Document Type

Journal Article

Publisher

Central Queensland University

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute/eHealth Research Group

RAS ID

18839

Comments

This article was originally published as: Coles-Kemp, E. , & Williams, P. A. (2014). Changing Places: The Need to Alter the Start Point for Information Security Design. electronic Journal of Health Informatics, 8(2), Article No. e13. Original article available here

Abstract

Information security is a necessary requirement of information sharing within an electronic health system because without it confidentiality, availability, or integrity controls are absent. Research shows that the application of security in this setting is subject to workarounds partly because of resistance to security controls from clinicians who feel that their voice is excluded from the security design process. Heeks' explored the nature of health system design and referred to the distance between system designer and practitioner as the 'design-reality gap'. To reduce this gap, systems designers typically deploy usercentred, participatory approaches to design. They use various forms of consultation and engagement to ensure that the needs of users are responded to within the design and that users understand the design process and constraints. Whilst there is evidence to suggest that the overall electronic health records (EHR) system design has increasingly used elements of a participatory, human-centred design approach, the security elements of design are still technology-focused. This discussion paper characterises the problem, outlines the principles of Heeks' Information, Technology, Processes, Objectives, Skills, Management Systems, Other Resources (ITPOSMO) framework, and then uses this framework to evaluate security dimensions of both the UK and Australian EHR programmes. The resulting proposal for a 'communities of practice' approach as an alternative start-point to healthcare systems security design, provides a basis for reconceptualising the integration of security practices into EHR systems. In the increasingly distributed and complex environment of healthcare delivery, this new approach can help to address the fundamental challenges experienced in healthcare security practice today.

Creative Commons License

Creative Commons Attribution 3.0 License
This work is licensed under a Creative Commons Attribution 3.0 License.

Share

 
COinS