Study design for technology assessment: critical issues.

The epidemiological methods have become useful tools for the assessment of the effectiveness and safety of health care technologies. The experimental methods, namely the randomized controlled trials (RCT), give the best evidence of the effect of a technology. However, the ethical issues and the very nature of the intervention under study sometimes make it difficult to carry out an RCT. Therefore, quasi-experimental and non-experimental study designs are also applied. The critical issues concerning these designs are discussed. The results of evaluative studies are of importance for decision-makers in health policy. The measurements of the impact of a medical technology should go beyond a statement of its effectiveness, because the essential outcome of an intervention or programme is the health status and quality of life of the individuals and populations concerned.

Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.

The TREAT-NMD Duchenne Muscular Dystrophy Registries: Conception, Design, and Utilization by Industry and Academia.

Duchenne muscular dystrophy (DMD) is an X-linked genetic disease, caused by the absence of the dystrophin protein. Although many novel therapies are under development for DMD, there is currently no cure and affected individuals are often confined to a wheelchair by their teens and die in their twenties/thirties. DMD is a rare disease (prevalence <5/10,000). Even the largest countries do not have enough affected patients to rigorously assess novel therapies, unravel genetic complexities, and determine patient outcomes. TREAT-NMD is a worldwide network for neuromuscular diseases that provides an infrastructure to support the delivery of promising new therapies for patients. The harmonized implementation of national and ultimately global patient registries has been central to the success of TREAT-NMD. For the DMD registries within TREAT-NMD, individual countries have chosen to collect patient information in the form of standardized patient registries to increase the overall patient population on which clinical outcomes and new technologies can be assessed. The registries comprise more than 13,500 patients from 31 different countries. Here, we describe how the TREAT-NMD national patient registries for DMD were established. We look at their continued growth and assess how successful they have been at fostering collaboration between academia, patient organizations, and industry.

Design and establishment of a biobank in a multicenter prospective cohort study of elderly patients with venous thromboembolism (SWITCO65+).

In the field of thrombosis and haemostasis, many preanalytical variables influence the results of coagulation assays and measures to limit potential results variations should be taken. To our knowledge, no paper describing the development and maintenance of a haemostasis biobank has been previously published. Our description of the biobank of the Swiss cohort of elderly patients with venous thromboembolism (SWITCO65+) is intended to facilitate the set-up of other biobanks in the field of thrombosis and haemostasis. SWITCO65+ is a multicentre cohort that prospectively enrolled consecutive patients aged ≥65 years with venous thromboembolism at nine Swiss hospitals from 09/2009 to 03/2012. Patients will be followed up until December 2013. The cohort includes a biobank with biological material from each participant taken at baseline and after 12 months of follow-up. Whole blood from all participants is assayed with a standard haematology panel, for which fresh samples are required. Two buffy coat vials, one PAXgene Blood RNA System tube and one EDTA-whole blood sample are also collected at baseline for RNA/DNA extraction. Blood samples are processed and vialed within 1 h of collection and transported in batches to a central laboratory where they are stored in ultra-low temperature archives. All analyses of the same type are performed in the same laboratory in batches. Using multiple core laboratories increased the speed of sample analyses and reduced storage time. After recruiting, processing and analyzing the blood of more than 1,000 patients, we determined that the adopted methods and technologies were fit-for-purpose and robust.

Le renforcement de la loi fédérale sur la protection des données : le cas de la protection de la vie privée dès la conception (privacy by design)

La protection des données est un élément essentiel d'un Etat de droit et une société démocratique, car elle accorde à chaque individu le droit de disposer de ce qui fait partie de sa sphère privée. Actuellement en Suisse, la loi fédérale sur la protection des données (LPD) est en vigueur depuis 1993. En 2010, l'Office fédéral de la justice a supervisé une évaluation de son efficacité : il en résulte que cette dernière a été prouvée, mais tendra à diminuer fortement dans les années à suivre. Pour causes principales : l'évolution des technologies, caractérisée notamment par le développement des moyens de traitement de données toujours plus variés et conséquents, et un manque d'informations des individus par rapport à la protection des données en générale et à leurs droits. Suite à l'évaluation, cinq objectifs de révision ont été formulés par le Conseil fédéral, dont celui d'intégrer la privacy by design ou « protection de la vie privée dès la conception » dans la loi. Ce concept, qui est également repris dans les travaux européens en cours, est développé à l'origine par l'Information and Privacy Commissionner de l'Ontario (Canada), Ann Cavoukian. Le principe général de la privacy by design est que la protection de la vie privée doit être incluse dans les systèmes traitant les données lors de leur conception. Souvent évoquée comme une solution idéale, répondant au problème de l'inadéquation de la loi par la logique de prévention qu'elle promeut, la privacy by design demeure toutefois un souhait dont l'application n'est que peu analysée. Ce travail cherche justement à répondre à la question de la manière de la mettre en oeuvre dans la législation suisse. Se basant sur les textes et la doctrine juridiques et une littérature dans les domaines de l'économie, l'informatique, la politique et la sociologie des données personnelles, il propose tout d'abord une revue générale des principes et définitions des concepts-clés de la protection des données en Suisse et dans le cadre international. Puis, il propose deux possibilités d'intégration de la privacy by design : la première est une solution privée non contraignante qui consiste à promouvoir le concept et faire en sorte que les responsables de traitement décident par eux-mêmes d'intégrer la privacy by design dans leurs projets ; ce procédé est possible grâce au renforcement du processus de certification déjà en cours. La deuxième option est une solution contraignante visant à intégrer le principe directement dans la loi et de prendre les mesures pour le rendre effectif ; ce travail montre que le développement de la figure du conseiller à la protection des données permet d'atteindre cet objectif. Enfin, des considérations générales sur l'application du principe sont abordées, telles que l'influence des développements en cours dans l'Union européenne sur la Suisse par rapport à la protection des données et la limite posée par le principe de territorialité.

Impacts des technologies de l'information sur les modes de coordination à travers quatre études en systèmes d'information

L'évolution de l'environnement économique, des chaînes de valeur et des modèles d'affaires des organisations augmentent l'importance de la coordination, qui peut être définie comme la gestion des interdépendances entre des tâches réalisées par des acteurs différents et concourants à un objectif commun. De nombreux moyens sont mis en oeuvre au sein des organisations pour gérer ces interdépendances. A cet égard, les activités de coordination bénéficient massivement de l'appui des technologies de l'information et de communication (TIC) qui sont désormais disséminées, intégrées et connectées sous de multiples formes tant dans l'environnement privé que professionnel. Dans ce travail, nous avons investigué la question de recherche suivante : comment l'ubiquité et l'interconnec- tivité des TIC modifient-elles les modes de coordination ? A travers quatre études en systèmes d'information conduites selon une méthodologie design science, nous avons traité cette question à deux niveaux : celui de l'alignement stratégique entre les affaires et les systèmes d'information, où la coordination porte sur les interdépendances entre les activités ; et celui de la réalisation des activités, où la coordination porte sur les interdépendances des interactions individuelles. Au niveau stratégique, nous observons que l'ubiquité et l'interconnectivité permettent de transposer des mécanismes de coordination d'un domaine à un autre. En facilitant différentes formes de coprésence et de visibilité, elles augmentent aussi la proximité dans les situations de coordination asynchrone ou distante. Au niveau des activités, les TIC présentent un très fort potentiel de participation et de proximité pour les acteurs. De telles technologies leur donnent la possibilité d'établir les responsabilités, d'améliorer leur compréhension commune et de prévoir le déroulement et l'intégration des tâches. La contribution principale qui émerge de ces quatre études est que les praticiens peuvent utiliser l'ubiquité et l'interconnectivité des TIC pour permettre aux individus de communi-quer et d'ajuster leurs actions pour définir, atteindre et redéfinir les objectifs du travail commun. -- The evolution of the economic environment and of the value chains and business models of organizations increases the importance of coordination, which can be defined as the management of interdependences between tasks carried out by different actors and con-tributing to a common goal. In organizations, a considerable number of means are put into action in order to manage such interdependencies. In this regard, information and communication technologies (ICT), whose various forms are nowadays disseminated, integrated and connected in both private and professional environments, offer important support to coordination activities. In this work, we have investigated the following research question: how do the ubiquity and the interconnectivity of ICT modify coordination mechanisms? Throughout four information systems studies conducted according to a design science methodology, we have looked into this question at two different levels: the one of strategic alignment between business and information systems strategy, where coordination is about interdependencies between activities; and the one of tasks, where coordination is about interdependencies between individual interactions. At the strategic level, we observe that ubiquity and interconnectivity allow for transposing coordination mechanisms from one field to another. By facilitating various forms of copresence and visibility, they also increase proximity in asynchronous or distant coordination situations. At the tasks level, ICTs offer the actors a very high potential for participation and proximity. Such technologies make it possible to establish accountability, improve common understanding and anticipate the unfolding and integration of tasks. The main contribution emerging from these four studies is that practitioners can use the ubiquity and interconnectivity of ICT in order to allow individuals to communicate and adjust their actions to define, reach and redefine the goals of common work.

Compliance management is becoming a major issue in IS design

This article aims at improving the information systems management support to Risk and Compliance Management process, i.e. the management of all compliance imperatives that impact an organization, including both legal and stra- tegically self-imposed imperatives. We propose a process to achieve such regula- tory compliance by aligning the Governance activities with the Risk Management ones, and we suggest Compliance should be considered as a requirement for the Risk Management platform. We will propose a framework to align law and IT compliance requirements and we will use it to underline possible directions of investigation resumed in our discussion section. This work is based on an exten- sive review of the existing literature and on the results of a four-month internship done within the IT compliance team of a major financial institution in Switzer- land, which has legal entities situated in different countries.