A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A virtual-community-centric model for coordination in the South African public sector

Organizations face challenges constantly owing to limited resources. As such, to take advantage of new opportunities and to mitigate possible risks they look for new ways to collaborate, by sharing knowledge and competencies. Coordination among partners is critical in order to achieve success. The segmented South African public sector is no different. Driven by the desire to ensure proper service delivery in this sector, various government bodies and service providers play different roles towards the attainment of common goals. This is easier said than done, given the complexity of the distributed nature of the environment. Heterogeneity, autonomy, and the increasing need to collaborate provoke the need to develop an integrative and dynamic coordination support service system in the SA public sector. Thus, the research looks to theories/concepts and existing coordination practices to ground the process of development. To inform the design of the proposed artefact the research employs an interdisciplinary approach championed by coordination theory to review coordination-related theories and concepts. The effort accounts for coordination constructs that characterize and transform the problem and solution spaces. Thus, requirements are explicit towards identifying coordination breakdowns and their resolution. Furthermore, how coordination in a distributed environment is supported in practice is considered from a socio-technical perspective in an effort to account holistically for coordination support. Examining existing solutions identified shortcomings that, if addressed, can help to improve the solutions for coordination, which are often rigidly and narrowly defined. The research argues that introducing a mediating technological artefact conceived from a virtual community and service lenses can serve as a solution to the problem. By adopting a design-science research paradigm, the research develops a model as a primary artefact to support coordination from a collaboration standpoint. The suggestions from theory and practice and the unique case requirement identified through a novel case analysis framework form the basis of the model design. The proposed model support operation calls for an architecture which employs a design pattern that divides a complex whole into smaller, simpler parts, with the aim of reducing the system complexity. Four fundamental functions of the supporting architecture are introduced and discussed as they would support the operation and activities of the proposed collaboration lifecycle model geared towards streamlining coordination in a distributed environment. As part of the model development knowledge contributions are made in several ways. Firstly, an analytical instrument is presented that can be used by an enterprise architect or business analyst to study the coordination status quo of a collaborative activity in a distributed environment. Secondly, a lifecycle model is presented as meta-process model with activities that are geared towards streamlining the coordination of dynamic collaborative activities or projects. Thirdly, an architecture that will enable the technical virtual community-centric, context-aware environment that hosts the process-based operations is offered. Finally, the validation tool that represents the applied contribution to the research that promises possible adaptation for similar circumstances is presented. The artefacts contribute towards a design theory in IS research for the development and improvement of coordination support services in a distributed environment such as the South African public sector

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry