Healthcare is taking an evolutionary approach towards the adoption of Patient-Centred (PC) delivery approach, which requires the flow of information between different healthcare providers to support a patient's treatment plan, so the Care Team (CT) can seamlessly and securely access relevant information held in the different discrete Legacy Information Systems (LIS). Each of these LIS deploys an organisational-driven information security policy that meets its local information sharing context needs. Nevertheless, incorporating these LIS in collaborative PC care brings multiple inconsistent policies together, which raises a number of information security threats that can block the CT access to critical information across a patient's treatment journey. Using an empirical study, this chapter identifies information security threats that can cause the issue, and defines a common collaboration-driven information security design. Finally, it identifies requirements in LIS to address the inconsistent policies in modern PC collaborative environments that would help improve the quality of care.
TopIntroduction
Population ageing is a demographic revolution affecting the entire world (United Nations Population Fund (UNFPA), 2014) due to medical advances, increased child survival, and improved health care. This is evidenced by figures published by the UNFPA (UNFPA, 2014); see Figure 1, which shows the increasing number of people aged 60 or over between the years 1950-2050 in the world's developed and developing countries (UNFPA, 2014). However, this does not mean that older persons should be a burden (UNFPA, 2014). Older people’s health conditions require more holistic care as comorbidity is more prevalent in older patients than in younger ones (McGarrigle, H., Personal Communication, November 2013). Patients with comorbidity suffer from more than one condition at a time, and so they follow multiple treatment pathways. It is clear that healthcare delivery systems need to cope with this emerging need, and be ready for the ageing population, with modern integrated healthcare services that can cope holistically with a patient with more than one health condition.
Figure 1. Number of people aged 60 or over: World, developed and developing countries, 1950-2050 (UNFPA, 2014)
Therefore, the delivery of healthcare in many countries has been shifting towards an integrated PC care using an evolutionary approach that incorporates Legacy Information Systems (LIS). PC healthcare is where care provision is tailored to meet an individual patient’s needs holistically. It is the basis of modern healthcare collaborative environments today, and many countries are using an evolutionary approach to shift towards PC care by building integrated systems based on the sound foundations of the current LIS to support it. The movement towards PC using LIS creates a new information sharing context that is collaboration-driven and is different from local organisation-driven contexts of LIS. This new context, however, requires medical information to flow with the patient between different healthcare providers as they follow the patient's treatment plans and share information across healthcare organisations. This allows the CT to seamlessly access relevant information held in different discrete information systems so that a complete picture is available if required. Nevertheless, meeting this collaboration-driven information sharing context demands an information security context that can carefully balance between enabling seamless access to CT without invading the patient’s privacy. This can be addressed using an information security design that ensures the confidentiality, integrity, and availability of patient information is preserved in this collaborative environment (Calder & Watkins, 2008; Mense et al., 2013; Pfleeger and Pfleeger, 2003; Pipkin, 2000; Posthumus and von Solms, 2004; SANS Institute, 2001). Therefore, collaboration-driven information security should meet the overall care goal while retaining local information security for shared medical information among the CT. However, LIS were not designed to support a holistic view of a patient record needed in comorbidity, as they were developed to meet the needs of the disease centred approach at a time when information sharing was not common. LIS are unable to support seamless access to information because they are unable to comply with the information security of the shared information that is coming together in this collaborative environment supporting PC care, whether this information is related to a patient following one treatment pathway or one who has comorbidities. This is because the LIS incorporated in PC collaborative environments as part of the evolutionary approach are autonomous discrete information systems, where each of these systems protects its information using an information security context that is suitable for its local information sharing context. Consequently, a LIS may compromise on the availability of information by blocking a CT from accessing the information they need to care for the patient, and so interrupt care continuity. Thus, LIS require additional security features to cope with this emerging need if they are to participate in collaborative PC. This chapter aims to identify the range of information security threats that LIS present to PC care thus limiting its implementation, and derive a set of information security requirements in LIS to mitigate these threats, while being incorporated into collaborative PC care.