Flexibility and Security of Careflow Systems Modeled by Petri Nets

The purpose of this chapter is to present an interplay of two important structural and behavioral features of robust intelligence in careflow systems, called flexibility and multi-level security. The chapter deals with design and analysis of careflow systems, i.e. workflow systems with applications in broadly understood healthcare industry. The authors focus on providing a robust intelligence to such systems in a form of structural and behavioral flexibility. They analyze several forms of design and run-time flexibility. However, the authors focus on case handling systems, exception handling, and on careflow systems with sub-processes called worklets. They also present how to model multi-level security within careflow systems that already have desired forms of flexibility. This implies that flexibility and security are conceptually independent and can therefore be modeled with Petri nets separately and incrementally in sequential order, first flexibility and then security. The authors apply Petri nets and colored Petri nets as conceptual modeling tool. They use example of Cutaneous Melanoma (CM) to illustrate some of our considerations.

Modeling Access Control in Healthcare Organizations

Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.

Behavioral Security

Information and computer security are gaining continuous attention in the context of modern organizations across all domains of human activities. Emphasizing on behavioral factors toward the applicability of security measures and practices is an area under research, aiming to look beyond the strict technical peculiarities and investigate human attitudes in regards to security consciousness and familiarity. The aim of this chapter is to shed light on those aspects in relation with healthcare, by empirically assessing the intention of undergraduate nursing students to apply security concepts and practices. A research theoretical framework is proposed based on an empirical synthesis of constructs adopted from well established theories as the Health Belief Model and the Protection Motivation Theory along with a variety of previous research works. The model is then empirically tested and validated against a sample of 149 undergraduate nursing students. Data analysis was performed using partial least squares. The research findings highlighted the significant effects of perceived benefits, general security orientation and self-efficacy to behavioral intention along with the positive effect of general controllability to self-efficacy of nursing students in applying security concepts and practices, whereas a series of other constructs did not prove to be significant. The study outcomes contribute to further observations related with behavioral security. Despite the fact that the current empirical study was conducted under a specific context and settings, implications are discussed, regarding the security readiness of nursing students prior their engagement to a real healthcare environment.

Health 2.0 and Medicine 2.0

The collaborative nature of Medicine 2.0/Health 2.0 and its emphasis on personalized health care clearly outlines it with respect to e-health and Web 2.0. The Semantic Web uses the notion that the meaning of a concept relates to other concepts. Therefore, it amplifies many of the existing challenges, but also offers new opportunities for the quality problems of Web 2.0 and enhances the potential to translate information into knowledge. Perhaps the most exciting expectation is that people will use the semantic web to search for healthcare providers of the highest quality, using services that take into account their own preferences and employ decentralized data from different sources. On the other hand, the Semantic Web magnifies privacy and may raise concerns about disintermediation between patients and health professionals and over reliance on virtual interactions. Therefore, the perspective of the chapter is to consider the key debates that occur in the literature with respect to the terms Medicine 2.0 and Health 2.0 acknowledging that any authentic solution to health problems has to originate from patient-centered care.

Statistical Models for EHR Security in Web Healthcare Information Systems

Security is an important requirement for health information systems. Security is important for several reasons, most of which have a foundation in economics. Firstly, equipment is expensive to get, install, and integrate into the infrastructure of an organization. Secondly, the operations of an organization are based on the applied technology infrastructure, which means that disruption of operations quickly turns into unnecessary costs and, when applicable, potential loss of revenue. The adoption of digital patient records, increased regulation, supplier consolidation, and the increasing demand for information, highlights the need for better information security. Electronic health (e-Health) has become an important area of concern. A comprehensive EHR (Electronic Health Record) at the point of care could be created by collecting and sharing data among all sites at which patient receives care, as well as by incorporating information supplied by the patient. One of the greatest incentives to adopting EHRs will be reaching a critical mass of information sharing investors in health care information technology. In this work the authors examine the security properties of the EHR, with a special emphasis on software reliability. The authors focus on modelling and studying the reliability feature of the EHR. Special attention is given on exploiting the mathematical foundations of reliability modelling in a service-oriented architecture. Statistical measures called web metrics can be introduced to assess the performance of these systems.

Information Security Standards for Health Information Systems

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

A Context-Aware Authorization Model for Process-Oriented Personal Health Record Systems

Healthcare delivery is a highly complex process involving a broad range of healthcare services, typically performed by a number of geographically distributed and organizationally disparate healthcare providers requiring increased collaboration and coordination of their activities in order to provide shared and integrated care. Under an IT-enabled, patient-centric model, health systems can integrate care delivery across the continuum of services, from prevention to follow-up, and also coordinate care across all settings. In particular, much potential can be realized if cooperation among disparate healthcare organizations is expressed in terms of cross-organizational healthcare processes, where information support is provided by means of Personal Health Record (PHR) systems. This chapter assumes a process-oriented PHR system and presents a security framework that addresses the authorization and access control issues arisen in these systems. The proposed framework ensures provision of tight, just-in-time permissions so that authorized users get access to specific objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced.

Password Sharing and How to Reduce It

Password sharing is a common security problem. Some application domains are more exposed than others and, by dealing with very sensitive information, the healthcare domain is definitely not exempt from this problem. This chapter presents a case study of a cross section of how healthcare professionals actually deal with password authentication in typical real world scenarios. It then compares the professionals’ actual practice with what they feel about password sharing and what are the most frequent problems associated with it. Further, this chapter discusses and suggests how to solve or minimize some of these problems using both technological and social cultural mechanisms.

Securing and Prioritizing Health Information in TETRA Networks

Cost reduction pressures and the need for shortened in-patient stays are promoting the use of wireless patient monitoring systems in hospitals. Their contribution to better process management, superior flexibility and increased efficiency within hospitals is further underlining the appeal of wireless networking options for patient monitoring systems. Wireless connectivity has encouraged an overall rise in productivity through improved workflow and data management. Wireless patient monitors have also supported enhanced flexibility within the hospital environment by enabling remote monitoring of patients. TETRA technology provides several ways of protecting the privacy and security of communication, such as authentication, air interface encryption and end-to-end encryption. The objective of this chapter is to study how simply can a healthcare professional collect physiological data from mobile and/or remote patients and how securely and reliably health information can be transferred from emergency places to hospitals through a TETRA network.

Online Advertising in Relation to Medicinal Products and Health Related Services

This study examines special issues of online advertising in relation to medicinal products and health related services. It demonstrates that the marketing of medicinal products over the internet puts consumers at a number of risks related to both their privacy and their health. It endeavours to answer the question whether the existing EU legislation can efficiently protect the individual, who may be induced to disclose his/her health related information to and be involved in transactions with entities of questionable origin for the purchase of medicinal products online.