Masters Project Supervisor essay




Project Title

InformationSecurity Approach for e-Health Systems: Case Study of SharedElectronic Health Record (EHR) System in England

Tableof Contents

Project Title 1

Project Area 2

Introduction 2

Research Questions 2

Target Audience 2

Aims, Objectives and Methodology 3

Background to the research 3

Goals and Objectives of the Research 3

Problem Solved 3

Success Criteria of the Project 5

Methodology 5

Research Method 5

Data Collection 5

Data Analysis and presentation 6

Activities to be accomplished 6

Expected Results 6

Methods and Timing of Monitoring 6

How this Project Relates to the Core Units of Information Technology Programme 8

Reference List 9

Project Area Introduction

Theshared Electronic Health Records (EHR) form important components ofe-Health applications. To successfully implement shared healthrecords, high level of information security is necessary. This isachieved through enforcement of complicated and strict rules andprocedures. Therefore, there is need to formulate an informationsecurity approach for EHR systems. This project will review thedifferent terms associated with shared electronic records, as well asthe delineated related terms of information security approach. Theresearch is expected to make contribution to the understanding ofinformation security approach as a critical factor of EHR systems.England’s NationalProgramme for IT (NPfIT) will be used as a case.

Research Questions

Thisresearch will be based on two research questions as shown below:

  1. What is the EHR information security approach?

  2. How can information security approach be established?

Target Audience

Targetedaudience include the information technology and information securityunits, developers and chiefs of the information security proceduresand policies within the healthcare systems in England. This isbecause they are directly involved with information systems andsecurity of shared health records, and this information will be veryinformative.

Aims, Objectives andMethodology Backgroundto the research

Initially,computers were used for financial and administrative purposes inhealthcare. The main focus was on input of clinical data in order toreduce medical errors and enhance decision making. The increasedpressure to improve productivity in healthcare compelled medicalprofessionals seek reliable systems that allow a more intuitiveaccess to patients’ information. This required collection ofpatients’ information using electronic files (Carter1998, p. 596).

Electronicrecord keeping system enhances accessibility to patient-specificinformation to enhance provision of quality healthcare (Cimino,Patel and Kushniruk 2002, p. 113).The implications of Internet extend beyond connecting distributedhealthcare records to helping medical experts link with each otherremotely. Currently, the biomedical data distribution throughinternet is increasingly becoming a commonplace. Internet provides anefficient infrastructure for communicating healthcare information onboth local and global scale (Burkeand Jarratt 2004, p.126).This creates the need for the data communications to be poisedagainst risks to privacy, service interruption and data corruption.The successful implementation of the healthcare records that areshared must meet minimum privacy and security levels, as well asaddress other important legal issues (Brennan2005, p. 34).

Goals and Objectives of the Research

Thisproject aims at investigating the influence of different determinantsnecessary for establishing an information security approach for theEHR systems.

  1. To characterise different principles that should be considered when implementing information security approach for EHR systems.

  2. To study the data access rights in healthcare organizations

  3. To investigate possible approaches of developing information security approach required to attain security levels acceptable to different users

  4. To determine confidentiality and privacy requirements and concerns for EHR user groups, as well as determine the extent to which the designs, vision and needs have been contained.

  5. To suggest the main elements for establishing an implementation framework that guides the implementation of EHR systems having the desired functionality and security for EHR systems.

Problem Solved

SharedEHRs are allocated and accessed in different places by distinctiveusers (Schabetsberger,Gross and Haux 2006, p. 209).The development of EHR systems is still in the infant stages, whileshared records is amongst the newest form of the EHR. Nevertheless,accessibility and accuracy remains an important component sinceshared healthcare records require high-level privacy andconfidentiality of the patients. As a result, privacy andconfidentiality are important requirements in order to achieve asatisfactory security level of the patients’ data (Hayrinen,Saranto and Nykanen 2008, p. 291).The access to electronic health records should be controlled. Theprocess used in accessing information must be able to identify thevarious users and determine whether they are allowed to access thepatient’s data, and the types of records that they can access atany one time (Gert2002, p. 23).

Theconcept related to information security revolves around issues liketrust and privacy. Furthermore, it can be perceived from differentdimensions and disciplines such as technical, organizational,political, ethical and legal. It entails several elements likeutility, authenticity, access control, availability, integrity andconfidentiality. As such, security dimensions need to be determinedin so as to enhance the design of an effective information securityapproach for the systems with electronic health records. Limits forthe current information systems should be surpassed and a scheme thathelps new services and technologies should be chosen in order to meetthe needs of the patients, as well as promote efficiency and qualityservices in healthcare (Eysenbach2000, p. 1713).

Implementationof a system with shared health records requires an acceptable levelof security which is invariably achieved by enforcing and applyingstringent, and often rather complicated procedures and rules incontact process, which confuse the users (Fraser2005, p. 83).Additionally, increasingly advanced use of communications andinformation technologies is perpetually raising concerns pertainingpatients’ privacy. Therefore, the current task is to effect sharedEHR that is secure and simple to use (Coieraand Clarke 2004, p. 129).

Thisresearch will attempt to investigate the use and perception of theEHR systems in order to establish the determining factors onestablishment of information security approach for shared electronicrecords.

Success Criteria of the Project



Project title and objectives

Clear research question, objectives related to the research question

Literature review

Relevant and contributes to the topic Literature classified in different sections Differences and commonalities of literature identified.

Literature Write-up

All arguments presented in a detailed manner All outside sources cited using Harvard referencing style

Data Collection

Data collected from existing secondary sources

Data Analysis

Data sorted, compiled and analysed differences and commonalities identified Gaps in existing process identified

Draw ‘as is’ Process Plan

Describing the current status of existing information security

Draw ‘to be’ Process Plan

Identify all gaps in existing system and recommend new measures Operational risks dealt with

Write-up Dissertation

Dissertation complete

MethodologyResearch Method

Thisresearch will adopt a case study approach in order to develop anin-depth view of analyses and human actions that surround theadvancement and application of information systems. This will play amajor role in typifying the experiences of organizations in terms ofradical organizational changes. Markus (1983) argues that a casestudy approach should involve use of documentary evidence aboutorganizations and systems. This entails use of design documents,organizational charts, corporate annual reports and any otherinternal correspondence about systems. The case study method appliedin this research is qualitative in nature.

Data Collection

Datawill be collected from the literature and analysed accordingly. Thisresearch will use the secondary data collection methods only.Secondary data will be collected through literature review ofjournals, books, newspapers and internet. The researcher willconcentrate on documents from organizations such as NHS, Departmentof Health, CfH, and International Organization for Standardizationand Ministry of Justice amongst others. Also, documents oninformation security strategies and policies for three hospitals willbe reviewed.

Data Analysis and presentation

Datacollected will be analysed to determine the thematic patterns relatedto the study topic. The analysed data will be presented in tables,graphs and described in report format.

Activities to be accomplished

Themain activities to be accomplished during the current study includespreparation of the literature materials, conducting of the research,data analysis and report development.

Expected Results

Thisresearch expects to identify gaps in information systems in e-health.The researcher aims at developing a definition and understanding ofinformation security approach necessary for EHR system and anunderstanding of information security approach within the EHR systemin England. Also, the research will identify aspects that influencedevelopment of information security framework for EHR system.

Methods and Timing of Monitoring

Theproject will take place from 16thMay, 2016 to 29thAugust, 2017 (15 weeks). The monitoring will be done against thetimelines set, making sure that the supervisor is consultedthroughout the whole process to ensure that the researcher remains ontrack by offering continued guidance. Below table shows the projectexecution timelines.





2 Weeks

  1. Presentation of the Proposal

  1. Correction

  1. Approval of the proposal


4 Weeks

  1. Site visit

  1. Questionnaire design and Pilot Study

  1. Administration of Questionnaires

  1. Data collection



  1. Data Analysis

  1. Data Compilation

  1. Presentation of the draft Report

  1. Corrections

  1. Presentation of the final report



How this Project Relates to the Core Units of Information Technology Programme

I am undertaking a program in Information technology. This is a programme that is aimed at helping the IT professionals extend and update their technical expertise of advanced computing knowledge to IT specialization. The programme provides an excellent opportunity to retrain professionals who want to venture into certain areas of IT. Among the major areas the programme include human-computer interaction, networking, artificial intelligence and information security amongst others.

This project is majorly on information security, which is a core area of the programme that I am undertaking. As such, it will be of critical importance to have solid background in information security systems taught in class. The researcher will be required to incorporate all the skills in information security alongside research skills to come up with a project that is not only supposed to be done as one of the curriculum requirements but will see a turnaround in information security systems. This is because the measures proposed to manage the operational risks of information systems in healthcare should be reached after a thorough research.

Therefore, in my own opinion, I believe that this project relies so much on the core units of the information technology programme and that the results of the projects will be critical in contributing to the same area, especially as regards to information security of organization

Reference List

Brennan,S. (2005). TheNHS IT Project: The biggest computer programme in theworldever,Radcliff Publishing Ltd, Oxon, UK

Burke,G. and Jarratt, D. (2004). The influence of information and advice oncompetitive approach definition in small-and medium-sizedenterprises. AnInternationalJournal of Qualitative Market Research,2 (2), pp. 126-138.

Carter,M. (1998). Should patients have access to their medical records?Paradoxically, access to one`s own medical records is the bestsafeguard to privacy. TheMedical Journal of Australia,169, pp. 596-597.

Cimino,J. Patel, V. and Kushniruk, A. (2002). The patient clinicalinformation system (PatCIS): technical solutions for and experiencewith giving patients access to their electronic medical records.InternationalJournal of MedicalInformatics,68, pp. 113-127.

Coiera,E. and Clarke, R. (2004). E-Consent: the design and implementation ofconsumer consent mechanisms in an electronic environment. JournalofAmericanMedical Informatics Association,11, pp. 129-140

EysenbachG. (2000). Consumer health informatics. BritishMedical Journal,320, 24, pp. 1713-1716.

Fraser,H. (2005). Implementing electronic medical record systems indeveloping countries. Journalof Informatics in Primary Care,13, pp. 83–95

Fraser,H. (2005). Implementing electronic medical record systems indeveloping countries. Journalof Informatics in Primary Care,13, pp. 83–95.

Gert,H. (2002). Avoiding surprises: a model for informing patients.HastingsCentreReport,32, pp. 23–32.

Hayrinen,K. Saranto, K. and Nykanen, P. (2008). Definition, structure,content, use and impact of electronic health records: A review of theresearch literature. InternationalJournal of Medical Informatics,77, pp. 291-304.

Markus,M. L. (1983. Power, Politics, and MIS Implementation. Communicationsofthe ACM Journal,26 (6), pp. 430-444.

Schabetsberger,T. Gross, E. and Haux, R. (2006). Based Transmission of DischargeSummaries to Electronic Communication in Health Care Regions.InternationalJournalof Medical Informatics, 75,pp. 209-215