Standards for information security and processes in healthcare

Purpose – Regardless of who or where we are and when we get sick, we expect healthcare to make us well and to handle us and our information with care and respect. Today, most healthcare institutions work separately, making the flow of patient information sub‐optimal and the use of common standards practically unheard of. The purpose of this paper is to emphasise the use for standards to improve information security in process‐oriented distributed healthcare.Design/methodology/approach – The paper introduces a real‐life case which is analysed to highlight how and where standards can and should be used in order to improve information security in process‐oriented distributed healthcare.Findings – In total, 11 flaws or problems in information security and process‐orientation are identified. From these, six changes are suggested which address how information is handled, and how organizational routines should be standardized.Research limitations/implications – The case setting is Swedish healthcare, but problem...

[1]  Lech J. Janczewski,et al.  Development of Information Security Baselines for Healthcare Information Systems in New Zealand , 2002, Comput. Secur..

[2]  Mary Durand Thomas,et al.  Case-based teaching and learning experiences. , 2001, Issues in mental health nursing.

[3]  The dilemma of case‐based teaching and learning in science in Hong Kong: Students need it, want it, but may not value it , 2005 .

[4]  Eva Söderström B2B Standards Implementation : Issues and Solutions , 2004 .

[5]  Daniel C. Edelson Learning From Cases and Questions: The Socratic Case-Based Teaching Architecture , 1996 .

[6]  P. Batalden,et al.  A framework for the continual improvement of health care: building and applying professional and improvement knowledge to test changes in daily work. , 1993, The Joint Commission journal on quality improvement.

[7]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[8]  Managed care patient protection or provider protection? A qualitative assessment. , 2004, The American journal of medicine.

[9]  Rose-Mharie Åhlfeldt,et al.  Information Security in Distributed Healthcare: Exploring the Needs for Achieving Patient Safety and Patient Privacy , 2008 .

[10]  Núria Mas,et al.  Is managed care restraining the adoption of technology by hospitals? , 2008, Journal of health economics.

[11]  Case-based teaching in a bilingual context: Perceptions of business faculty in Hong Kong , 2004 .

[12]  Toomas Timpka,et al.  A model for interpreting work and information management in process-oriented healthcare organisations , 2003, Int. J. Medical Informatics.

[13]  Hans Hasselbladh,et al.  Webs of Knowledge and Circuits of Communication: Constructing Rationalized Agency in Swedish Health Care , 2007 .

[14]  W. Richard Scott,et al.  Institutional Change and Healthcare Organizations: From Professional Dominance to Managed Care , 2000 .