PURPOSE
Health managers, administrators and health practitioners now face new challenges due to the increasing dependency being placed on electronic health information systems. This paper focuses on Electronic Health Records for determining the critical attributes for e-health system development. The proposed QUiPS model aims to provide a framework for building trustworthy solutions by identifying the pertinent issues needed to determine the risk exposure with a given system.
APPROACH
To produce dependable, low risk and viable IT solutions, each critical attribute needs to be specifically addressed and prioritized. It is shown how these attributes possess a number of interdependencies making the analysis and prioritization tasks complex and hence, in practice, often incomplete. Two Australian case studies are presented that access enterprise level applications of live health records where these risk based techniques have been applied.
RESULTS
The value and the shortcomings of taking a risk based approach to developing and deploying electronic health information systems that are safe and secure, is evaluated. The case studies presented indicate that traditional methods used to derive the requirements are often inadequate and the risks that are faced in ensuring a safe and secure system are highly application dependent and dynamic.
CONCLUSIONS
Convergence towards a viable universal solution for our electronic health records is not imminent and trust in e-health is fragile. Policies that data custodians follow need to be flexible and updated on a regular basis. Technological solutions are at best a stop gap to avoid the common hazards associated with access control and secure messaging. A wider range of analysis techniques to determine the key issues for a dependable health information system can derive longer term sustainable solutions.
[1]
Peter R. Croll,et al.
Q.U.i.P.S. - a Quality Model for Investigating Risk Exposure in e-Health Systems
,
2004,
MedInfo.
[2]
Peter R. Croll,et al.
Usability Evaluations in Community Health Systems
,
2004
.
[3]
Rebecca T. Mercuri.
The HIPAA-potamus in health care data security
,
2004,
CACM.
[4]
Peter R. Croll,et al.
The System versus The User: An Evaluation of CHIME from Two Different Perspectives
,
2004
.
[5]
B Barber,et al.
How to achieve secure environments for information systems in medicine.
,
1995,
Medinfo. MEDINFO.
[6]
Peter R. Croll,et al.
Quality Assurance of Electronic Health Information Systems Using Q.U.i.P.S
,
2005
.
[7]
Gerrit Bleumer,et al.
Introduction to the SEISMED Guidelines
,
1996,
Data Security for Health Care.
[8]
Hasmukh Morarji,et al.
Perceived Risk: Human Factors Affecting ICT of Critical Infrastructure
,
2006
.