The role of human factors when evaluating information accountability for eHealth systems

The availability of health information is rapidly increasing; its expansion and proliferation is inevitable. At the same time, breeding of health information silos is an unstoppable and relentless exercise. Information security and privacy concerns are therefore major barriers in the eHealth socio-eco system. We proposed Information Accountability as a measurable human factor that should eliminate and mitigate security concerns. Information accountability measures would be practicable and feasible if legislative requirements are also embedded. In this context, information accountability constitutes a key component for the development of effective information technology requirements for health information system. Our conceptual approach to measuring human factors related to information accountability in eHealth is presented in this paper with some limitations.

Background to the development of a curriculum for the history of “cyber” and “communications” security

For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.

Assessing performance and capability in work placements

As universities worldwide begin to appreciate the value of authentic learning experiences, so they struggle with methods of assessing the outcomes from such experiences. This chapter describes the application of an assessment matrix developed by Queensland University of Technology (QUT) in Australia, to the assessment requirements and practices relating to work integrated learning at the University of Surrey in the UK. Despite the very different institutional contexts and independent way in which the assessment regimes have developed, it was found that the values and outcomes being assessed and the methods used to assess them were similar. The most important feature of assessing work integrated learning experiences is fitness for purpose; hence the learning objectives and assessment of outcomes for a WIL experience must be explicitly aligned to this objective.

Evidence based healthcare planning in developing countries : an informatics perspective

Most of the national Health Information Systems (HIS) in resource limited developing countries do not serve the purpose of management support and thus the service is adversely affected. While emphasising the importance of timely and accurate health information in decision making in healthcare planning, this paper explains that Health Management Information System Failure is commonly seen in developing countries as well as the developed countries. It is suggested that the possibility of applying principles of Health Informatics and the technology of Decision Support Systems should be seriously considered to improve the situation. A brief scientific explanation of the evolution of these two disciplines is included.

Synchronised integrated online e-health profiles

Web-based social networking applications have become increasingly important in recent years. The current applications in the healthcare sphere can support the health management, but to date there is no patient-controlled integrator. This paper proposes a platform called Multiple Profile Manager (MPM) that enables a user to create and manage an integrated profile that can be shared across numerous social network sites. Moreover, it is able to facilitate the collection of personal healthcare data, which makes a contribution to the development of public health informatics. Here we want to illustrate how patients and physicians can be benefited from enabling the platform for online social network sites. The MPM simplifies the management of patients' profiles and allows health professionals to obtain a more complete picture of the patients' background so that they can provide better health care. To do so, we demonstrate a prototype of the platform and describe its protocol specification, which is an XMPP (Extensible Messaging and Presence Protocol) [1] extension, for sharing and synchronising profile data (vCard²) between different social networks.

How to Improve Cardiac Surgery Decision Making? In Data Warehousing Perspective

The health system is one sector dealing with very large amount of complex data. Many healthcare organisations struggle to utilise these volumes of health data effectively and efficiently. Therefore, there is a need for very effective system to capture, collate and distribute this health data. There are number of technologies have been identified to integrate data from different sources. Data warehousing is one technology can be used to manage clinical data in the healthcare. This paper addresses how data warehousing assist to improve cardiac surgery decision making. This research used the cardiac surgery unit at the Prince Charles Hospital (TPCH) as the case study. In order to deal with other units efficiently, it is important to integrate disparate data to a single point interrogation. We propose implementing a data warehouse for the cardiac surgery unit at TPCH. The data warehouse prototype developed using SAS enterprise data integration studio 4.2 and data was analysed using SAS enterprise edition 4.3. This improves access to integrated clinical and financial data with, improved framing of data to the clinical context, giving potentially better informed decision making for both improved management and patient care.

Identifying the triggers for management services in business transformation management

Business transformations are complex organisational change endeavours that result in a business performing current work differently, or performing different work. Information Technology (IT) is a key enabler of such initiatives, but comes with its challenges, as revamping the IT infrastructure in large-scale organisations implies high complexity, high risk, and often high failure rates. We view business transformations as a collection of management services that are demanded and enacted at a program level, defined as abstract resources that provide the managerial capabilities necessary for business transformations. In this research-in-progress, we explore what triggers the need for management services in response to the challenges in business transformation management. We analyse data from two exploratory case studies using the critical incident technique as our qualitative analysis method. Early findings indicate that management service triggers reside on either the strategic level, which may be internally or externally driven, or at the program management level, which may be situational, influential or reactional. We detail implications for our on-going research.

Future Information Communication Technology and Applications : ICFICE 2013

Focuses on the various aspects of advances in future information communication technology and its applications Presents the latest issues and progress in the area of future information communication technology Applicable to both researchers and professionals These proceedings are based on the 2013 International Conference on Future Information & Communication Engineering (ICFICE 2013), which will be held at Shenyang in China from June 24-26, 2013. The conference is open to all over the world, and participation from Asia-Pacific region is particularly encouraged. The focus of this conference is on all technical aspects of electronics, information, and communications ICFICE-13 will provide an opportunity for academic and industry professionals to discuss the latest issues and progress in the area of FICE. In addition, the conference will publish high quality papers which are closely related to the various theories and practical applications in FICE. Furthermore, we expect that the conference and its publications will be a trigger for further related research and technology improvements in this important subject. "This work was supported by the NIPA (National IT Industry Promotion Agency) of Korea Grant funded by the Korean Government (Ministry of Science, ICT & Future Planning)."

Designing the information architecture of governmental one-stop portals : on the application and analysis of card sorting

The latest paradigm shift in government, termed Transformational Government, puts the citizen in the centre of attention. Including citizens in the design of online one-stop portals can help governmental organisations to become more customer focussed. This study describes the initial efforts of an Australian state government to develop an information architecture to structure the content of their future one-stop portal. Hereby, card sorting exercises have been conducted and analysed, utilising contemporary approaches found in academic and non-scientific literature. This paper describes the findings of the card sorting exercises in this particular case and discusses the suitability of the applied approaches in general. These are distinguished into non-statistical, statistical, and hybrid approaches. Thus, on the one hand, this paper contributes to academia by describing the application of different card sorting approaches and discussing their strengths and weaknesses. On the other hand, this paper contributes to practice by explaining the approach that has been taken by the authors’ research partner in order to develop a customer-focussed governmental one-stop portal. Thus, they provide decision support for practitioners with regard to different analysis methods that can be used to complement recent approaches in Transformational Government.

An evaluation framework for cross-lingual link discovery

Cross-Lingual Link Discovery (CLLD) is a new problem in Information Retrieval. The aim is to automatically identify meaningful and relevant hypertext links between documents in different languages. This is particularly helpful in knowledge discovery if a multi-lingual knowledge base is sparse in one language or another, or the topical coverage in each language is different; such is the case with Wikipedia. Techniques for identifying new and topically relevant cross-lingual links are a current topic of interest at NTCIR where the CrossLink task has been running since the 2011 NTCIR-9. This paper presents the evaluation framework for benchmarking algorithms for cross-lingual link discovery evaluated in the context of NTCIR-9. This framework includes topics, document collections, assessments, metrics, and a toolkit for pooling, assessment, and evaluation. The assessments are further divided into two separate sets: manual assessments performed by human assessors; and automatic assessments based on links extracted from Wikipedia itself. Using this framework we show that manual assessment is more robust than automatic assessment in the context of cross-lingual link discovery.

Security and privacy in eHealth : is it possible? A sociotechnical analysis

Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients’ health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.

Secured e-health data retrieval in DaaS and Big Data

Big Data is a rising IT trend similar to cloud computing, social networking or ubiquitous computing. Big Data can offer beneficial scenarios in the e-health arena. However, one of the scenarios can be that Big Data needs to be kept secured for a long period of time in order to gain its benefits such as finding cures for infectious diseases and protecting patient privacy. From this connection, it is beneficial to analyse Big Data to make meaningful information while the data is stored securely. Therefore, the analysis of various database encryption techniques is essential. In this study, we simulated 3 types of technical environments, namely, Plain-text, Microsoft Built-in Encryption, and custom Advanced Encryption Standard, using Bucket Index in Data-as-a-Service. The results showed that custom AES-DaaS has a faster range query response time than MS built-in encryption. Furthermore, while carrying out the scalability test, we acknowledged that there are performance thresholds depending on physical IT resources. Therefore, for the purpose of efficient Big Data management in eHealth it is noteworthy to examine their scalability limits as well even if it is under a cloud computing environment. In addition, when designing an e-health database, both patient privacy and system performance needs to be dealt as top priorities.

Principles of information accountability : an eHealth perspective

Information accountability is seen as a mode of usage control on the Web. Due to its many dimensions, information accountability has been expressed in various ways by computer scientists to address security and privacy in recent times. Information accountability is focused on how users participate in a system and the underlying policies that govern the participation. Healthcare is a domain in which the principles of information accountability can be utilised well. Modern health information systems are Internet based and the discipline is called eHealth. In this paper, we identify and discuss the goals of accountability systems and present the principles of information accountability. We characterise those principles in eHealth and discuss them contextually. We identify the current impediments to eHealth in terms of information privacy issues of eHealth consumers together with information usage requirements of healthcare providers and show how information accountability can be used in a healthcare context to address these needs. The challenges of implementing information accountability in eHealth are also discussed in terms of our efforts thus far.

Formalising human recognition : a fundamental building block for security proofs

A fundamental part of many authentication protocols which authenticate a party to a human involves the human recognizing or otherwise processing a message received from the party. Examples include typical implementations of Verified by Visa in which a message, previously stored by the human at a bank, is sent by the bank to the human to authenticate the bank to the human; or the expectation that humans will recognize or verify an extended validation certificate in a HTTPS context. This paper presents general definitions and building blocks for the modelling and analysis of human recognition in authentication protocols, allowing the creation of proofs for protocols which include humans. We cover both generalized trawling and human-specific targeted attacks. As examples of the range of uses of our construction, we use the model presented in this paper to prove the security of a mutual authentication login protocol and a human-assisted device pairing protocol.

Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.