Use this URL to cite or link to this record in EThOS:
Title: Achieving a secure collaborative environment in patient-centred healthcare with legacy information systems
Author: Alsalamah, Shada
ISNI:       0000 0004 5352 7148
Awarding Body: Cardiff University
Current Institution: Cardiff University
Date of Award: 2015
Availability of Full Text:
Access through EThOS:
Access through Institution:
Modern healthcare has been shifting from a traditional fragmented disease-centred delivery approach towards a more integrated Patient-Centred (PC) one to support comorbidities, when the patient suffers from more than one condition or disease. In PC delivery the patient is at the heart of its services which are tailored to meet an individual’s needs holistically. Enabling PC care requires the flow of medical information with the patient between different healthcare providers supporting the patient’s treatment plan, and sharing of information across healthcare organisations so that the Care Team (CT) can seamlessly access relevant medical information held in different information systems. In many countries this PC movement is taking an evolutionary approach that involves Legacy Information Systems (LIS) as they are the backbone of the healthcare organisation’s information. However, this collaboration reveals weaknesses in LIS in this role, as they may block a CT from accessing information, as they cannot comply with the information security policies for shared information that is needed in this collaborative environment to support PC. This is mainly because each of these LIS was designed as an autonomous discrete information system that enforces an organisation-driven information security policy protecting only local information resources through an Access Control (AC) model. This creates a single local point-of-control, limited by the system’s physical perimeter, to meet local information sharing and security contexts. This means PC adoption may require incorporation of multiple autonomous discrete information systems which presents four challenges – inconsistent policies, perimeter-bounded AC models, multiple points-of-controls, and heterogeneous LIS. First, such collaborative environments lack collaboration-driven information security policies that best meet the protection needs in the collaboration sharing and security contexts. Second, they deploy incompatible AC models that are not perimeter-transparent, and thus, unable to stretch across the discrete information systems to cover the whole collaborative environment. Third, these environments do not deploy a single obvious point-of-control with authority for policy enforcement. Finally, they need to access heterogeneous LIS that are not compatible with each other, and thus, it is essential that solutions can be integrated and coupled with these LIS to facilitate the utilisation of information stored in these systems. Current solutions addressing this situation fall short of meeting these challenges in establishing secure collaborative environments with LIS because they lack a comprehensive information security approach to meet the information sharing and security contexts driven by the collaboration. This research introduces a roadmap towards achieving a Secure Collaborative Environment (SCE) in collaborative environments using LIS from diverse organisations that addresses the above challenges, and meets the collaboration information sharing and security contexts without interrupting the local contexts of these LIS. An empirical study is used to determine how to create an SCE in modern healthcare which addresses the problems raised by incorporating LIS. This meets the collaborative information sharing context by creating an information layer that manages the information flow between healthcare providers based on treatment points. It also meets the information security context in the treatment pathways by controlling access to information in each treatment point using a Patient-Centred Access Control (PCAC) model. This model creates a PC-driven information security policy at the collaboration level that meets the overall care goal, enforces this balance in a neutral security domain with a single authority point-of-control that stretches across organisations anywhere within the collaboration environment, while retaining the local medical information security of shared information among the CT. Using domain analysis, observations, and interviews, the PC-driven balance of information security in cancer care, threats in LIS currently used in cancer care to attain that balance, and eight information security controls are identified. These controls manage information through an information layer and control access to the information through the novel PCAC model needed by these systems to attain that balance and address the problem. Using Workflow Technology (WfT), a prototype system implementing these controls to achieve a Secure Healthcare collaborative Environment (SHarE) has been fully studied, developed, and assessed. SHarE constructs an independent information layer that is based on treatment and lies on top of the interface of the currently used LISs to formalise and manage a unique treatment journey, while the PCAC model enforces access rules as the patient progresses along their treatment journey. This layer is designed as a loosely coupled wrapper based system with LIS to embrace the local organisation-centred access controls without interruption and sustain the balance of information security. Finally, using interviews, SHarE was assessed based on three criteria: usefulness and acceptance, setup and integration, and information governance. Results show that all interviewees agree that currently information does not always flow with the patient as they go along their treatment journey and nine different causes for this were suggested. All interviewees with no exception agreed that SHarE addresses this problem and helps the information flow with the patient between healthcare providers, and that it would be possible for SHarE to be adopted by a CT in cancer care. Over half the interviewees agreed that it is an easy to use system, useful, and helps locate information. The results also show there is an opportunity for SHarE to be integrated with CaNISC as some interviewees thought it is a much simpler system. However, multiple patient identifiers for a patient, as each system can have its own identifier, is predicted to be the biggest integration challenge. Results also show that SHarE and its controls attain the right balance of information security defined by the Caldicott Guardian and comply with the six Principles of the Caldicott Guardian. Although the assessment of SHarE highlighted a number of challenges and limitations that may hinder its adoption and integration if not carefully considered in the future, this proposal allowed the achievement of creating an SCE required to adopt PC care and attain the security balance necessary to support PC care systems.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available
Keywords: QA75 Electronic computers. Computer science ; RA0421 Public health. Hygiene. Preventive Medicine