Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.

Published byJoseph Cole Modified over 9 years ago

Similar presentations

Presentation on theme: "ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF."— Presentation transcript:

1 ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF Lillian Røstad SINTEF Øystein Nytrø NTNU

2 ICT 2 The iAccess Project Integrated Access Control for Healthcare Information Systems (iAccess) Funded by the Norwegian Research Council 2005-2008 (++) Applied research activities + two PhD-students A research partnership between NTNU, SINTEF and UiO NTNU: Dep. of Computer and Information Science SINTEF: Dep. Software Engineering, Safety and Security UiO: Faculty of law Participants: Rikshospitalet University Hospital/The Norwegian Radium Hospital Central Norway Regional Health Authority (HEMIT)

3 ICT 3 Background – Access Control Integration Reality: Not one EHR, many clinical systems! Integration of healthcare information from several system is an emerging trend Local Regional National Access control is a key issue in order to share sensitive information Various access control mechanisms Access control in integrated systems Access control is dependent on the information Strict legal requirements for information security and patient privacy Challenges related to technology, organization and legislation

4 ICT 4 The iAccess Handbook (Norwegian) iaccess.idi.ntnu.no

5 ICT 5 The iAccess Handbook – Content (1) Part 1 – Reference Information A repository of useful information Technical viewpoint Organizational viewpoint Legal viewpoint

6 ICT 6 Overview of Central Laws and Regulations Regulations related to the access restriction to treatment of health information. Classified according to formal-, factual-, personnel regulations Regulations related to instructions, permissions and conditions for sending, receiving and exchanging health information Regulations related to information quality Regulations related to provision of the confidentiality, integrity and availability of health information Regulations related to internal control Regulations related to particular technical, physical or organisational methods of treatment

7 ICT 7 The iAccess Handbook – Content (2) Part 2 – Survey Methods Part 3 – Combining and Presenting Results  The iAccess Method

8 ICT 8 Documentation Study Examples of relevant information: legislation local policies and routines documentation of existing systems plans and strategies for the future Our experience: Hard to know what you will get...

9 ICT 9 Process Workshops Different focus groups Decision makers System developers/maintainers Process maps Activities, roles, documentation/tools Results Process maps Discussions!! Scenarios A new employee starts working at the hospital, and needs access to the IT-systems. An employee accesses the patient record of his neighbor, without having a medical responsibility for this neighbor.

10 ICT 10 Semi-Structured Interviews Experiences of system users How does the current access control solution influence their workday? Interviewees Clinical personnel – physicians, nurses, nutritionists Administrative personnel – secretaries Questions based on the scenarios used in the process workshops Enables comparison

11 ICT 11 Combining Results Show results from the different types of surveys in the same diagrams Domain models Relation between concepts Use cases/misuse cases Real world shortcomings, conflicts, grey areas Activity diagrams More structured than process maps Map activities to roles Add comments and information about documentation/tools

12 ICT 12 Example Activity Diagram: The New Employee Scenario

13 ICT 13 Experiences from the use of the methods Useful for retrieving information related to organizational issues and work processes Are often not described in one single document Information sharing between the participants The process maps are not ideal for retrieving technical information Too many details Hard to show information flow Important to combine inputs from different focus groups Grasp the full picture Makes it possible to discover differences in opinions

14 ICT 14 Input from different focus groups Decision makers Focus on routines, plans for the future System developers/maintainers Focus on the IT systems System users How does the system fit their work day Example1: Routines and responsibilities for auditing of logs Problems with checking huge logs Users have high expectations regarding detection of misuse Example 2: Routines and forms involved when access is to be assigned to a system How is this done technically in the systems? How is this process experienced by the users?

15 ICT 15 Conclusion The handbook and the methods  Starting point for working on the challenges of access control in integrated health information systems Target group PhD students Hospitals (IT departments) Many challenges Technical Organizational Juridical

16 ICT 16 Further Work Improve the iAccess handbook Test new methods Taxonomy for classification of access control Observations, logs, questionnaires???? To be decided... Focus on consent? PhD students.... We have concentrated on access control within hospitals There are also challenges regarding access to information between hospitals (and also other care givers)

17 ICT 17 Thank you!

Download ppt "ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF."

Similar presentations

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Policy & Peer Permission (PPP) System Project: Development of User-Friendly Access Control Policy Statements For Use with Electronic Health Records Maryann.

Policy & Peer Permission (PPP) System Project: Development of User-Friendly Access Control Policy Statements For Use with Electronic Health Records Maryann.
Identifying enablers & disablers to change

Identifying enablers & disablers to change
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Overview of trauma systems in Uganda: Current state and potential for development Dr. Isaac Alidria - Ezati Accident and Emergency Department Mulago hospital.

Overview of trauma systems in Uganda: Current state and potential for development Dr. Isaac Alidria - Ezati Accident and Emergency Department Mulago hospital.
Workshop 501 and 505 Review barriers to communication

Workshop 501 and 505 Review barriers to communication
Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.

Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.
Interoperability in the Collaborative Medical Information Systems Dragan Janković, Ivica Marković Faculty of Electronic Engineering University of Niš.

Interoperability in the Collaborative Medical Information Systems Dragan Janković, Ivica Marković Faculty of Electronic Engineering University of Niš.
Ethnography and Evaluation Dr. K. Neil Jenkings DuDEHR.

Ethnography and Evaluation Dr. K. Neil Jenkings DuDEHR.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
Information and Communication Technology Research Initiative www.ictri.port.ac.uk Supporting the self management of obesity: The role of ICTs University.

Information and Communication Technology Research Initiative Supporting the self management of obesity: The role of ICTs University.
Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.

Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.
Management of Communication and Information Chapter -MCI

Management of Communication and Information Chapter -MCI
DR EBTISSAM AL-MADI Management of Information in health care organizations.

DR EBTISSAM AL-MADI Management of Information in health care organizations.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 7 Slide 1 Requirements Engineering Processes 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 7 Slide 1 Requirements Engineering Processes 1.
Patients as Partners: at the Forefront of Service Redesign An Introduction to Patient Focus Public Involvement.

Patients as Partners: at the Forefront of Service Redesign An Introduction to Patient Focus Public Involvement.
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
Preliminary Survey Lectured by Dr. Siriluck Sutthachai Accounting Department Faculty of Management Science Khon Kaen University Khon Kaen, Thailand.

Preliminary Survey Lectured by Dr. Siriluck Sutthachai Accounting Department Faculty of Management Science Khon Kaen University Khon Kaen, Thailand.
QESTRAIN –project Personnel training model for integrated quality-environment-safety managements system in hospitals and public health services 1st Internal.

QESTRAIN –project Personnel training model for integrated quality-environment-safety managements system in hospitals and public health services 1st Internal.
Current Situation and CI Requirements OOI Cyberinfrastructure Integrated Observatory Management Workshop San Diego May 28-29, 2008.

Current Situation and CI Requirements OOI Cyberinfrastructure Integrated Observatory Management Workshop San Diego May 28-29, 2008.

Similar presentations

Ads by Google