International Journal of Medical Informatics
Volume 78, Issue 12 , Pages 815-826 , December 2009

The health information system security threat lifecycle: An informatics theory

  • Juanita I. Fernando

      Affiliations

    • Mobile Health Research Group, C/- Building 15, Medicine, Nursing and Health Sciences, Monash University, Wellington Road, Monash, Vic 3800, Australia
    • Corresponding Author InformationCorresponding author. Tel.: +61 0 3 9905 8537; fax: +61 0 3 9905 8134.
    • ,
  • Linda L. Dawson

      Affiliations

    • Mobile Health Research Group, Caulfield School of Information Technology, Dandenong Road, Caulfield, Vic 3800, Australia

Received 30 January 2009 ,Revised 27 August 2009 ,Accepted 31 August 2009.

References 

  1. CEN/TC 251, Guidance [web page] 2006 5 June 2004, Available from: <http://www.centc251.org/> (cited 5.10.06).
  2. Southeast Wyoming Telehealth Network (SEWTON) SWTN, Telemedicine terminology, 2008, Available from: <http://www.sewtn.com/> (cited July 4.07.09).
  3. Fernando J. Factors that have contributed to a lack of integration in health information system security. JITH. 2004;2(5):313–328
  4. Cheong I. Privacy and security of personal health information. Inform. Prim. Care. 1996;March 15-9
  5. Paterson M. Freedom of Information and Privacy in Australia: Government and Information Access in the Modern State. Chatswood, NSW: LexisNexis Butterworths; 2005;
  6. Fernando J, Dawson L. Clinician assessments of workplace security training—an informatics perspective. eJHI. 2008;3(1):e7
  7. Ammenwerth E, Schnell-Inderst P, Machan C, Siebert U. The effect of electronic prescribing on medication errors and adverse drug events: a systematic review. J. Am. Med. Inform. Assoc. 2008;15(5):585–600
  8. Garg A, Adhikari N, McDonald H, Roses-Arellano M, Devereaux P, Beyene J. Effects of computerized clinical decision support systems on practitioner performance and patient outcomes: a systematic review. JAMA. 2005;293(10):1223–1238
  9. Hersh W, Helfand MJW. A systematic review of the efficacy of telemedicine for making diagnostic and management decisions. J. Telemed. Telecare. 2002;(8):197–209
  10. Koppel R, Wetterneck T, Telles JL, Karsh B-T. Workarounds to barcode medication administration systems: their occurrences, causes, and threats to patient safety. J. Am. Med. Inform. Assoc. 2008;M2616
  11. Kripalani S, LeFevre F, Phillips CO, Williams MV, Basaviah P, Baker DW. Deficits in communication and information transfer between hospital-based and primary care physicians: implications for patient safety and continuity of care. JAMA. 2007;297(8):831–841
  12. Ash JS, Sittig DF, Dykstra R, Campbell E, Guappone K. The unintended consequences of computerized provider order entry: findings from a mixed methods exploration. Int. J. Med. Inform. 2009;78(Suppl. 1):69–76
  13. Balka E, Doyle-Waters M, Lecznarowicz D, FitzGerald JM. Technology, governance and patient safety: systems issues in technology and patient safety. Int. J. Med. Inform. 2007;76(Suppl. 1):35–47
  14. Collmann J, Cooper T. Breaching the security of the Kaiser Permanente Internet Patient Portal: the organizational foundations of information security. J. Am. Med. Inform. Assoc. 2007;14(2):239–243
  15. Georgiou A, Westbrook J, Braithwaite J, Iedema R, Ray S, Forsyth R, et al. When requests become orders—a formative investigation into the impact of a computerized physician order entry system on a pathology laboratory service. Int. J. Med. Inform. 2007;76(8):583–591
  16. Han YY, Carcillo JA, Venkataraman ST, Clark RSB, Watson RS, Nguyen TC, et al. Unexpected increased mortality after implementation of a commercially sold Computerized Physician Order Entry system. Pediatrics. 2005;116(6):1506–1512
  17. Koppel R, Metlay JP, Cohen A, Abaluck B, Localio AR, Kimmel SE, et al. Role of computerized physician order entry systems in facilitating medication errors. JAMA. 2005;293(10):1197–1203
  18. Kushniruk AW, Triola MM, Borycki EM, Stein B, Kannry JL. Technology induced error and usability: the relationship between usability problems and prescription errors when using a handheld application. Int. J. Med. Inform. 2005;74(7-8):519–526
  19. McAlearney AS, Chisolm DJ, Schweikhart S, Medow MA, Kelleher K. The story behind the story: physician skepticism about relying on clinical information technologies to reduce medical errors. Int. J. Med. Inform. 2007;76(11-12):836–842
  20. NEHTA, Privacy blueprint on unique healthcare identifiers—report on feedback [homepage on the internet-report] 2007 14/5/2009, Resource type: context and strategic direction. Available from: <http://www.nehta.gov.au/component/docman/doc_download/258-privacy-blueprint-on-unique-healthcare-identifiers-report-on-feedback> (cited 3.07.09).
  21. D.J. Protti, The use of computers in health care can reduce errors, improve patient safety, and enhance the quality of service—there is evidence, 2005, Available from: <http://www.npfit.nhs.uk/worldview/protti2/> (cited 3.07.09).
  22. Timmons S. Nurses resisting information technology. Nurs. Inq. 2003;10(4):257–269
  23. K. Bisset, Unscripted errors [news story] 2006, Available from: <http://www.mail-archive.com/gpcg_talk@ozdocit.org/msg02492.html> (cited 3.07.09).
  24. Black R, Woolman P, Kinsella J. Variation in the transcription of laboratory data in an intensive care unit. Anaesthesia. 2004;59(8):767–769
  25. Rodriguez-Vera JF, Marin Y, Sanchez A, Borrachero C, Pujol E. Illegible handwriting in medical records. J. R. Soc. Med. 2002;95:545–546
  26. Ash JS, Sittig DF, Dykstra RH, Guappone K, Carpenter JD, Seshadri V. Categorizing the unintended sociotechnical consequences of computerized provider order entry. Int. J. Med. Inform. 2007;76(Suppl. 1):21–27
  27. Nichols P, Copeland T-S, Craib IA, Hopkins P, Bruce DG. Learning from error: identifying contributory causes of medication errors in an Australian hospital. eMJA. 2008;188(5):276–279
  28. Ash JS, Berg M, Coiera E. Some unintended consequences of information technology in health care: the nature of patient-care information system-related errors. J. Am. Med. Inform. Assoc. 2004;11(2):104–112
  29. Campbell E, Sittig DF, Ash JS, Guappone KP, Dykstra RH. Types of unintended consequences related to computerised provider order entry. J. Am. Med. Inform. Assoc. 2006;13(5):547–557
  30. J. Nielsen, Medical usability: how to kill patients through bad design, Alertbox 2005 April 11 2005, eNewsletter, Available from: <http://www.useit.com/alertbox/20050411.html> (cited 3.07.09).
  31. Westbrook JI, Braithwaite J, Georgiou A, Ampt A, Creswick N, Coiera E, et al. Multimethod evaluation of information and communication technologies in health in the context of wicked problems and sociotechnical theory. J. Am. Med. Inform. Assoc. 2007;14(6):746–755
  32. NEHTA, Interoperability maturity model ver 1.0. 2007 [excerpt from home page] 26 March 2007, Available from: <http://www.nehta.gov.au/index.php?option=com_docman&task=doc_view&gid=220&Itemid=139> (cited 3.07.09).
  33. Post GV, Kagan A. Evaluating information security tradeoffs: restricting access can interfere with user tasks. Comput. Secur. 2007;26(3):229–237
  34. Vogelsmeier AA, Halbesleben JRB, Scott-Cawiezell JR. Technology implementation and workarounds in the nursing home. J. Am. Med. Inform. Assoc. 2008;15(1):114–119
  35. C. Bartlett, K. Boehncke, M. Haikerwal, E-health: enabler for Australia's health reform v.2.0 (Discussion paper) [pdf file] 2008, p. 66. Available from: <http://www.health.gov.au/internet/nhhrc/publishing.nsf/Content/> (cited 2.07.09).
  36. KPMG for NSW Health, HealtheLink Electronic Health Record Pilot evaluation—summary report [pdf file] 2008 1 September 2008 government report, Available from: <http://www.health.nsw.gov.au/pubs/2008/healthelink_summary.html> (cited 2.07.09).
  37. Medlin BD, Cazier JA. An empirical investigation: health care employee passwords and their crack times in relationship to HIPAA security standards. Int. J. Health Care Inform. Syst. Informatics. 2007;2(3):39–48
  38. Williams P. When trust defies commons sense. Health Informatics J. 2008;14(3):211–221
  39. The Boston Consulting Group. National health information management and information and communications technology strategy. National Health Information Group (NHIG) and Australian health Information Council; 8 April, 2004;
  40. Chaudhry B, Wang J, Wu S, Maglione M, Mojica W, Roth E, et al. Systematic review: impact of health information technology on quality, efficiency, and costs of medical care. Ann. Intern. Med. 2006;144(10):742–752
  41. Fassett MJ, Hannan TJ, Robertson IK, Bollipo SJ, Fassett RG. A national survey of medical morning handover report in Australian hospitals. eMJA. 2007;187(3):164–165
  42. Amarasingham R, Pronovost PJ, Diener-West M, Goeschel C, Dorman T, Thiemann DR, et al. Measuring clinical information technology in the ICU setting: application in a quality improvement collaborative. J. Am. Med. Inform. Assoc. 2007;14(3):288–294
  43. Ralston JD, Carrell D, Reid R, Anderson M, Moran M, Hereford J. Patient web services integrated with a shared medical record: patient use and satisfaction. J. Am. Med. Inform. Assoc. 2007;14(6):798–806
  44. M. Haikerwal, Patient privacy must be governed by a unified national system [news] 2006 28 October 2006, Available from: <http://www.theaustralian.news.com.au/story/0,20867,20655988-23289,00.html> (cited 4.07.09).
  45. Standards Australia, HB 174 2003: information security management—implementation guide for the health sector—the key controls, Standards Australia, 2006.
  46. Bryan CS. What is the Oslerian tradition?. Ann. Intern. Med. 1994;120(8):682–687
  47. Siegler M. A legacy of Osler. Teaching clinical ethics at the bedside. JAMA. 1978;239(10):951–956
  48. G. O’Grady, J. Koea, T. Koelmeyer, The system and method of medicine [Home page on the internet] 2006, Available from: <http://www.systemofmedicine.com/Welcome.html> (cited 2.07.09).
  49. Piccini JP, Nilsson KR. The Osler Medical Handbook. 2nd ed.. Philadelphia, PA: Mosby: The Johns Hopkins Hospital; 2006;
  50. O’Rourke MF. William Osler: a model for the 21st century? Osler's teachings are as relevant now as they were 100 years ago. eMJA. 1999;577–579
  51. S. Hinohara, Olser in Japan, Osler Library Newsletter, 1984, pp. e1–2, Available from: <http://www.mcgill.ca/files/osler-library/No45February1984.pdf> (cited 4.07.09).
  52. Irvine DH. Everyone is entitled to a good doctor. eMJA. 2007;256–261
  53. A. Thomas, Walker-Smith JC-p, Osler Club of London, January 6 2008, Available from: <http://www.osler.org.uk/> (cited 3.07.09).
  54. J. Fernando, An analysis of current clinician security practices while using health information systems security, Melbourne, Monash, Unpublished Ph.D. Thesis, 2008.
  55. Yin RK. Case Study Research: Design and Methods. 3 ed.. Thousand Oaks, CA: Sage Publications; 2003;
  56. Pope C, Mays N. Reaching the parts the other methods cannot reach: an introduction to qualitative methods in health and health services research. BMJ. 1995;3(11):42–45
  57. Adamson J, Gobberman-Hill R, Woolhead G, Donovon J. ‘Questerviews’: using ‘questerviews’ in qualitative interviews as a method of integrating qualitative and quantitaive health services research. J. Health Serv. Res. Policy. 2004;9(3):139–145
  58. HL7 Inc., HL7 reference information model becomes ISO standard [pdf] 2006 18 September, Available from: <http://www.hl7.org/documentcenter/public/pressreleases/20060918.pdf> (cited 4.07.09).
  59. HL7, HL7 Version 3 (Draft), 2003, Available from: <http://www.hl7.org/> (cited 4.07.09).
  60. Glaser BG. The future of grounded theory. QHR. 1999;9(6):836–846
  61. Miles MB, Huberman AM. Qualitative Data Analysis: An Expanded Sourcebook. 2nd ed.. Thousand Oaks: Sage Publications; 1994;
  62. Charmaz K. Constructing Grounded Theory: A Practical Guide Through Qualitative Analysis. Thousand Oaks, CA: Sage; 2006;
  63. Urquhart C, Fernandez W. Grounded theory method: the researcher as blank slate and other myths. In: Twenty-Seventh International Conference on Information Systems. Milwaukee, USA. 2006;p. 457–464

PII: S1386-5056(09)00130-0

doi: 10.1016/j.ijmedinf.2009.08.006

International Journal of Medical Informatics
Volume 78, Issue 12 , Pages 815-826 , December 2009

Article Tools

* Image Usage & Resolution