Framework for Assessing Information Security in E-Healthcare

Verified

Added on 2020/09/08

AI Summary

This concept paper, authored by Joan Namwenya Soita from the University of Nairobi, focuses on developing a framework for assessing the adequacy of information security in e-healthcare within the Kenyan context. The paper highlights the critical importance of information security in healthcare organizations, particularly concerning Electronic Healthcare Records (EHRs) and patient data. It identifies the lack of adopted frameworks for assessing information security in Kenya, despite the increasing threats to electronic information. The research aims to validate a developed framework, establish parameters to measure the quality of e-healthcare information security, and develop a comprehensive assessment framework. The methodology involves qualitative research including literature reviews, case studies, and interviews. The paper outlines the proposed project structure, including chapters on background, problem definition, research methodology, theoretical and empirical work, results, data analysis, and recommendations. The paper emphasizes the need for a dynamic information security assessment framework to address the challenges in managing and securing patient information within the healthcare system.

1
CONCEPT PAPER
University of Nairobi
Health Informatics
Names: Joan Namwenya Soita
Adm No: P51/73095/2014
Title: Framework for Assessment of the Adequacy of Information Security in E-Healthcare in
Kenya
Introduction
Information security is a vital aspect in the healthcare organizations (Appari & Johnson, 2010).
Most healthcare organizations use the Electronic Healthcare Record with the patients'
information. EHR, however, is considered very sensitive in the healthcare organization (van der
Linden, Kalra, Hasman, & Talmon, 2009). The confidential information of patients in the
healthcare need to be well managed to assure its safety as well as the security so that the
incidences of unauthorized access and data loss are not experienced at all. The high-level quality
care to the patients is only made possible if the existing healthcare management system has the
capability of providing the right information at the right time at the right place (Rezai-Rad,
Vaezi, & Nattagh, 2012). The key aspects of the information security are accessibility and
availability. The applicable information is required to be made available and accessible to the
user in the healthcare organization and across the organizational borders with lots of ease. Also,
it is important to protect the security of the patient from the unauthorized access as well as
maintaining the recommended level within the healthcare with regards to the information
security (Blobel, 2004).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2
Problem definition
There are a larger number of patients interacting with the nurses, pharmacists, and
doctors among other healthcare workers and through the interaction, the patient information
regarding medical status exchanged among the different users of the health care system. This,
therefore, calls for an appropriate and well-defined structure for storage, management, and
offering security to the information against threats (Appari & Johnson, 2010). Despite the
demand for higher security in the electronic health records, most healthcare providers in Kenya
are yet to implement frameworks for assessing the information security of the patients' data.
Through the ICT, the development has contributed positively to the health care system, but
threats to this electronic information keep increasing simultaneously. It is, therefore, important to
submit to the fact that efficient management of these information experiences many challenging
issues related to security threats (Mohan et al., 2009).
The assessment of Information Security Frameworks provides a functional comparison of
IT security controls and policies against respected industry frameworks (Rezai-Rad, Vaezi, &
Nattagh, 2012). In Kenya currently, there is no formal adopted framework for the protection of
personally identifiable data as it regards to health. However regulatory and compliance issues
have tried to enable controls on the security of individuals’ health information. Definitely, these
approaches are not sufficient, Kenyan health system should adopt established security
frameworks like ISO 27000, NIST SP 800-53, and HIPAA, etc. to manage information security
in Healthcare. But still, with the adoption of any of this frameworks, there will still exist great
concerns about the safety posture of Health information systems, or policy changes and new
technology investments to consider together with compliance and regulatory issues (Rezai-Rad,
Vaezi, & Nattagh, 2012). Even with a particular framework to adopt, it can be difficult to set and

3
adjust policy and security controls for specific health information needs, and to know where and
how each framework intersects (GOA/AIMD, 1999).
To address this issues and concerns, comprehensive dynamic Information security
assessment framework in health care requires being developed. In my view, no known study has
been conducted to develop an information security assessment framework in health care in
Kenya. This study, therefore, seeks to come up this framework for assessing the adequacy of
adopted information security frameworks.
Research questions
1. What are the issues in the information management of the investigated area
concerning information security?
2. Which information security assessment framework can be used to improve on the
information security?
The above questions are addressed via the quantitative and qualitative research
respectively. The answers to the two questions are obtained by first conducting the
literature survey followed by the interviews supplemented by the case study. Answers to
these questions are useful in finding the solutions as well as the guidelines for the
improvement of EHR information security (Jafari et al., 2010).
Research aims
To validate the developed framework in place in e-healthcare.

4
To establish parameters to measure quality of e-healthcare information
security.
To develop a framework for assessing quality of security information in e-
health sector.
Research methodology
Three research methodologies are commonly used including the quantitative, qualitative, and
mixed methodologies. In this research, the qualitative methodology will be used. The literature
study will be performed to gather data and other materials for the research area. The case study
will also be conducted together with interviews to gather relevant information concerning the
specified domain.
Proposed structure of the project
The Project structured will be as shown:
i. Chapter 1: Background. This chapter encompasses the general background to the
research topic. The main focus will be on exploration of the information security within
the healthcare provider organization as well as the existing frameworks for assessing
information security.
ii. Chapter 2: Problem definition/Objectives: The chapter will investigate the relevant issues
concerning the information security in the selected healthcare provider organizations.
Also, the research questions regarding the anticipated research aims and objectives are
deeply examined in this section.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5
iii. Chapter 3: The Research Methodology: Partly, the chapter will present a literature
review and the research methodologies. The research is carried out within the specific
domain of interest.
iv. Chapter 4. Theoretical Work. The healthcare ICT structure is captured in this section.
Also the information models are captured together with various techniques of the
information security for hospitals.
v. Chapter 5. The Empirical Work. The empirical study of the research is presented in this
chapter. The chapter highlights the questions that are designed before an interview is
conducted with the healthcare personnel. Specification of the selected interviewees as
well as case studies regarding the selected healthcare service providers will be presented.
vi. Chapter 6: Results. The results obtained from the interviewees and secondary data from
case studies are presented in this section.
vii. Chapter 7. Data Analysis and discussion
viii. Chapter 8 Recommendations/Epilogue. The recommendations of the study are captured
ix. Chapter 10: Conclusion and the future study.

6
References
Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare: current
state of research. International journal of Internet and enterprise management, 6(4), 279-
314.
Blobel, B. (2004). Authorisation and access control for electronic health record systems.
International journal of medical informatics, 73(3), 251-257.
Jafari, S., Mtenzi, F., Fitzpatrick, R., & O’Shea, B. (2010). Security metrics for e-Healthcare
information systems: A domain specific metrics approach. Intl. Journal of Digital Society
(IJDS), 1(4), 238-245.
Mohan, A., Bauer, D., Blough, D. M., Ahamad, M., Bamba, B., Krishnan, R., ... & Palanisamy,
B. (2009). A patient-centric, attribute-based, source-verifiable framework for health
record sharing.
Rezai-Rad, M., Vaezi, R., & Nattagh, F. (2012). E-health readiness assessment framework in
iran. Iranian journal of public health, 41(10), 43.
van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Inter-organizational future
proof EHR systems: a review of the security and privacy related issues. International
journal of medical informatics, 78(3), 141-160.