Medical insecurity: when one size does not fit all

Security is most commonly seen as a business concept. This is one reason for the poor uptake and implementation of standard security processes in non-business environments such as general medical practice. It is clear that protection of sensitive patient information is imperative yet the overarching conceptual business processes required to ensure this protection are not well suited to this context. The issue of sensitivity of information, together with the expectation that security can be effectively implemented by non-security trained professionals creates an insecure environment. The general security processes used by business, including those for risk assessment, are difficult to operationally put into practice in the medical environment and this one-sizefits- all approach is shown to be ineffective. Therefore more explicit models are required which provide contextually relevant guidance and can be implemented within the capability of those using them

What Does Security Culture Look Like For Small Organizations?

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and for whom the culture of the organization exerts a strong influence. A review of multiple definitions and descriptions of security culture was made to assess and analyse the drivers and influences that exist for security culture in small organizations. An initial representation of the factors that should drive security culture, together with those that should only influence it, was constructed. At a fundamental level these drivers are related to a formulated response to security issues rather than a reaction to it, and should reflect the responsibility allocated in a secure environment. In contrast, the influences on security culture can be grouped by communities of practice, individual awareness and organizational management. The encapsulation of potential driving and influencing factors couched in information security terms rather than behavioural science terms, will allow security researchers to investigate how a security culture can be fostered to improve information security in small organizations

Challenging the Status Quo. What is Driving Change in Assessment in Higher Education?

Assessment is an integral part of the student learning experience. It can be argued that it has the single greatest impact on student learning. Therefore it is imperative that we understand how assessment in higher education is changing, what drives these changes and how these changes affect individual teaching practice. This paper discusses assessment as a driver for change by examining the stakeholder perspectives and expectations of assessment, and equating these to potential drivers for change in student learning

An investigation into the use of the internet for medical informatics

The rapid evolution and popularity of the Internet technologies, and the World Wide Web, have resulted in unrestricted worldwide access to medical and health information. This has provided the medical profession with the ability to access up to date research more immediately than by traditional means, and has created the potential for advanced information collation. Also the availability of medical literature, previously difficult to obtain for the general public, is having an effect that is both a benefit and a burden to the medical profession. Whilst benefits exist in the use of the Internet in General Practice for clinical support, communication and education, there are also barriers to its inclusion in daily clinical practice. These include the issues of security, access availability, quality, time, research experience and Internet navigation familiarity. Questions remain as to whether or not the Internet can be used in General Practice efficiently, in order to provide a significant advantage over traditional information dissemination methods. This issue is also relevant for other primary health care providers such as pharmacists. In Australia, there has been a relatively slow adoption of both the technology and the use of the Internet for acquiring clinical and medical information. This thesis investigates the current issues surrounding the use of the Internet in general practice and pharmacy in Western Australia. The underlying assumption that the Internet is a useful tool for such information retrieval is examined in terms of useability and usefulness in clinical practice. Further the attitudes to the use of the Internet technology as an effective medium of information delivery were sought

Why Australia\u27s e-health system will be a vulnerable national asset

Connecting Australian health services and the e-health initiative is a major talking point currently. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However the largest problem may not be these issues in sharing information but the fact that the point of origin and storage of such records is still relatively insecure. Australia aims to have a Personally Controlled Electronic Health Record in 2012 and this is underpinned by a national network for e-health. It is this very foundation that becomes the critical infrastructure, with general practice the cornerstone for its success. Yet, research into the security of medical information has shown that many general practices are unable to create an environment with effective information security. This paper puts together the connections of e-health and the complex environment in which it is positioned. A discussion of how this critical infrastructure is assembled is presented, and the key vulnerabilities are identified. Further, it addresses how security may be approached to cater for this diverse and complex environment. From a national security and critical infrastructure perspective, as medical records are part of society’s critical infrastructure, the most effective system attacks are those on the points of highest vulnerability. In our current health system infrastructure those points are the data collection and records retention areas of individual medical providers. Progress towards changing this situation is key to its success

Making Research Real: Is Action Research a Suitable Methodology for Medical Information Security Investigations?

In the medical field, information security is an important yet vastly underrated issue. Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation. Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly on trust, inhibiting good security practice. Research into how information security practice in this setting can be improved demands an interpretivist approach rather than a positivist one. Action research is one such interpretivist method that allows a creation of scientific knowledge with practical value. Whilst there is some opposition to the action research method on grounds of rigour, its fundamental cyclic process of participation, action and reflection promotes internal rigour and can overcome many of the barriers to research inherent in the primary care medical environment

Help or hindrance The practicality of applying security standards in healthcare

The protection of patient information is now more important as a national e-health system approaches reality in Australia. The major challenge for health care providers is to understand the importance information security whilst also incorporating effective protection into established workflow and daily activity. Why then, when it is difficult for IT and security professionals to navigate through and apply the myriad of information security standards, do we expect small enterprises such as primary health care providers to also be able to do this. This is an onerous and impractical task without significant assistance. In the development of the new Computer and Information Security Standards (CISS) for Australian General Practice, a consistent and iterative process for the interpretation and application of international standards was used. This involved both the interpretation of the standards and the application of knowledge to create a practical but acceptable level of security for the primary healthcare environment. From a security perspective such practical application of standards poses the dichotomous challenge (and criticism) of how much security is sufficient versus how much can the primary healthcare environment manage. This paper describes the path of development from standards to implementation using the CISS as an example. It is concluded that more practical assistance is required by the security profession to support the national e-health initiative if Australia is to provide a safe and secure healthcare environment

Is Cyber Resilience in Medical Practice Security Achievable?

Australia is moving to a national e-health system with a high level of interconnectedness. The scenario for recovery of such a system, particularly once it is heavily relied upon, may be complex. Primary care medical practices are a fundamental part of the new e-health environment yet function as separate business entities within Australia’s healthcare system. Individually this means that recovery would be reliant on the self-sufficiency of each medical practice. However, the ability of these practices to individually and collectively recover is questionable. The current status of information security in primary care medical practices is compared to the needs of information security in a broader national e-health system. The potential issues that hamper recovery of a national system are the poor understanding of security at the end-user level currently, and the lack of central control. This means that in this environment where independence is promoted, the major concern is national coordination of recovery from a major incident. The resilience of a medical practice to cope with a cyber-security incident is important. Resuming normal activity within an acceptable time frame may be vital after a major attack on Australia’s infrastructure

Information Warfare: Time for a redefinition

Information warfare has become an increasingly diverse field. The changes to its composition have been primarily driven by changes in technology and the resulting increased access to information. Further, it has been the progressively more diverse methods available for communication that has fuelled expanding applications for information warfare techniques into non-military environments. In order for younger generations of students to understand the place of information warfare in the larger security picture, there is a need to shift the emphasis from many of the military underpinnings to its relevance in modern society and the challenges in the commercial environment. This paper provides a platform for discussion of the sphere of information warfare and its relevance to contemporary society. Whilst the methods of information operations and the understanding of military origins have not changed, the manner in which the topics are presented and how these relate to today’s corporate environment and increasingly global society have become a new focus. The importance of this is to make information warfare relevant to today’s generation of students and to develop information strategists rather than information specialists who can function effectively on a global stage

Soluble Fermentable Dietary Fibre (Pectin) Decreases Caloric Intake, Adiposity and Lipidaemia in High-Fat Diet-Induced Obese Rats

Funding: This work was funded by the Scottish Government Rural and Environment Science and Analytical Services Division. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer reviewedPublisher PD