Examining the relationship between risk assessment and risk management in mental health

Risk assessment is crucial for developing risk management plans to prevent or minimize mental health patients' risks that will impede their recovery. Risk assessments and risk management plans should be closely linked. Their content and the extent to which they are linked within one Trust is explored. There is a great deal of variability in the amount and detail of risk information collected by nurses and how this is used to develop risk management plans. Keeping risk assessment information in one place rather than scattered throughout patient records is important for ensuring it can be accessed easily and linked properly to risk management plans. Strengthening the link between risk assessment and management will help ensure interventions and care is tailored to the specific needs of individual patients, thus promoting their safety and well-being. Thorough risk assessment helps in developing risk management plans that minimize risks that can impede mental health patients' recovery. Department of Health policy states that risk assessments and risk management plans should be inextricably linked. This paper examines their content and linkage within one Trust. Four inpatient wards for working age adults (18-65 years) in a large mental health Trust in England were included in the study. Completed risk assessment forms, for all patients in each inpatient ward were examined (n= 43), followed by an examination of notes for the same patients. Semi-structured interviews took place with ward nurses (n= 17). Findings show much variability in the amount and detail of risk information collected by nurses, which may be distributed in several places. Gaps in the risk assessment and risk management process are evident, and a disassociation between risk information and risk management plans is often present. Risk information should have a single location so that it can be easily found and updated. Overall, a more integrated approach to risk assessment and management is required, to help patients receive timely and appropriate interventions that can reduce risks such as suicide or harm to others. © 2011 Blackwell Publishing.

Synopsis of researcher meeting -- Bottlenose Dolphin Health & Risk Assessment Project, February 22-24, 2005

A meeting was convened on February 22-24, 2005 in Charleston, South Carolina to bring together researchers collaborating on the Bottlenose Dolphin Health and Risk Assessment (HERA) Project to review and discuss preliminary health-related findings from captured dolphins during 2003 and 2004 in the Indian River Lagoon (IRL), FL and Charleston (CHS), SC. Over 30 researchers with diverse research expertise representing government, academic and marine institutions participated in the 2-1/2 day meeting. The Bottlenose Dolphin HERA Project is a comprehensive, integrated, multi-disciplinary research program designed to assess environmental and anthropogenic stressors, as well as the health and long-term viability of Atlantic bottlenose dolphins (Tursiops truncatus). Standardized and comprehensive protocols are being used to evaluate dolphin health in the coastal ecosystems in the IRL and CHS. The Bottlenose Dolphin Health and Risk Assessment (HERA) Project was initiated in 2003 by Dr. Patricia Fair at the National Oceanic and Atmospheric Administration/National Ocean Service/Center for Coastal Environmental Health and Biomolecular Research and Dr. Gregory Bossart at the Harbor Branch Oceanographic Institution under NMFS Scientific Research Permit No. 998-1678-00 issued to Dr. Bossart. Towards this end, this study focuses on developing tools and techniques to better identify health threats to these dolphins, and to develop links to possible environmental stressors. Thus, the primary objective of the Dolphin HERA Project is to measure the overall health and as well as the potential health hazards for dolphin populations in the two sites by performing screening-level risk assessments using standardized methods. The screening-level assessment involves capture, sampling and release activities during which physical examinations are performed on dolphins and a suite of nonlethal morphologic and clinicopathologic parameters, to be used to develop indices of dolphin health, are collected. Thus far, standardized health assessments have been performed on 155 dolphins during capture-release studies conducted in Years 2003 and 2004 at the two sites. A major collaboration has been established involving numerous individuals and institutions, which provide the project with a broad assessment capability toward accomplishing the goals and objectives of this project.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

Privacy and trust management for electronic health records

Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.

A rights management approach to protection of privacy in a cloud of electronic health records

A patient-centric DRM approach is proposed for protecting privacy of health records stored in a cloud storage based on the patient's preferences and without the need to trust the service provider. Contrary to the current server-side access control solutions, this approach protects the privacy of records from the service provider, and also controls the usage of data after it is released to an authorized user.

Privacy oriented access control for electronic health records

Security and privacy in electronic health record systems have been hindering the growth of e-health systems since their emergence. The development of policies that satisfy the security and privacy requirements of different stakeholders in healthcare has proven to be difficult. But, these requirements have to be met if the systems developed are to succeed in achieving their intended goals. Access control is a fundamental security barrier for securing data in healthcare information systems. In this paper we present an access control model for electronic health records. We address patient privacy requirements, confidentiality of private information and the need for flexible access for health professionals for electronic health records. We carefully combine three existing access control models and present a novel access control model for EHRs which satisfies requirements of electronic health records.

Privacy oriented access control for electronic health records

Information privacy is a critical success/failure factor in information technology supported healthcare (eHealth). eHealth systems utilise electronic health records (EHR) as the main source of information, thus, implementing appropriate privacy preserving methods for EHRs is vital for the proliferation of eHealth. Whilst information privacy may be a fundamental requirement for eHealth consumers, healthcare professionals demand non-restricted access to patient information for improved healthcare delivery, thus, creating an environment where stakeholder requirements are contradictory. Therefore, there is a need to achieve an appropriate balance of requirements in order to build successful eHealth systems. Towards achieving this balance, a new genre of eHealth systems called Accountable-eHealth (AeH) systems has been proposed. In this paper, an access control model for EHRs is presented that can be utilised by AeH systems to create information usage policies that fulfil both stakeholders’ requirements. These policies are used to accomplish the aforementioned balance of requirements creating a satisfactory eHealth environment for all stakeholders. The access control model is validated using a Web based prototype as a proof of concept.

Body loadings and health risk assessment of polychlorinated dibenzo-p-dioxins and dibenzofurans at an intensive electronic waste recycling site in China

This study is one of the very few investigating the dioxin body burden of a group of child-bearing-aged women at an electronic waste (e-waste) recycling site (Taizhou, Zhejiang Province) (24 +/- 2.83 years of age, 40% were primiparae) and a reference site (Lin'an city, Zhejiang Province, about 245 km away from Taizhou) (24 +/- 2.35 years of age, 100% were primiparae) in China. Five sets of samples (each set consisted of human milk, placenta, and hair) were collected from each site. Body burdens of people from the e-waste processing site (human milk, 21.02 +/- 13.81 pg WHO-TEQ(1998/g) fat (World Health Organization toxic equivalency 1998); placenta, 31.15 +/- 15.67 pg WHO-TEQ(1998/g) fat; hair, 33.82 +/- 17.74 pg WHO-TEQ(1998/g) dry wt) showed significantly higher levels of polychlorinated dibenzo-p-dioxins and polychlorinated dibenzofurnas (PCDD/Fs) than those from the reference site (human milk, 9.35 +/- 7.39 pg WHO-TEQ(1998/g) fat, placenta, 11.91 +/- 7.05 pg WHO-TEQ(1998/g) fat; hair, 5.59 +/- 4.36 pg WHO-TEQ(1998/g) dry wt) and were comparatively higher than other studies. The difference between the two sites was due to e-waste recycling operations, for example, open burning, which led to high background levels. Moreover, mothers from the e-waste recycling site consumed more foods of animal origin. The estimated daily intake of PCDD/Fs within 6 months by breast-fed infants from the e-waste processing site was 2 times higher than that from the reference site. Both values exceeded the WHO tolerable daily intake for adults by at least 25 and 11 times, respectively. Our results implicated that e-waste recycling operations cause prominent PCDD/F levels in the environment and in humans. The elevated body burden may have health implications for the next generation.

Electronic health records for mobile citizens: a secure and collaborative architecture

Durante as ultimas décadas, os registos de saúde eletrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró ativo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam duvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos atores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os atores envolvidos nos cuidados de saúde. Baseia-se numa arquitetura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer proteção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso _e estabelecido por políticas definidas pelo paciente. Cartões de identificação eletrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitetura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitetura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, atualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.

Pervasive eHealth services a security and privacy risk awareness survey

The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy measures in connected health devices is described with recommendations to circumvent critical situations.

A secure framework and related protocols for ubiquitous access to electronic health records using Java sim cards

Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the point-ofcare could possibly lead to a fatality. The U.S. Institute of Medicine has reported that between 44,000 and 98,000 people die each year due to medical errors, such as incorrect medication dosages, due to poor legibility in manual records, or delays in consolidating needed information to discern the proper intervention. In this research we propose employing emergent technologies such as Java SIM Cards (JSC), Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHR). A partial EHR contained within a JSC can be used at the point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Health Records Centre (EHRC) when time and network availability permit. Moreover, this framework and related protocols enable patients to give their explicit consent to a doctor to access their personal medical data, by using their Smart Phone, when the doctor needs to see or update the patient’s medical information during an examination. Also our proposed solution would give the power to patients to modify the Access Control List (ACL) related to their EHRs and view their EHRs through their Smart Phone. Currently, very limited research has been done on using JSCs and similar technologies as a portable repository of EHRs or on the specific security issues that are likely to arise when JSCs are used with ubiquitous access to EHRs. Previous research is concerned with using Medicare cards, a kind of Smart Card, as a repository of medical information at the patient point-of-care. However, this imposes some limitations on the patient’s emergency medical care, including the inability to detect the patient’s location, to call and send information to an emergency room automatically, and to interact with the patient in order to get consent. The aim of our framework and related protocols is to overcome these limitations by taking advantage of the SIM card and the technologies mentioned above. Briefly, our framework and related protocols will offer the full benefits of accessing an up-to-date, precise, and comprehensive medical history of a patient, whilst its mobility will provide ubiquitous access to medical and patient information everywhere it is needed. The objective of our framework and related protocols is to automate interactions between patients, healthcare providers and insurance organisations, increase patient safety, improve quality of care, and reduce the costs.