Evidence-based practice : information professionals' experience of information literacy in the workplace

Evidence-based practice is increasingly being recognised as an important issue in a range of professional contexts including education, nursing, occupational therapy and librarianship. Many of these professions have observed a relationship or interface between evidence-based practice and information literacy. Using a phenomenographic approach this research explores variation in the how library and information professionals are experiencing evidence-based practice as part of their professional work. The findings of the research provide a basis for arguing that evidence-based practice represents the professional's enactment of information literacy in the workplace.

Factors contributing to successful public private partnership projects : comparing Hong Kong with Australia and the United Kingdom

Purpose: With the increasing interest in Public Private Partnership (PPP) there is a need to investigate the factors contributing to successful delivery of PPP projects. Design/methodology/approach: An empirical questionnaire survey was conducted in Hong Kong and Australia. The survey respondents were asked to rate eighteen factors which contribute to delivering successful PPP projects. Findings: The findings from this survey were further compared with the results achieved by a previous researcher (Li, 2003) in a similar survey conducted in the United Kingdom. The comparison showed that amongst the top five success factors ranked by Hong Kong respondents, three were also ranked highly by the Australians and British. These success factors included: ‘Commitment and responsibility of public and private sectors’; ‘Strong and good private consortium’; and ‘Appropriate risk allocation and risk sharing’. Originality/value: These success factors were therefore found to be important for contributing to successful PPP projects irrespective of geographical locations.

Life in the 'real world': a profile of Queensland University of Technology Library and Information Science graduates.

A graduate destination survey can provide a snap shot in time of a graduate’s career progression and outcome. This paper will present the results of a Queensland University of Technology study exploring the employment outcomes of students who had completed a library and information science course from the Faculty of Information Technology between 2000 and 2008. Seventy-four graduates completed an online questionnaire administered in July 2009. The study found that 90% of the graduates surveyed were working and living in Queensland, with over three quarters living and working in Brisbane. Nearly 70% were working full-time, while only 1.4% indicating that they were unemployed and looking for work. Over 80% of the graduates identified themselves as working in “librarianship”. This study is the first step in understanding the progression and destination of QUT’s library and information science graduates. It is recommended that this survey becomes an ongoing initiative so that the results can be analysed and compared over time.

ERP systems implementation and organizational culture : the case of Jordan

Jordan is adopting Enterprise Resource Planning (ERP) systems in both its public and private sectors. Jordan's emerging private sector has historically close ties to the public sector; though a global market orientation requires a shift in its organizational culture. ERPs however embed business processes which do not necessarily fit with traditional cultural practices, and implementation success is not assured. This study looks at the perceptions of both public and private sector ERP implementations in Jordan and assesses these on various measures of success. There were few differences between public and private sectors, but the benefits actually realized in Jordanian ERPs fell short of claims made for the technology in other cultures.

Access to public sector information : law, technology and policy

On the back of the growing capacity of networked digital information technologies to process and visualise large amounts of information in a timely, efficient and user-driven manner we have seen an increasing demand for better access to and re-use of public sector information (PSI). The story is not a new one. Share knowledge and together we can do great things; limit access and we reduce the potential for opportunity. The two volumes of this book seek to explain and analyse this global shift in the way we manage public sector information. In doing so they collect and present papers, reports and submissions on the topic by leading authors and institutions from across the world. These in turn provide people tasked with mapping out and implementing information policy with reference material and practical guidance. Volume 1 draws together papers on the topic by policymakers, academics and practitioners while Volume 2 presents a selection of the key reports and submissions that have been published over the last few years.

Specifying and enforcing a fine-grained information flow policy : model and experiments

In this paper we present a model for defining and enforcing a fine-grained information flow policy. We describe how the policy can be enforced on a typical computer and present experiments using the proposed model. A key feature of the model is that it allows the expression of rules which detail precisely which information elements are allowed to mix together. For example, the model allows the expression of a policy which forbids a doctor from mixing the personal medical details of the patients. The enforcement mechanisms tracks and records information flows within the system so that dynamic changes to the policy can be made with respect to information elements which may have propagated to different locations in the system.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Privacy and trust management for electronic health records

Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.

The mandatory notification of data breaches : issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.

The Conceptual Basis of Personal Information in Australian Privacy Law

Australian privacy law regulates how government agencies and private sector organisations collect, store and use personal information. A coherent conceptual basis of personal information is an integral requirement of information privacy law as it determines what information is regulated. A 2004 report conducted on behalf of the UK’s Information Commissioner (the 'Booth Report') concluded that there was no coherent definition of personal information currently in operation because different data protection authorities throughout the world conceived the concept of personal information in different ways. The authors adopt the models developed by the Booth Report to examine the conceptual basis of statutory definitions of personal information in Australian privacy laws. Research findings indicate that the definition of personal information is not construed uniformly in Australian privacy laws and that different definitions rely upon different classifications of personal information. A similar situation is evident in a review of relevant case law. Despite this, the authors conclude the article by asserting that a greater jurisprudential discourse is required based on a coherent conceptual framework to ensure the consistent development of Australian privacy law.

Information sharing in the 21st century : progress and challenges

With the increasing threat of cyber and other attacks on critical infrastructure, governments throughout the world have been organizing industry to share information on possible threats. In Australia the Office of the Attorney General has formed Trusted Information Sharing Networks (TISN) for the various critical industries such as banking and electricity. Currently the majority of information for a TISN is shared at physical meetings. To meet cyber threats there are clearly limitations to physical meetings. Many of these limitations can be overcome by the creation of a virtual information sharing network (VISN). However there are many challenges to overcome in the design of a VISN both from a policy and technical viewpoint. We shall discuss some of these challenges in this talk.

Limited information estimation and evaluation of DSGE models

We advance the proposition that dynamic stochastic general equilibrium (DSGE) models should not only be estimated and evaluated with full information methods. These require that the complete system of equations be specified properly. Some limited information analysis, which focuses upon specific equations, is therefore likely to be a useful complement to full system analysis. Two major problems occur when implementing limited information methods. These are the presence of forward-looking expectations in the system as well as unobservable non-stationary variables. We present methods for dealing with both of these difficulties, and illustrate the interaction between full and limited information methods using a well-known model.

Diagnostic and treatment pathways for men with prostate cancer in Queensland : investigating spatial and demographic inequalities

Background: Patterns of diagnosis and management for men diagnosed with prostate cancer in Queensland, Australia, have not yet been systematically documented and so assumptions of equity are untested. This longitudinal study investigates the association between prostate cancer diagnostic and treatment outcomes and key area-level characteristics and individual-level demographic, clinical and psychosocial factors.---------- Methods/Design: A total of 1064 men diagnosed with prostate cancer between February 2005 and July 2007 were recruited through hospital-based urology outpatient clinics and private practices in the centres of Brisbane, Townsville and Mackay (82% of those referred). Additional clinical and diagnostic information for all 6609 men diagnosed with prostate cancer in Queensland during the study period was obtained via the population-based Queensland Cancer Registry. Respondent data are collected using telephone and self-administered questionnaires at pre-treatment and at 2 months, 6 months, 12 months, 24 months, 36 months, 48 months and 60 months post-treatment. Assessments include demographics, medical history, patterns of care, disease and treatment characteristics together with outcomes associated with prostate cancer, as well as information about quality of life and psychological adjustment. Complementary detailed treatment information is abstracted from participants’ medical records held in hospitals and private treatment facilities and collated with health service utilisation data obtained from Medicare Australia. Information about the characteristics of geographical areas is being obtained from data custodians such as the Australian Bureau of Statistics. Geo-coding and spatial technology will be used to calculate road travel distances from patients’ residences to treatment centres. Analyses will be conducted using standard statistical methods along with multilevel regression models including individual and area-level components.---------- Conclusions: Information about the diagnostic and treatment patterns of men diagnosed with prostate cancer is crucial for rational planning and development of health delivery and supportive care services to ensure equitable access to health services, regardless of geographical location and individual characteristics. This study is a secondary outcome of the randomised controlled trial registered with the Australian New Zealand Clinical Trials Registry (ACTRN12607000233426)