formally scoped fully specified information model which defines the data elements of the Medication Profile (the static model) and the processes and rules to instantiate it (the dynamic model). The Medication Profile, populated with data based on the rules and processes of the dynamic model, is evaluated against test scenarios to assess its success to support use cases from both clinical care and clinical research. This evaluation indicated that the model provided both sufficiency of information coverage and clarity in the information presented

Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System

Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain

Additional regulatory review pathways can facilitate faster dossier approvals in South Africa

Magister Pharmaceuticae - MPharmThe objective of the study was to perform a comparative review of pathways, timelines and improvements of countries with markets that the South African Health Products Authority (SAHPRA) benchmark themselves against. Furthermore, this study intends to identify the factors that improved and accelerated submissions and approval process in investigated countries and potential introduction of these strategies into the South African market