Differential Impacts of Four Types of EHR Implementation on Small, Medium, and Large Hospitals

Hospitals invest in information technology to lower costs and to improve quality of care. However, it is unclear whether these expectations are being met. This study explores EHRs in a hospital environment and investigates their relationship to quality of care and patient safety based on the hospital size. In order to advance research and assimilate knowledge in this area, EHRs are categorized into four functional groups: patient information data, results management, order entry and decision support. This new knowledge will provide a better understanding of the relationship between EHRs and operational outcomes by showing the impact of various EHR functions on patient safety and quality of care. The analyses show that large and medium hospitals implement more EHRs than small hospitals. EHR component analyses show more effects on small and large hospitals while medium hospitals analysis revealed no evidence of change

IVLE4C a Conceptual Learning Environment for Teaching Enterprise Cybersecurity

The authors are working to improve students’ understanding of and classroom experience with enterprise cybersecurity. Central to this effort is development of the Integrated Virtual Learning Environment for Cybersecurity (IVLE4C), a teaching and learning tool intended for use by both teachers and students. The authors are endeavoring to incorporate into IVLE4C best practices from the knowledge domains of education, model-based systems engineering, and cybersecurity. A modern digital enterprise is a large-scale, complex system of systems. Enterprise cybersecurity is a special subset of the larger knowledge domain that merits special consideration when instructing students who lack relevant work experience. This lack of work experience creates a gap in students’ knowledge about the structure, operation, and control of a modern digital enterprise. Our guiding precept – coined Greer’s Rule of Thumb – is that: it is impossible to defend what cannot be visualized and described. Therefore, it is essential to address the student enterprise knowledge gap before attempting to teach the means for assuring enterprise cybersecurity. Viste and Skartveit (2004) propose using an interactive virtual learning environment with reality abstraction models when teaching the structure, operation, and control of a large-scale complex system. The creation of a virtual model enables a modern digital enterprise to be brought into the classroom. This allows for learning that is complementary to experiential learning that occurs during an internship and, possibly, a viable alternative when internships are unavailable or come later in a curriculum path. Once developed, a library of models representing different digital enterprise types can be used to accelerate student enterprise cybersecurity education in a controlled classroom environment. During the presentation, the authors will provide an update on the use of model-based system engineering practices and how they are being integrated into IVLE4C for developing a tailored, enterprise risk management strategy. This approach is consistent with guidance provided in the NIST Cybersecurity Framework. Research shows model-based systems engineering is increasingly being used for developing engineered cybersecurity solutions. An example of this is research performed by Robles-Ramirez et.al. (2020) on the application of model-based Cybersecurity Engineering for Connected and Automated Vehicles. Key is the notion of turning a cyber-attack surface into a trust boundary at targeted levels. IVLE4C version 1.0 is currently being used to teach Cyber Supply Chain Security at UNCW. Version 2.0 is a dynamic data driven web application, that is being developed for teaching Enterprise Security

Investigating Privacy and Security Challenges of mHealth Applications

Privacy and mHealth are fast becoming an important influence on the U.S. healthcare system. The most visible element of mHealth is the profusion of mobile phone applications, especially ones related to wellness. Before researchers can fully examine the impact of mHealth on healthcare, barriers to use need to be addressed. One of the barriers most cited by medical professionals and patients is lack of adequate privacy and security policies and regulation for mHealth apps. In this paper the current state of data security in mobile apps is investigated by conducting a physical forensics analysis of several widely used mHealth applications. We report on the kinds of personal data that can be uncovered both before and after applications are removed and/or secured on a mobile device. These results can be used to develop a set of recommendations that can help to inform users, developers and policy stakeholders of best practices in this area. We also introduce a policy framework for mHealth apps and discuss future work