• Int J Med Inform · Dec 2009

    The health information system security threat lifecycle: an informatics theory.

    • Juanita I Fernando and Linda L Dawson.
    • Medicine, Nursing and Health Sciences, Monash University, Monash, Victoria, Australia. juanita.fernando@med.monash.edu.au
    • Int J Med Inform. 2009 Dec 1;78(12):815-26.

    PurposeThis manuscript describes the health information system security threat lifecycle (HISSTL) theory. The theory is grounded in case study data analyzing clinicians' health information system (HIS) privacy and security (P&S) experiences in the practice context.MethodsThe 'questerview' technique was applied to this study of 26 clinicians situated in 3 large Australian (across Victoria) teaching hospitals. Questerviews rely on data collection that apply standardized questions and questionnaires during recorded interviews. Analysis (using Nvivo) involved the iterative scrutiny of interview transcripts to identify emergent themes.ResultsIssues including poor training, ambiguous legal frameworks containing punitive threats, productivity challenges, usability errors and the limitations of the natural hospital environment emerged from empirical data about the clinicians' HIS P&S practices. The natural hospital environment is defined by the permanence of electronic HISs (e-HISs), shared workspaces, outdated HIT infrastructure, constant interruption, a P&S regulatory environment that is not conducive to optimal training outcomes and budgetary constraints. The evidence also indicated the obtrusiveness, timeliness, and reliability of P&S implementations for clinical work affected participant attitudes to, and use of, e-HISs.ConclusionThe HISSTL emerged from the analysis of study evidence. The theory embodies elements such as the fiscal, regulatory and natural hospital environments which impede P&S implementations in practice settings. These elements conflict with improved patient care outcomes. Efforts by clinicians to avoid conflict and emphasize patient care above P&S tended to manifest as security breaches. These breaches entrench factors beyond clinician control and perpetuate those within clinician control. Security breaches of health information can progress through the HISSTL. Some preliminary suggestions for addressing these issues are proposed.Study LimitationsLegislative frameworks that are not related to direct patient care were excluded from this study. Other limitations included an exclusive focus on patient care tasks post-admission and pre-discharge from public hospital wards. Finally, the number of cases was limited by the number of participants who volunteered to participate in the study. It is reasonable to assume these participants were more interested in the P&S of patient care work than their counterparts, though the study was not intended to provide quantitative or statistical data. Nonetheless, additional case studies would strengthen the HISSTL theory if confirmatory, practice-based evidence were found.

      Pubmed     Full text   Copy Citation     Plaintext  

      Add institutional full text...

    Notes

     
    Knowledge, pearl, summary or comment to share?
    300 characters remaining
    help        
    You can also include formatting, links, images and footnotes in your notes
    • Simple formatting can be added to notes, such as *italics*, _underline_ or **bold**.
    • Superscript can be denoted by <sup>text</sup> and subscript <sub>text</sub>.
    • Numbered or bulleted lists can be created using either numbered lines 1. 2. 3., hyphens - or asterisks *.
    • Links can be included with: [my link to pubmed](http://pubmed.com)
    • Images can be included with: ![alt text](https://bestmedicaljournal.com/study_graph.jpg "Image Title Text")
    • For footnotes use [^1](This is a footnote.) inline.
    • Or use an inline reference [^1] to refer to a longer footnote elseweher in the document [^1]: This is a long footnote..

    hide…