|
51
|
Alhuwail D, Al-Jafar E, Abdulsalam Y, AlDuaij S. Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl Clin Inform 2021; 12:924-932. [PMID: 34587638 DOI: 10.1055/s-0041-1735527] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/20/2022] Open
Abstract
OBJECTIVES This study investigated information security behaviors of professionals working in the public health sector to guide policymakers toward focusing their investments in infrastructure and training on the most vulnerable segments. We sought to answer the following questions: (1) Are certain professional demographics more vulnerable to cybersecurity threats? (2) Do professionals in different institution types (i.e., hospitals vs. primary care clinics) exhibit different cybersecurity behaviors? (3) Can Internet usage behaviors by professionals be indicative of their cybersecurity awareness and the risk they introduce? METHODS A cross-sectional, anonymous, paper-based survey was distributed among professionals working in public health care organizations in Kuwait. Data were collected about each professional's role, experience, work environment, cybersecurity practices, and understanding to calculate a cybersecurity score which indicates their level of compliance to good cybersecurity practices. We also asked about respondents' internet usage and used K-means cluster analysis to segment respondents into three groups based on their internet activities at work. Ordinary least squares regression assessed the association between the collected independent variables in question on the overall cybersecurity behavior. RESULTS A total of 453/700 (64%) were responded to the survey. The results indicated that professionals with more work experience demonstrated higher compliance with good cybersecurity practices. Interestingly, nurses demonstrate higher cybersecurity aptitude relative to physicians. Professionals that were less inclined to use the internet for personal use during their work demonstrated higher cybersecurity aptitude. CONCLUSION Our findings provide some guidance regarding how to target health care professional training to mitigate cybersecurity risks. There is a need for ensuring that physicians receive adequate cybersecurity training, despite the opportunity costs and other issues competing for their attention. Additionally, classifying professionals based on their internet browsing patterns may identify individuals vulnerable to cybersecurity incidents better than more discrete indicators such as age or gender.
Collapse
Affiliation(s)
- Dari Alhuwail
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait.,Health Informatics Unit, Dasman Diabetes Institute, Kuwait City, Kuwait
| | - Eiman Al-Jafar
- Health Informatics and Information Management, Faculty of Allied Health Sciences, Kuwait University, Kuwait City, Kuwait
| | - Yousef Abdulsalam
- Quantitative Methods and Information Systems, College of Business Administration, Kuwait University, Kuwait City, Kuwait
| | - Shaikha AlDuaij
- Information Science, College of Life Sciences, Kuwait University, Kuwait City, Kuwait
| |
Collapse
|
|
52
|
Willing M, Dresen C, Gerlitz E, Haering M, Smith M, Binnewies C, Guess T, Haverkamp U, Schinzel S. Behavioral responses to a cyber attack in a hospital environment. Sci Rep 2021; 11:19352. [PMID: 34588503 PMCID: PMC8481235 DOI: 10.1038/s41598-021-98576-7] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/07/2021] [Accepted: 09/03/2021] [Indexed: 11/09/2022] Open
Abstract
Technical and organizational steps are necessary to mitigate cyber threats and reduce risks. Human behavior is the last line of defense for many hospitals and is considered as equally important as technical security. Medical staff must be properly trained to perform such procedures. This paper presents the first qualitative, interdisciplinary research on how members of an intermediate care unit react to a cyberattack against their patient monitoring equipment. We conducted a simulation in a hospital training environment with 20 intensive care nurses. By the end of the experiment, 12 of the 20 participants realized the monitors' incorrect behavior. We present a qualitative behavior analysis of high performing participants (HPP) and low performing participants (LPP). The HPP showed fewer signs of stress, were easier on their colleagues, and used analog systems more often than the LPP. With 40% of our participants not recognizing the attack, we see room for improvements through the use of proper tools and provision of adequate training to prepare staff for potential attacks in the future.
Collapse
Affiliation(s)
| | | | - Eva Gerlitz
- Fraunhofer Institute for Communication, Information Processing and Ergonomics, Wachtberg, Germany
| | | | - Matthew Smith
- University of Bonn, Bonn, Germany
- Fraunhofer Institute for Communication, Information Processing and Ergonomics, Wachtberg, Germany
| | | | - Tim Guess
- University Hospital Münster, Muenster, Germany
| | | | | |
Collapse
|
|
53
|
Al-Dhaen F, Hou J, Rana NP, Weerakkody V. Advancing the Understanding of the Role of Responsible AI in the Continued Use of IoMT in Healthcare. INFORMATION SYSTEMS FRONTIERS : A JOURNAL OF RESEARCH AND INNOVATION 2021; 25:1-20. [PMID: 34493926 PMCID: PMC8412855 DOI: 10.1007/s10796-021-10193-x] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Accepted: 08/24/2021] [Indexed: 05/31/2023]
Abstract
This paper examines the continuous intention by healthcare professionals to use the Internet of Medical Things (IoMT) in combination with responsible artificial intelligence (AI). Using the theory of Diffusion of Innovation (DOI), a model was developed to determine the continuous intention to use IoMT taking into account the risks and complexity involved in using AI. Data was gathered from 276 healthcare professionals through a survey questionnaire across hospitals in Bahrain. Empirical outcomes reveal nine significant relationships amongst the constructs. The findings show that despite contradictions associated with AI, continuous intention to use behaviour can be predicted during the diffusion of IoMT. This study advances the understanding of the role of responsible AI in the continued use of IoMT in healthcare and extends DOI to address the diffusion of two innovations concurrently.
Collapse
Affiliation(s)
- Fatema Al-Dhaen
- School of Management, University of Bradford, Richmond Road, Bradford, BD7 1DP UK
| | - Jiachen Hou
- School of Management, University of Bradford, Richmond Road, Bradford, BD7 1DP UK
| | - Nripendra P. Rana
- College of Business and Economics, Qatar University, P.O. Box 2713, Doha, Qatar
| | - Vishanth Weerakkody
- Faculty of Management, Law and Social Sciences, University of Bradford, Richmond Road, Bradford, BD7 1DP UK
| |
Collapse
|
|
54
|
Stakeholder perspectives and requirements on cybersecurity in Europe. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2021.102916] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/18/2022]
|
|
55
|
Design of an Architecture Contributing to the Protection and Privacy of the Data Associated with the Electronic Health Record. INFORMATION 2021. [DOI: 10.3390/info12080313] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
The Electronic Health Record (EHR) has brought numerous challenges since its inception that have prevented a unified implementation from being carried out in Colombia. Within these challenges, we find a lack of security, auditability, and interoperability. Moreover, there is no general vision of the patient’s history throughout its life since different systems store the information separately. This lack of unified history leads to multiple risks for patients’ lives and the leakage of private data because each system has different mechanisms to safeguard and protect the information, and in several cases, these mechanisms do not exist. Many researchers tried to build multiple information systems attempting to solve this problem. However, these systems do not have a formal and rigorous architectural design to analyze and obtain health needs through architectural drivers to construct robust systems to solve these problems. This article describes the process of designing a software architecture that provides security to the information that makes up the Electronic Health Record in Colombia (EHR). Once we obtained the architectural drivers, we proposed Blockchain mainly due to its immutable distributed ledger, consensus algorithms, and smart contracts that securely transport this sensitive information. With this design decision, we carried out the construction of structures and necessary architectural documentation. We also develop a Proof of Concept (POC) using Hyperledger Fabric according to the literature analysis review in order to build a primary health network, in addition to a Smart Contract (Chaincode) using the Go programming language to perform a performance evaluation and do a safety analysis that demonstrates that the proposed design is reliable. The proposed design allows us to conclude that it is possible to build a secure architecture that protects patient health data privacy, facilitating the EHR’s construction in Colombia.
Collapse
|
|
56
|
Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, Bonacina S. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. SENSORS 2021; 21:s21155119. [PMID: 34372354 PMCID: PMC8348467 DOI: 10.3390/s21155119] [Citation(s) in RCA: 26] [Impact Index Per Article: 8.7] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/29/2021] [Revised: 07/15/2021] [Accepted: 07/16/2021] [Indexed: 01/05/2023]
Abstract
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.
Collapse
Affiliation(s)
- Sokratis Nifakos
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
- Correspondence: ; Tel.: +46-73-7121-475
| | - Krishna Chandramouli
- School of Electronic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK;
| | | | - Panagiotis Papachristou
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Sabine Koch
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Emmanouil Panaousis
- School of Computing and Mathematical Sciences, University of Greenwich, London SE10 9LS, UK;
| | - Stefano Bonacina
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| |
Collapse
|
|
57
|
Telemedicine as a Therapeutic Option in Sports Medicine: Results of a Nationwide Cross-Sectional Study among Physicians and Patients in Germany. INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH 2021; 18:ijerph18137110. [PMID: 34281045 PMCID: PMC8297228 DOI: 10.3390/ijerph18137110] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/17/2021] [Revised: 06/30/2021] [Accepted: 07/01/2021] [Indexed: 12/05/2022]
Abstract
Background: Worldwide, the number of treatments in the field of sports medicine is increasing. However, the COVID-19 pandemic has changed everyday life. Many consultations had to be cancelled, postponed, or converted to a virtual format. Telemedicine in sports medicine could support physicians. This study analyzes the use and perception of telemedicine applications among physicians and patients in the field of sports medicine in Germany. Methods: This prospective cross-sectional study was based on a survey of sports medicine physicians and patients in Germany during the COVID-19 pandemic. Descriptive statistics were calculated. Results: We analyzed the responses of 729 patients and 702 sports medicine physicians. Most believed that telemedicine is useful. Both physicians and patients rated their knowledge of telemedicine as unsatisfactory. The majority of respondents said they do not currently use telemedicine but would like to do so. Patients and physicians reported that their attitude had changed positively towards telemedicine and that their usage had increased due to COVID-19. The majority in both groups agreed on implementing virtual visits in stable disease conditions. Telemedicine was considered helpful for follow-up monitoring and prevention by both groups. Conclusion: Telemedicine in sports medicine has seen limited use but is highly accepted among physicians and patients alike. The absence of a structured framework is an obstacle to effective implementation. Training courses should be introduced to improve the limited knowledge regarding the use of telemedicine. More research in telemedicine in sports medicine is needed. This includes large-scale randomized controlled trials, economic analyses and explorations of user preferences.
Collapse
|
|
58
|
Pollini A, Callari TC, Tedeschi A, Ruscio D, Save L, Chiarugi F, Guerri D. Leveraging human factors in cybersecurity: an integrated methodological approach. COGNITION, TECHNOLOGY & WORK (ONLINE) 2021; 24:371-390. [PMID: 34149309 PMCID: PMC8195225 DOI: 10.1007/s10111-021-00683-y] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/06/2021] [Accepted: 05/24/2021] [Indexed: 06/12/2023]
Abstract
Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users' cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top-down and bottom-up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations' management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.
Collapse
Affiliation(s)
- Alessandro Pollini
- BSD Design, Via Lazzaretto, 19, 20124 Milano, IT Italy
- Deep Blue Srl, Via Manin, 53, 00185 Rome, IT Italy
| | - Tiziana C. Callari
- Socio-Technical Centre, Leeds University Business School, University of Leeds, Maurice Keyworth Building, Leeds, LS2 9JT UK
| | | | | | - Luca Save
- Deep Blue Srl, Via Manin, 53, 00185 Rome, IT Italy
| | | | - Davide Guerri
- Dedalus, Via di Collodi, 6, 50141 Florence, IT Italy
| |
Collapse
|
|
59
|
Sari PK, Prasetio A, Candiwan, Handayani PW, Hidayanto AN, Syauqina S, Astuti EF, Tallei FP. Information security cultural differences among health care facilities in Indonesia. Heliyon 2021; 7:e07248. [PMID: 34179533 PMCID: PMC8214091 DOI: 10.1016/j.heliyon.2021.e07248] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/24/2020] [Revised: 11/17/2020] [Accepted: 06/03/2021] [Indexed: 11/16/2022] Open
Abstract
Background Health information security (IS) breaches are increasing with the use of information technology for health care services, and a strong security culture is important for driving employees' information asset protection behavior. Objective This study aimed to analyze differences in information security cultures (ISCs) across health care providers based on factors drawn from the ISC model. Methods We used twelve factors to measure the ISCs of health care providers. This research applied a survey method with the Kruskal-Wallis H Test and the Mann-Whitney U Test as data analysis techniques. We collected the data through a questionnaire distributed to 470 employees of health care facilities (i.e. hospitals, community health centers, and primary care clinics) in Indonesia. Results The results revealed the differences between health care provider types for 9 of the 12 security culture factors. Top management support, change management, and knowledge were the differentiating factors between all types of health care providers. Organizational culture and security compliance only differed in primary care clinics. Meanwhile, security behavior, soft issues and workplace independence, information security policies, training, and awareness only differed in hospitals. Conclusion The results indicated that each type of health care provider required different approaches to develop an ISC considering the above factors. They provided insight for top management to design suitable programs for cultivating ISCs in their institutions.
Collapse
Affiliation(s)
- Puspita Kencana Sari
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia.,Faculty of Computer Science, Universitas Indonesia, Depok, Indonesia
| | - Adhi Prasetio
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | - Candiwan
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | | | | | - Syaza Syauqina
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | - Eka Fuji Astuti
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | | |
Collapse
|
|
60
|
Maggio LA, Dameff C, Kanter SL, Woods B, Tully J. Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives. ACADEMIC MEDICINE : JOURNAL OF THE ASSOCIATION OF AMERICAN MEDICAL COLLEGES 2021; 96:850-853. [PMID: 33239532 DOI: 10.1097/acm.0000000000003859] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/11/2023]
Abstract
PROBLEM Academic health centers (AHCs) face cybersecurity vulnerabilities that have potential costs to an institution's finances, reputation, and ability to deliver care. Yet many AHC executives may not have sufficient knowledge of the potential impact of cyberattacks on institutional missions such as clinical care, research, and education. Improved cybersecurity awareness and education are areas of opportunity for many AHCs. APPROACH The authors developed and facilitated a tabletop cybersecurity simulation at an international conference for AHC leaders in September 2019 to raise awareness of cybersecurity issues and threats and to provide a forum for discussions of concerns specific to CEOs and C-suite-level executives. The 3.5-hour interactive simulation used an evolving, 3-phase case study describing a hypothetical cyberattack on an AHC with a ransomware demand. The approximately 70 participants, from AHCs spanning 25 states and 11 countries, worked in teams and discussed how they would react if they held roles similar to their real-life positions. The authors provide the full scenario as a resource. OUTCOMES The exercise was well received by the participants. In the postsession debrief, many participants noted that cybersecurity preparedness had not received the level of institutional attention given to threats such as epidemics or natural disasters. Significant variance in teams' courses of action during the simulation highlighted a lack of consensus with regard to foundational decisions. Participants identified this as an area that could be remedied by the development of guidelines or protocols. NEXT STEPS As health care cybersecurity challenges persist or grow in magnitude, AHCs will have increased opportunities to lead in the development of best practices for preparedness and response. AHCs are well positioned to work with clinicians, security professionals, regulators, law enforcement, and other stakeholders to develop tools and protocols to improve health care cybersecurity and better protect patients.
Collapse
Affiliation(s)
- Lauren A Maggio
- L.A. Maggio is programs scholar, Association of Academic Health Centers, Washington, DC, and professor of medicine, Uniformed Services University of the Health Sciences, Bethesda, Maryland
| | - Christian Dameff
- C. Dameff is assistant professor of emergency medicine, biomedical informatics and computer science, University of California, San Diego, La Jolla, California
| | - Steven L Kanter
- S.L. Kanter is president and CEO, Association of Academic Health Centers, Washington, DC
| | - Beau Woods
- B. Woods is a cyber safety innovation fellow, Atlantic Council, and leader, I Am the Cavalry, Washington, DC
| | - Jeffrey Tully
- J. Tully is assistant professor of anesthesiology and pain medicine, University of California, Davis, Medical Center, Sacramento, California
| |
Collapse
|
|
61
|
Swedberg K, Cawley D, Ekman I, Rogers HL, Antonic D, Behmane D, Björkman I, Britten N, Buttigieg SC, Byers V, Börjesson M, Corazzini K, Fors A, Granger B, Joksimoski B, Lewandowski R, Sakalauskas V, Srulovici E, Törnell J, Wallström S, Wolf A, Lloyd HM. Testing cost containment of future healthcare with maintained or improved quality-The COSTCARES project. Health Sci Rep 2021; 4:e309. [PMID: 34141903 PMCID: PMC8180514 DOI: 10.1002/hsr2.309] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/12/2021] [Revised: 04/24/2021] [Accepted: 05/06/2021] [Indexed: 11/27/2022] Open
Abstract
BACKGROUND Increasing healthcare costs need to be contained in order to maintain equality of access to care for all EU citizens. A cross-disciplinary consortium of experts was supported by the EU FP7 research programme, to produce a roadmap on cost containment, while maintaining or improving the quality of healthcare. The roadmap comprises two drivers: person-centred care and health promotion; five critical enablers also need to be addressed: information technology, quality measures, infrastructure, incentive systems, and contracting strategies. METHOD In order to develop and test the roadmap, a COST Action project was initiated: COST-CARES, with 28 participating countries. This paper provides an overview of evidence about the effects of each of the identified enablers. Intersections between the drivers and the enablers are identified as critical for the success of future cost containment, in tandem with maintained or improved quality in healthcare. This will require further exploration through testing. CONCLUSION Cost containment of future healthcare, with maintained or improved quality, needs to be addressed through a concerted approach of testing key factors. We propose a framework for test lab design based on these drivers and enablers in different European countries.
Collapse
Affiliation(s)
- Karl Swedberg
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Department of Molecular and Clinical MedicineUniversity of GothenburgGothenburgSweden
| | - Desmond Cawley
- Department of Nursing and Healthcare, Faculty of Science and HealthAthlone Institute of TechnologyAthloneIreland
| | - Inger Ekman
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
| | - Heather L. Rogers
- Biocruces Bizkaia Health Research InstituteBarakaldoSpain
- Ikerbasque Basque Foundation for ScienceBilbaoSpain
| | | | - Daiga Behmane
- Institute of Public HealthRiga Stradins UniversityRigaLatvia
| | - Ida Björkman
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
| | - Nicky Britten
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
- College of Medicine and HealthUniversity of Exeter Medical SchoolExeterUK
| | - Sandra C. Buttigieg
- Department of Health Services Management, Faculty of Health SciencesUniversity of MaltaMsidaMalta
| | - Vivienne Byers
- Environmental Sustainability & Health InstituteTechnological University DublinDublinIreland
| | - Mats Börjesson
- Department of Neuroscience and PhysiologyUniversity of GothenburgGothenburgSweden
- Department of Food, Nutrition and Sports Science, Center for Health and PerformanceUniversity of GothenburgGothenburgSweden
| | - Kirsten Corazzini
- Duke University School of NursingDurhamNorth Carolina
- Duke University Center for the Study of Aging and Human DevelopmentDurhamNorth Carolina
| | - Andreas Fors
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
| | - Bradi Granger
- Duke University Heart and Vascular ServicesDurhamNorth Carolina
| | - Boban Joksimoski
- Faculty of Computer Science and EngineeringSkopjeNorth Macedonia
| | - Roman Lewandowski
- Management FacultyUniversity of Social SciencesLodzPoland
- Voivodeship Rehabilitation Hospital for Children in AmerykaOlsztynekPoland
| | | | | | - Jan Törnell
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Department of Neuroscience and PhysiologyUniversity of GothenburgGothenburgSweden
| | - Sara Wallström
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
| | - Axel Wolf
- Centre for Person Centred CareUniversity of GothenburgGothenburgSweden
- Institute of Health and Care SciencesUniversity of GothenburgGothenburgSweden
| | - Helen M. Lloyd
- Faculty of Health and Human Sciences, School of PsychologyUniversity of PlymouthPlymouthUnited Kingdom
| |
Collapse
|
|
62
|
He Y, Aliyu A, Evans M, Luo C. Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review. J Med Internet Res 2021; 23:e21747. [PMID: 33764885 PMCID: PMC8059789 DOI: 10.2196/21747] [Citation(s) in RCA: 33] [Impact Index Per Article: 11.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/23/2020] [Revised: 12/08/2020] [Accepted: 02/21/2021] [Indexed: 01/14/2023] Open
Abstract
BACKGROUND COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. OBJECTIVE The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. METHODS A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula "(covid OR healthcare) AND cybersecurity." Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. RESULTS We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. CONCLUSIONS This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.
Collapse
Affiliation(s)
- Ying He
- School of Computer Science, University of Nottingham, Nottingham, United Kingdom
| | - Aliyu Aliyu
- School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom
| | - Mark Evans
- School of Computer Science and Informatics, De Montfort University, Leicester, United Kingdom
| | - Cunjin Luo
- School of Computer Science and Electronic Engineering, University of Essex, Colchester, United Kingdom
- Key Lab of Medical Electrophysiology, Ministry of Education, Institute of Cardiovascular Research, Southwest Medical University, Luzhou, China
| |
Collapse
|
|
63
|
Ferreira A, Cruz-Correia R. COVID-19 and Cybersecurity: Finally, an Opportunity to Disrupt? JMIRX MED 2021; 2:e21069. [PMID: 34032816 PMCID: PMC8104279 DOI: 10.2196/21069] [Citation(s) in RCA: 16] [Impact Index Per Article: 5.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/04/2020] [Revised: 10/02/2020] [Accepted: 03/08/2021] [Indexed: 01/11/2023]
Abstract
COVID-19 has challenged cybersecurity to meet the ultimate need of guaranteeing the privacy and security of human beings. Although personal and sensitive health data are needed to better understand, detect, and control the disease, many related cybersecurity challenges and vulnerabilities require further analysis and proper discussion. The aims of this viewpoint are to explore the consequences of COVID-19 on cybersecurity and health care as well as to foster awareness regarding the need for a change in paradigm on how cybersecurity is approached. Education and information technology literacy are important when they are suitably provided; however, they are certainly not a complete solution. Disruption needs to occur at the core of human-device interactions. Building trust, providing novel means to interact with technology (eg, digital humans), and supporting people-the most important cybersecurity asset-are only some of the recommendations for a more human and resilient approach to cybersecurity, during or after the pandemic.
Collapse
Affiliation(s)
- Ana Ferreira
- CINTESIS Faculty of Medicine University of Porto Porto Portugal
- MEDCIDS Faculty of Medicine University of Porto Porto Portugal
| | - Ricardo Cruz-Correia
- CINTESIS Faculty of Medicine University of Porto Porto Portugal
- MEDCIDS Faculty of Medicine University of Porto Porto Portugal
| |
Collapse
|
|
64
|
Graham C. Fear of the unknown with healthcare IoT devices: An exploratory study. INFORMATION SECURITY JOURNAL: A GLOBAL PERSPECTIVE 2021. [DOI: 10.1080/19393555.2020.1810369] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/23/2022]
|
|
65
|
Alvarez SL, Baller SL, Walton A. Who Owns Your Health Data? Two Interventions Addressing Data of Wearable Health Devices among Young Adults and Future Health Clinicians. JOURNAL OF CONSUMER HEALTH ON THE INTERNET 2021. [DOI: 10.1080/15398285.2020.1852386] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/22/2022]
Affiliation(s)
- Sarah L. Alvarez
- Department of Health Sciences, James Madison University, Harrisonburg, VA, USA
| | - Stephanie L. Baller
- Department of Health Sciences, James Madison University, Harrisonburg, VA, USA
| | - Anthony Walton
- Department of Health Sciences, James Madison University, Harrisonburg, VA, USA
| |
Collapse
|
|
66
|
Bhardwaj R. An enhanced reversible patient data hiding algorithm for E-healthcare. Biomed Signal Process Control 2021. [DOI: 10.1016/j.bspc.2020.102276] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
|
|
67
|
Almarwani R, Zhang N, Garside J. A novel approach to data integrity auditing in PCS: Minimising any Trust on Third Parties (DIA-MTTP). PLoS One 2021; 16:e0244731. [PMID: 33412563 PMCID: PMC7790547 DOI: 10.1371/journal.pone.0244731] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/12/2020] [Accepted: 12/16/2020] [Indexed: 11/27/2022] Open
Abstract
Data Integrity Auditing (DIA) is a security service for verifying the integrity of outsourced data in Public Cloud Storage (PCS) by users or by Third-Party Auditors (TPAs) on behalf of the users. This paper proposes a novel DIA framework, called DIA-MTTP. The major novelty of the framework lies in that, while providing the DIA service in a PCS environment, it supports the use of third parties, but does not require full trust in the third parties. In achieving this property, a number of ideas also have been embedded in the design. These ideas include the use of multiple third parties and a hierarchical approach to their communication structure making the service more suited to resource-constrained user devices, the provision of two integrity assurance levels to balance the trade-off between security protection levels and the costs incurred, the application of a data deduplication measure to both new data and existing data updates to minimise the number of tags (re-)generated. In supporting the dynamic data and deduplication measure, a distributed data structure, called Multiple Mapping Tables (M2T), is proposed. Security analysis indicates that our framework is secure with the use of untrusted third parties. Performance evaluation indicates that our framework imposes less computational, communication and storage overheads than related works.
Collapse
Affiliation(s)
- Reem Almarwani
- College of Computer Science and Engineering (CCSE), Taibah University, Medina, Saudi Arabia
- Information Management Research Group, The Department of Computer Science, The University of Manchester, Manchester, United Kingdom
- * E-mail: ,
| | - Ning Zhang
- College of Computer Science and Engineering (CCSE), Taibah University, Medina, Saudi Arabia
| | - James Garside
- College of Computer Science and Engineering (CCSE), Taibah University, Medina, Saudi Arabia
| |
Collapse
|
|
68
|
Lee D, Yoon SN. Application of Artificial Intelligence-Based Technologies in the Healthcare Industry: Opportunities and Challenges. INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH 2021; 18:E271. [PMID: 33401373 PMCID: PMC7795119 DOI: 10.3390/ijerph18010271] [Citation(s) in RCA: 123] [Impact Index Per Article: 41.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/07/2020] [Revised: 12/23/2020] [Accepted: 12/24/2020] [Indexed: 12/17/2022]
Abstract
This study examines the current state of artificial intelligence (AI)-based technology applications and their impact on the healthcare industry. In addition to a thorough review of the literature, this study analyzed several real-world examples of AI applications in healthcare. The results indicate that major hospitals are, at present, using AI-enabled systems to augment medical staff in patient diagnosis and treatment activities for a wide range of diseases. In addition, AI systems are making an impact on improving the efficiency of nursing and managerial activities of hospitals. While AI is being embraced positively by healthcare providers, its applications provide both the utopian perspective (new opportunities) and the dystopian view (challenges to overcome). We discuss the details of those opportunities and challenges to provide a balanced view of the value of AI applications in healthcare. It is clear that rapid advances of AI and related technologies will help care providers create new value for their patients and improve the efficiency of their operational processes. Nevertheless, effective applications of AI will require effective planning and strategies to transform the entire care service and operations to reap the benefits of what technologies offer.
Collapse
Affiliation(s)
- DonHee Lee
- College of Business Administration, Inha University, Incheon 22212, Korea;
| | - Seong No Yoon
- Department of Business Edward Waters College, Jacksonville, FL 32209, USA
| |
Collapse
|
|
69
|
AIM and the Nexus of Security and Technology. Artif Intell Med 2021. [DOI: 10.1007/978-3-030-58080-3_301-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/26/2022]
|
|
70
|
AIM and the Nexus of Security and Technology. Artif Intell Med 2021. [DOI: 10.1007/978-3-030-58080-3_301-2] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/26/2022]
|
|
71
|
Alagheband MR, Mashatan A, Zihayat M. Time-based Gap Analysis of Cybersecurity Trends in Academic and Digital Media. ACM TRANSACTIONS ON MANAGEMENT INFORMATION SYSTEMS 2020. [DOI: 10.1145/3389684] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/23/2022]
Abstract
This study analyzes cybersecurity trends and proposes a conceptual framework to identify cybersecurity topics of social interest and emerging topics that need to be addressed by researchers in the field. The insights drawn from this framework allow for a more proactive approach to identifying cybersecurity patterns and emerging threats that will ultimately improve the collective cybersecurity posture of the modern society. To achieve this, cybersecurity-oriented content in both media and academic corpora, disseminated between 2008 and 2018, were morphologically analyzed via text mining. A total of 3,556 academic papers obtained from the top-10 highly reputable cybersecurity academic conferences, and 4,163 news articles collected from the
New York Times
were processed. The LDA topic modeling followed optimal perplexity and coherence scores resulted in 12 trendy topics. Next, the time-based gap between these trendy topics was analyzed to measure the correlation between media and trendy academic topics. Both convergences and divergences between the two cybersecurity corpora were identified, suggesting a strong time-based correlation between these resources. This framework demonstrates the effective use of automated techniques to provide insights about cybersecurity topics of social interest and emerging trends and informs the direction of future academic research in this field.
Collapse
Affiliation(s)
- Mahdi R. Alagheband
- Ted Rogers School of Information Technology Management, Ryerson University, Toronto, Canada
| | - Atefeh Mashatan
- Ted Rogers School of Information Technology Management, Ryerson University, Toronto, Canada
| | - Morteza Zihayat
- Ted Rogers School of Information Technology Management, Ryerson University, Toronto, Canada
| |
Collapse
|
|
72
|
Tan L, Tivey D, Kopunic H, Babidge W, Langley S, Maddern G. Part 2: Blockchain technology in health care. ANZ J Surg 2020; 90:2415-2419. [PMID: 33236489 DOI: 10.1111/ans.16455] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/28/2020] [Revised: 09/02/2020] [Accepted: 10/31/2020] [Indexed: 11/30/2022]
Abstract
Blockchain technology is one of the many disruptive technologies of the Fourth Industrial Revolution that will irrevocably change the way we live and work. These technologies are well embedded in the areas of global finance, health care and defence, to name a few. This review focuses on the relevance of blockchain technology to health care. Blockchain technology will be the unifying platform for sharing patient data currently inaccessible due to the siloed architecture of legacy software systems, and as a result potentially be the basis for precision or individualized patient treatment. It will also strengthen digital security of sensitive patient data that is presently a lucrative target for cyber criminals. In the current COVID-19 environment, clinicians will rely more on telehealth to reduce person-to-person contact. This service can be delivered by the clinical team with confidence in the veracity of the patient data made accessible through the blockchain platform. Smart contracts written on the blockchain platform will reduce the possibility of international humanitarian aid to low- and middle-income countries being misspent. The pharmaceutical supply chain industry is adopting blockchain technology to ensure supply chain provenance. Similarly, the health insurance industry recognizes how the blockchain ecosystem can improve services to its members and expedite reimbursements to clinicians.
Collapse
Affiliation(s)
- Lorwai Tan
- Research, Audit and Academic Surgery, Royal Australasian College of Surgeons, Adelaide, South Australia, Australia
| | - David Tivey
- Research, Audit and Academic Surgery, Royal Australasian College of Surgeons, Adelaide, South Australia, Australia.,Discipline of Surgery, The Queen Elizabeth Hospital, The University of Adelaide, Adelaide, South Australia, Australia
| | - Helena Kopunic
- Research, Audit and Academic Surgery, Royal Australasian College of Surgeons, Adelaide, South Australia, Australia
| | - Wendy Babidge
- Research, Audit and Academic Surgery, Royal Australasian College of Surgeons, Adelaide, South Australia, Australia.,Discipline of Surgery, The Queen Elizabeth Hospital, The University of Adelaide, Adelaide, South Australia, Australia
| | - Sally Langley
- Plastic and Reconstructive Surgery Department, Christchurch Hospital, Christchurch, New Zealand
| | - Guy Maddern
- Research, Audit and Academic Surgery, Royal Australasian College of Surgeons, Adelaide, South Australia, Australia.,Discipline of Surgery, The Queen Elizabeth Hospital, The University of Adelaide, Adelaide, South Australia, Australia
| |
Collapse
|
|
73
|
Stamatellis C, Papadopoulos P, Pitropakis N, Katsikas S, Buchanan WJ. A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric. SENSORS (BASEL, SWITZERLAND) 2020; 20:E6587. [PMID: 33218022 PMCID: PMC7698751 DOI: 10.3390/s20226587] [Citation(s) in RCA: 24] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 10/26/2020] [Revised: 11/11/2020] [Accepted: 11/16/2020] [Indexed: 11/30/2022]
Abstract
Electronic health record (EHR) management systems require the adoption of effective technologies when health information is being exchanged. Current management approaches often face risks that may expose medical record storage solutions to common security attack vectors. However, healthcare-oriented blockchain solutions can provide a decentralized, anonymous and secure EHR handling approach. This paper presents PREHEALTH, a privacy-preserving EHR management solution that uses distributed ledger technology and an Identity Mixer (Idemix). The paper describes a proof-of-concept implementation that uses the Hyperledger Fabric's permissioned blockchain framework. The proposed solution is able to store patient records effectively whilst providing anonymity and unlinkability. Experimental performance evaluation results demonstrate the scheme's efficiency and feasibility for real-world scale deployment.
Collapse
Affiliation(s)
- Charalampos Stamatellis
- Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (C.S.); (N.P.); (W.J.B.)
| | - Pavlos Papadopoulos
- Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (C.S.); (N.P.); (W.J.B.)
| | - Nikolaos Pitropakis
- Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (C.S.); (N.P.); (W.J.B.)
- Eight Bells LTD, Nicosia 2002, Cyprus
| | - Sokratis Katsikas
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815 Gjøvik, Norway
| | - William J. Buchanan
- Blockpass ID Lab, School of Computing, Edinburgh Napier University, Edinburgh EH10 5DT, UK; (C.S.); (N.P.); (W.J.B.)
| |
Collapse
|
|
74
|
Fayans I, Motro Y, Rokach L, Oren Y, Moran-Gilad J. Cyber security threats in the microbial genomics era: implications for public health. ACTA ACUST UNITED AC 2020; 25. [PMID: 32070468 PMCID: PMC7029451 DOI: 10.2807/1560-7917.es.2020.25.6.1900574] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/20/2022]
Abstract
Next generation sequencing (NGS) is becoming the new gold standard in public health microbiology. Like any disruptive technology, its growing popularity inevitably attracts cyber security actors, for whom the health sector is attractive because it combines mission-critical infrastructure and high-value data with cybersecurity vulnerabilities. In this Perspective, we explore cyber security aspects of microbial NGS. We discuss the motivations and objectives for such attack, its feasibility and implications, and highlight policy considerations aimed at threat mitigation. Particular focus is placed on the attack vectors, where the entire process of NGS, from sample to result, could be vulnerable, and a risk assessment based on probability and impact for representative attack vectors is presented. Cyber attacks on microbial NGS could result in loss of confidentiality (leakage of personal or institutional data), integrity (misdetection of pathogens) and availability (denial of sequencing services). NGS platforms are also at risk of being used as propagation vectors, compromising an entire system or network. Owing to the rapid evolution of microbial NGS and its applications, and in light of the dynamics of the cyber security domain, frequent risk assessments should be carried out in order to identify new threats and underpin constantly updated public health policies.
Collapse
Affiliation(s)
- Iliya Fayans
- Department of Software and Information Systems Engineering, Faculty of Engineering Sciences, Ben Gurion University of the Negev, Beer Sheva, Israel
| | - Yair Motro
- Department of Health Systems Management, School of Public Health, Faculty of Health Sciences, Ben-Gurion University of the Negev, Beer-Sheva, Israel
| | - Lior Rokach
- Department of Software and Information Systems Engineering, Faculty of Engineering Sciences, Ben Gurion University of the Negev, Beer Sheva, Israel
| | - Yossi Oren
- Department of Software and Information Systems Engineering, Faculty of Engineering Sciences, Ben Gurion University of the Negev, Beer Sheva, Israel
| | - Jacob Moran-Gilad
- Department of Health Systems Management, School of Public Health, Faculty of Health Sciences, Ben-Gurion University of the Negev, Beer-Sheva, Israel
| |
Collapse
|
|
75
|
Abstract
Digital psychiatry and e-mental health have proliferated and permeated vastly in the current landscape of mental health care provision. The COVID-19 crisis has accelerated this digital transformation, and changes that usually take many years to translate into clinical practice have been implemented in a matter of weeks. These have outpaced the checks and balances that would typically accompany such changes, which has brought into focus a need to have a proper approach for digital data handling. Health care data is sensitive, and is prone to hacking due to the lack of stringent protocols regarding its storage and access. Mental health care data need to be more secure due to the stigma associated with having a mental health condition. Thus, there is a need to emphasize proper data handling by mental health professionals, and policies to ensure safeguarding patient's privacy are required. The aim of useful, free, and fair use of mental health care data for clinical, business, and research purposes should be balanced with the need to ensure the data is accessible to only those who are authorized. Systems and policies should be in place to ensure that data storage, access, and disposal are systematic and conform to data safety norms.
Collapse
Affiliation(s)
- Sandeep Grover
- Dept. of Psychiatry, Postgraduate Institute of Medical Education and Research, Chandigarh, India
| | - Siddharth Sarkar
- Dept. of Psychiatry, All India Institute of Medical Sciences, New Delhi, India
| | - Rahul Gupta
- NMHEC-RAP Telepsychiatry Service.,Intermediate Stay Mental Health Unit.,Faculty of Health and Medicine, University of Newcastle, Callaghan NSW, Australia
| |
Collapse
|
|
76
|
|
|
77
|
An event study of data breaches and hospital IT spending. HEALTH POLICY AND TECHNOLOGY 2020. [DOI: 10.1016/j.hlpt.2020.04.008] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/24/2022]
|
|
78
|
Ternes K, Iyengar V, Lavretsky H, Dawson WD, Booi L, Ibanez A, Vahia I, Reynolds C, DeKosky S, Cummings J, Miller B, Perissinotto C, Kaye J, Eyre HA. Brain health INnovation Diplomacy: a model binding diverse disciplines to manage the promise and perils of technological innovation. Int Psychogeriatr 2020; 32:955-979. [PMID: 32019621 PMCID: PMC7423685 DOI: 10.1017/s1041610219002266] [Citation(s) in RCA: 19] [Impact Index Per Article: 4.8] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 01/08/2023]
Abstract
BACKGROUND Brain health diplomacy aims to influence the global policy environment for brain health (i.e. dementia, depression, and other mind/brain disorders) and bridges the disciplines of global brain health, international affairs, management, law, and economics. Determinants of brain health include educational attainment, diet, access to health care, physical activity, social support, and environmental exposures, as well as chronic brain disorders and treatment. Global challenges associated with these determinants include large-scale conflicts and consequent mass migration, chemical contaminants, air quality, socioeconomic status, climate change, and global population aging. Given the rapidly advancing technological innovations impacting brain health, it is paramount to optimize the benefits and mitigate the drawbacks of such technologies. OBJECTIVE We propose a working model of Brain health INnovation Diplomacy (BIND). METHODS We prepared a selective review using literature searches of studies pertaining to brain health technological innovation and diplomacy. RESULTS BIND aims to improve global brain health outcomes by leveraging technological innovation, entrepreneurship, and innovation diplomacy. It acknowledges the key role that technology, entrepreneurship, and digitization play and will increasingly play in the future of brain health for individuals and societies alike. It strengthens the positive role of novel solutions, recognizes and works to manage both real and potential risks of digital platforms. It is recognition of the political, ethical, cultural, and economic influences that brain health technological innovation and entrepreneurship can have. CONCLUSIONS By creating a framework for BIND, we can use this to ensure a systematic model for the use of technology to optimize brain health.
Collapse
Affiliation(s)
- Kylie Ternes
- School of Medicine, Baylor College of Medicine, Houston, Texas, USA
| | - Vijeth Iyengar
- U.S. Administration on Aging/Administration for Community Living, U.S. Department of Health and Human Services, Washington, DC, USA
| | - Helen Lavretsky
- Department of Psychiatry, Semel Institute for Neuroscience and Human Behavior, UCLA, Los Angeles, California, USA
| | - Walter D Dawson
- Memory and Aging Center, School of Medicine, UCSF, San Francisco, California, USA
- Global Brain Health Institute, San Francisco, California, USA
- Trinity College Dublin, Dublin, Ireland
- School of Medicine, Oregon Health and Science University, Portland, Oregon, USA
- Institute on Aging, School of Urban and Public Affairs, Portland State University, Portland, Oregon, USA
| | - Laura Booi
- Global Brain Health Institute, San Francisco, California, USA
- Trinity College Dublin, Dublin, Ireland
| | - Agustin Ibanez
- Memory and Aging Center, School of Medicine, UCSF, San Francisco, California, USA
- Global Brain Health Institute, San Francisco, California, USA
- Trinity College Dublin, Dublin, Ireland
- Institute of Cognitive and Translational Neuroscience (INCYT), INECO Foundation, Favaloro University, Buenos Aires, Argentina
- National Scientific and Technical Research Council (CONICET), Buenos Aires, Argentina
- Center for Social and Cognitive Neuroscience (CSCN), Universidad Adolfo Ibanez, Santiago, Chile
- Universidad Autónoma del Caribe, Barranquilla, Colombia
- ARC Centre of Excellence in Cognition and its Disorders, Sydney, Australia
| | - Ipsit Vahia
- McLean Hospital, Belmont, Massachusetts, USA
- Harvard Medical School, Cambridge, Massachusetts, USA
| | - Charles Reynolds
- Department of Psychiatry, University of Pittsburgh, Pittsburgh, Pennsylvania, USA
| | - Steven DeKosky
- McKnight Brain Institute and Department of Neurology, College of Medicine, University of Florida, Miami, Florida, USA
| | - Jeffrey Cummings
- Department of Brain Health, School of Integrated Health Sciences, Cleveland Clinic Lou Ruvo Center for Brain Health, UNLV, Las Vegas, Nevada, USA
| | - Bruce Miller
- Memory and Aging Center, School of Medicine, UCSF, San Francisco, California, USA
- Global Brain Health Institute, San Francisco, California, USA
- Trinity College Dublin, Dublin, Ireland
| | - Carla Perissinotto
- Division of Geriatrics, School of Medicine, UCSF, San Francisco, California, USA
| | - Jeffrey Kaye
- School of Medicine, Oregon Health and Science University, Portland, Oregon, USA
| | - Harris A Eyre
- Innovation Institute, Texas Medical Center, Houston, Texas, USA
- Department of Psychiatry, University of Melbourne, Melbourne, Victoria, Australia
- IMPACT SRC, School of Medicine, Deakin University, Geelong, Victoria, Australia
- Brainstorm Laboratory for Mental Health Innovation, Department of Psychiatry, Stanford University School of Medicine, Palo Alto, California, USA
- Discipline of Psychiatry, School of Medicine, The University of Adelaide, Adelaide, South Australia, Australia
| |
Collapse
|
|
79
|
Kwan H, Riley M, Prasad N, Robinson K. An investigation of the status and maturity of hospitals' health information governance in Victoria, Australia. Health Inf Manag 2020; 51:89-97. [PMID: 32662675 DOI: 10.1177/1833358320938309] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
BACKGROUND Health information governance (IG) in Australian hospitals was hitherto unexplored. OBJECTIVES To determine hospitals' health IG status and maturity in Victoria, Australia, identify drivers and barriers affecting IG adoption, examine electronic health data breach response plan usage and assess employees' electronic data breach awareness. METHOD Mixed-methods descriptive study utilising an online survey of directors - clinical/health information services and chief health information managers (HIMs) in Victorian hospitals, ≥50 beds. RESULTS Response rate: 42.9% (n = 36). Fifty percent (n = 17) of respondent-hospitals had an IG program. IG equally supported decision-making and risk identification and prevention. The greatest potential organisational damages from system disruption or failure were information loss (66.7%) and clinical risks (63.9%). HIMs in 15 (55.6%) hospitals had knowledge to monitor and detect electronic data breaches. Staff in 19 (70.4%) hospitals knew who to inform about a suspected breach. Most hospitals had mature health information-related IG practices, most (88.9%, n = 24) provided IG-related education, 77.8% (n = 21) regularly reviewed data breach response plans. The strongest IG drivers were privacy-security compliance and changes to data capture or documentation practices (82.8%, n = 24); the greatest barriers were implementation complexity (57.1%, n = 16) and cost (55.6%, n = 15). CONCLUSION These baseline Australian data show 50% of respondent-hospitals had no formal health IG program. Privacy-security compliance, and audits, needed improvement; however, most hospitals had well-developed medical record/health information IG-relevant schedules, policies and practices. HIMs, the professionals most engaged in IG, required upskilling in electronic data breach detection.
Collapse
|
|
80
|
Wani TA, Mendoza A, Gray K. Hospital Bring-Your-Own-Device Security Challenges and Solutions: Systematic Review of Gray Literature. JMIR Mhealth Uhealth 2020; 8:e18175. [PMID: 32554388 PMCID: PMC7333072 DOI: 10.2196/18175] [Citation(s) in RCA: 16] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/09/2020] [Revised: 04/08/2020] [Accepted: 04/09/2020] [Indexed: 12/16/2022] Open
Abstract
BACKGROUND As familiarity with and convenience of using personal devices in hospitals help improve the productivity, efficiency, and workflow of hospital staff, the health care bring-your-own-device (BYOD) market is growing consistently. However, security concerns owing to the lack of control over the personal mobile devices of staff, which may contain sensitive data such as personal health information of patients, make it one of the biggest health care information technology (IT) challenges for hospital administrations. OBJECTIVE Given that the hospital BYOD security has not been adequately addressed in peer-reviewed literature, the aim of this paper was to identify key security challenges associated with hospital BYOD usage as well as relevant solutions that can cater to the identified issues by reviewing gray literature. Therefore, this research will provide additional practical insights from current BYOD practices. METHODS A comprehensive gray literature review was conducted, which followed the stepwise guidelines and quality assessment criteria set out by Garousi et al. The searched literature included tier 1 sources such as health care cybersecurity market reports, white papers, guidelines, policies, and frameworks as well as tier 2 sources such as credible and reputed health IT magazines, databases, and news articles. Moreover, a deductive thematic analysis was conducted to organize the findings based on Schlarman's People Policy Technology model, promoting a holistic understanding of hospitals' BYOD security issues and solutions. RESULTS A total of 51 sources were found to match the designed eligibility criteria. From these studies, several sociotechnical issues were identified. The major challenges identified were the use of devices with insufficient security controls by hospital staff, lack of control or visibility for the management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintenance of legal requirements, shortage of cybersecurity skills, and loss of devices. Although technologies such as mobile device management, unified endpoint management, containerization, and virtual private network allow better BYOD security management in hospitals, policies and people management measures such as strong security culture and staff awareness and training improve staff commitment in protecting hospital data. CONCLUSIONS The findings suggest that to optimize BYOD security management in hospitals, all 3 dimensions of the security process (people, policy, and technology) need to be given equal emphasis. As the nature of cybersecurity attacks is becoming more complex, all dimensions should work in close alignment with each other. This means that with the modernization of BYOD technology, BYOD strategy, governance, education, and relevant policies and procedures also need to adapt accordingly.
Collapse
Affiliation(s)
- Tafheem Ahmad Wani
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Antonette Mendoza
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Kathleen Gray
- Centre for Digital Transformation of Health, The University of Melbourne, Melbourne, Australia
| |
Collapse
|
|
81
|
Kabir UY, Ezekekwu E, Bhuyan SS, Mahmood A, Dobalian A. Trends and best practices in health care cybersecurity insurance policy. J Healthc Risk Manag 2020; 40:10-14. [PMID: 32441812 DOI: 10.1002/jhrm.21414] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/08/2022]
Abstract
Health care organizations are a major target for cyberattacks. This is primarily due to their peculiar vulnerabilities and attractiveness to nefarious cyber actors. Data breaches from these attacks present a significant threat to the viability of health care organizations, ranging from financial losses to compromised patient safety. Cybersecurity insurance has become an essential tool for mitigating financial liabilities that may arise from breaches for many organizations. This paper reviews the current state of cybersecurity insurance adoption in the health care sector. It highlights best practices in cybersecurity insurance policy for health care organizations and recommends future directions to strengthen cybersecurity and improve cybersecurity insurance.
Collapse
Affiliation(s)
- Umar Yusuf Kabir
- Division of Health Systems Management and Policy, School of Public Health, University of Memphis, Memphis, Tennessee
| | - Emmanuel Ezekekwu
- Department of Health Management and Systems Sciences, School of Public Health and Information Sciences, University of Louisville, Louisville, Kentucky
| | - Soumitra S Bhuyan
- School of Planning and Public Policy, Rutgers University, New Brunswick, New Jersey
| | - Asos Mahmood
- Division of Health Systems Management and Policy, School of Public Health, University of Memphis, Memphis, Tennessee
| | - Aram Dobalian
- Division of Health Systems Management and Policy, School of Public Health, University of Memphis, Memphis, Tennessee
| |
Collapse
|
|
82
|
Zhang B, Chen S, Nichols E, D'Souza W, Prado K, Yi B. A practical cyberattack contingency plan for radiation oncology. J Appl Clin Med Phys 2020; 21:181-186. [PMID: 32333513 PMCID: PMC7386175 DOI: 10.1002/acm2.12886] [Citation(s) in RCA: 11] [Impact Index Per Article: 2.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/18/2020] [Revised: 03/18/2020] [Accepted: 03/25/2020] [Indexed: 11/11/2022] Open
Abstract
Purpose This article presents a solution for continuing radiation therapy without interruption in the event of a cyberattack to the radiation oncology information systems (ROIS). This process could be easily deployed to any radiation oncology practice, with little clinical overhead or burden. Methods and Materials The solution automatically retrieves all essential information from the clinical ROIS for each under‐treatment patient and periodically (e.g., daily) saves these data to a dedicated secure server for recovery. In the event that the clinical ROIS is not functioning as a result of a cyberattack, this essential information is used to build a new secondary ROIS server to continue radiotherapy treatments until the main ROIS is recovered. Once the cyberattack threat is cleared, the clinical ROIS server is rebuilt from the institution’s enterprise backup. The newly accumulated treatment information for each patient is then exported from the secondary ROIS to bring the clinical ROIS up to date. Results The Department of Radiation Oncology at the University of Maryland Medical System implemented this solution for clinical use with the Varian ARIA ROIS in the management of ~250 daily radiotherapy treatments, inclusive of a proton center. This solution was determined to be a feasible and affordable business continuity plan for the radiation oncology practice by minimizing radiation treatment downtime to a couple of hours in a simulated cyberattack drill. Conclusions The proposed solution can achieve continuation of radiation therapy treatment without treatment breaks in the event of a cyberattack. It also provides cushion time for radiation oncology departments to rebuild their clinical ROIS systems from the enterprise data backup.
Collapse
Affiliation(s)
- Baoshe Zhang
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| | - Shifeng Chen
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| | - Elizabeth Nichols
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| | - Warren D'Souza
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| | - Karl Prado
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| | - Byongyong Yi
- Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA
| |
Collapse
|
|
83
|
Zerka F, Barakat S, Walsh S, Bogowicz M, Leijenaar RTH, Jochems A, Miraglio B, Townend D, Lambin P. Systematic Review of Privacy-Preserving Distributed Machine Learning From Federated Databases in Health Care. JCO Clin Cancer Inform 2020; 4:184-200. [PMID: 32134684 PMCID: PMC7113079 DOI: 10.1200/cci.19.00047] [Citation(s) in RCA: 44] [Impact Index Per Article: 11.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Accepted: 01/16/2020] [Indexed: 02/06/2023] Open
Abstract
Big data for health care is one of the potential solutions to deal with the numerous challenges of health care, such as rising cost, aging population, precision medicine, universal health coverage, and the increase of noncommunicable diseases. However, data centralization for big data raises privacy and regulatory concerns.Covered topics include (1) an introduction to privacy of patient data and distributed learning as a potential solution to preserving these data, a description of the legal context for patient data research, and a definition of machine/deep learning concepts; (2) a presentation of the adopted review protocol; (3) a presentation of the search results; and (4) a discussion of the findings, limitations of the review, and future perspectives.Distributed learning from federated databases makes data centralization unnecessary. Distributed algorithms iteratively analyze separate databases, essentially sharing research questions and answers between databases instead of sharing the data. In other words, one can learn from separate and isolated datasets without patient data ever leaving the individual clinical institutes.Distributed learning promises great potential to facilitate big data for medical application, in particular for international consortiums. Our purpose is to review the major implementations of distributed learning in health care.
Collapse
Affiliation(s)
- Fadila Zerka
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Samir Barakat
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Sean Walsh
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Marta Bogowicz
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Department of Radiation Oncology, University Hospital Zurich and University of Zurich, Zurich, Switzerland
| | - Ralph T. H. Leijenaar
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
- Oncoradiomics, Liège, Belgium
| | - Arthur Jochems
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
| | | | - David Townend
- Department of Health, Ethics, and Society, CAPHRI (Care and Public Health Research Institute), Maastricht University, Maastricht, The Netherlands
| | - Philippe Lambin
- The D-Lab, Department of Precision Medicine, GROW School for Oncology and Developmental Biology, Maastricht University Medical Centre, Maastricht, The Netherlands
| |
Collapse
|
|
84
|
Arumugam S, Colburn DAM, Sia SK. Biosensors for Personal Mobile Health: A System Architecture Perspective. ADVANCED MATERIALS TECHNOLOGIES 2020; 5:1900720. [PMID: 33043127 PMCID: PMC7546526 DOI: 10.1002/admt.201900720] [Citation(s) in RCA: 13] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/23/2019] [Indexed: 05/29/2023]
Abstract
Advances in mobile biosensors, integrating developments in materials science and instrumentation, are fueling an expansion in health data being collected and analyzed in decentralized settings. For example, semiconductor-based sensors are enabling measurement of vital signs, and microfluidic-based sensors are enabling measurement of biochemical markers. As biosensors for mobile health are becoming increasingly paired with smart devices, it will become critical for researchers to design biosensors - with appropriate functionalities and specifications - to work seamlessly with accompanying connected hardware and software. This article describes recent research in biosensors, as well as current mobile health devices in use, as classified into four distinct system architectures that take into account the biosensing and data processing functions required in personal mobile health devices. We also discuss the path forward for integrating biosensors into smartphone-based mobile health devices.
Collapse
Affiliation(s)
- Siddarth Arumugam
- Department of Biomedical Engineering, Columbia University, 10027 New York, United States
| | - David A M Colburn
- Department of Biomedical Engineering, Columbia University, 10027 New York, United States
| | - Samuel K Sia
- Department of Biomedical Engineering, Columbia University, 10027 New York, United States
| |
Collapse
|
|
85
|
Burkle FM. Challenges of Global Public Health Emergencies: Development of a Health-Crisis Management Framework. TOHOKU J EXP MED 2020; 249:33-41. [PMID: 31548492 DOI: 10.1620/tjem.249.33] [Citation(s) in RCA: 35] [Impact Index Per Article: 8.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/18/2022]
Abstract
Modern day health care providers have traditionally only focused on meeting the response phase requirements of disasters. The emergence of complex global public health crises such as climate change and extremes, biodiversity loss, emergencies of scarcity, rapid unsustainable urbanization, migrant and refugee surges, domestic and international terrorism, cyber-security, the civilianization of war and conflict, and the global rise of resistant antibiotics has resulted in an unprecedented rise in direct and indirect mortality and morbidity. These crises are beyond the current decision-making and operational capabilities of traditional disaster management and its providers most of who are community level practitioners representing every discipline. The 1930s "disaster cycle" concept describes a phase-related approach to meeting the strategic, operational, research, educational, and training components required of disasters; and, presents an opportunity for the structured development of a Health Crisis Management Framework to oversee the phase-related strategic and operational requirements for prevention, preparedness, response, recovery and rehabilitation challenges of major global public health crises. Whereas this approach mimics the manner in which practitioners at every level of society identify with in their daily practices, this approach deserves the support of every clinician, researcher, academic, and ancillary health care provider. Interestingly, this was also the intent of the original 1930 disaster cycle concept.
Collapse
Affiliation(s)
- Frederick M Burkle
- Professor (Ret.), Senior Fellow and Scientist, Harvard Humanitarian Initiative, Harvard University and Harvard T.H. Chan School of Public Health.,Senior International Public Policy Scholar, Woodrow Wilson International Center for Scholars
| |
Collapse
|
|
86
|
Rangabashyam M, Wee HE, Wang W, Mueller S, Karim KABA, Skanthakumar T, Hariraman B, Sommat K, Soong Y, Chua MLK, Tay G, Tan N‐C, Tan HK, Iyer NG. Electronic tumor board presentations as the basis for the development of a head and neck cancer database. Laryngoscope Investig Otolaryngol 2020; 5:46-54. [PMID: 32128430 PMCID: PMC7042654 DOI: 10.1002/lio2.337] [Citation(s) in RCA: 3] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/12/2019] [Revised: 08/27/2019] [Accepted: 11/20/2019] [Indexed: 12/18/2022] Open
Abstract
BACKGROUND Multidisciplinary team meetings or tumor boards (TBs) form a pivotal component of oncology practice. The crux of a TB revolves around making treatment decisions based on succinct head and neck cancer (HNC) patient data presentations, which can be challenging and complex. Apart from meticulous TB presentations, discussions and treatment plan documentation is equally important. The aim of this study was to structure an electronic synoptic TB data presentation to address all these areas. The overarching benefits of systematic TB data collection include facilitating audits and research. METHODS We utilized a secure web-based tool that was used for common scientific research purposes but customized to store HNC patient data. The data points were tabulated across eight TB pages: (a) TB scheduling, (b) patient biodata, (c) diagnosis details, (d) index presentation, (e) images, (f) management and histopathology, (g) TB presentation, and (h) TB discussion and decisions. Each data point leads to additional fields by branching logic to permit further relevant data entry. This was integrated within the patient electronic medical records allowing for a direct internal trajectory to recall TB data. RESULTS From October 2015 to October 2018, we recorded over 2000 presentations for 1279 individual patients. This is a quality improvement initiative, and hence, the results are more of a broad analysis of our TB presentation process. The most common cancers were squamous cell (523, 41%), thyroid (207, 16%), and nasopharyngeal (139, 11%) carcinomas. Importantly, this system has formed the basis for a number of clinical and translational research projects and audit outcomes. CONCLUSION Despite TBs being vital to oncologic practice, little attempt has been made to report TB data management. In this study, we present an efficient system that permits the integration of dual functions: TB data presentation and oncologic data collection for research, recall, and audit purposes.
Collapse
Affiliation(s)
- Mahalakshmi Rangabashyam
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
| | - Hide E. Wee
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
| | | | - Stefan Mueller
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
| | - Khairul A. B. A. Karim
- Clinical and Research Database Registry, Surgery Academic Clinical Program (ACP), Singapore General HospitalSingapore
| | | | | | - Kiattisa Sommat
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Yoke‐Lim Soong
- Duke‐NUS Medical SchoolSingapore
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Melvin L. K. Chua
- Duke‐NUS Medical SchoolSingapore
- Division of Radiation OncologyNational Cancer Centre SingaporeSingapore
| | - Gerald Tay
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
| | - Ngian ‐Chye Tan
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| | - Hiang Khoon‐ Tan
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| | - N. Gopalakrishna Iyer
- Division of Surgical OncologyNational Cancer Centre SingaporeSingapore
- SingHealth Duke‐NUS Head and Neck CentreSingapore General HospitalSingapore
- Department of General SurgerySingapore General HospitalSingapore
- Duke‐NUS Medical SchoolSingapore
| |
Collapse
|
|
87
|
Jalali MS, Bruckes M, Westmattelmann D, Schewe G. Why Employees (Still) Click on Phishing Links: Investigation in Hospitals. J Med Internet Res 2020; 22:e16775. [PMID: 32012071 PMCID: PMC7005690 DOI: 10.2196/16775] [Citation(s) in RCA: 31] [Impact Index Per Article: 7.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/23/2019] [Revised: 12/11/2019] [Accepted: 12/16/2019] [Indexed: 12/25/2022] Open
Abstract
Background Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients. Objective This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data. Methods We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrating trust theories. We then conducted a survey in hospitals and used structural equation modeling to investigate the components of compliance intention. We matched employees’ survey results with their actual clicking data from phishing campaigns. Results Our analysis (N=397) reveals that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, are positively related to compliance intention. However, compliance intention is not significantly related to compliance behavior. Only the level of employees’ workload is positively associated with the likelihood of employees clicking on a phishing link. Conclusions This is one of the few studies in information security and decision making that observed compliance behavior by analyzing clicking data rather than using self-reported data. We show that, in the context of phishing emails, intention and compliance might not be as strongly linked as previously assumed; hence, hospitals must remain vigilant with vulnerabilities that cannot be easily managed. Importantly, given the significant association between workload and noncompliance behavior (ie, clicking on phishing links), hospitals should better manage employees’ workload to increase information security. Our findings can help health care organizations augment employees’ compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links.
Collapse
Affiliation(s)
- Mohammad S Jalali
- Massachusetts General Hospital Institute for Technology Assessment, Harvard Medical School, Boston, MA, United States.,Massachusetts Institute of Technology Sloan School of Management, Cambridge, MA, United States
| | - Maike Bruckes
- Center for Management, University of Muenster, Muenster, Germany
| | | | - Gerhard Schewe
- Center for Management, University of Muenster, Muenster, Germany
| |
Collapse
|
|
88
|
Information Technology and Medical Technology Personnel's Perception Regarding Segmentation of Medical Devices: A Focus Group Study. Healthcare (Basel) 2020; 8:healthcare8010023. [PMID: 31973034 PMCID: PMC7151197 DOI: 10.3390/healthcare8010023] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/23/2019] [Revised: 01/16/2020] [Accepted: 01/19/2020] [Indexed: 11/25/2022] Open
Abstract
Objective: Segmentation is one way of improving data protection. The aim of this study was to investigate Information Technology (IT) and Medical Technology (MT) personnel’s perception in relation to ongoing segmentation of medical devices and IT infrastructure in the healthcare sector. Methods: Focus group interviews with 9 IT and 9 MT personnel in a county council in southern Sweden were conducted. The interviews focused on two areas: Positive expectations and misgivings. Digital recordings were transcribed verbatim and analyzed using qualitative content analysis. Results: Responses related to 2 main areas: Information security and implementation of segmentation. Informants stated that network segmentation would increase the overall level of cybersecurity for medical devices, addressing both insider and outsider threats. However, it would also increase the need for administration and the need for knowledge of the communication patterns of medical devices from the manufacturer’s perspective. Conclusion: IT and MT personnel in a county council in southern Sweden believed that segmentation would increase cybersecurity but also increase administration and resource needs, which are important opinions to take into consideration. The present study can be used as a model for others to increase awareness of opinions of healthcare organizations.
Collapse
|
|
89
|
Rutherford E, Noray R, Ó hEarráin C, Quinlan K, Hegarty A, Ekpotu L, Arize C, Fabamwo F, Alrubaiaan A, Bhupalan A, Alshehhi A, Power C, Hill ADK. Potential Benefits and Drawbacks of Virtual Clinics in General Surgery: Pilot Cross-Sectional Questionnaire Study. JMIR Perioper Med 2020; 3:e12491. [PMID: 33932277 PMCID: PMC7728406 DOI: 10.2196/12491] [Citation(s) in RCA: 13] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/12/2018] [Revised: 06/05/2019] [Accepted: 10/29/2019] [Indexed: 11/29/2022] Open
Abstract
Background Escalating demand for specialist health care puts considerable demand on hospital services. Technology offers a means by which health care providers may increase the efficiency of health care delivery. Objective The aim of this study was to conduct a pilot study of the feasibility, benefits, and drawbacks of a virtual clinic (VC) in the general surgical service of a busy tertiary center. Methods Patient satisfaction with current care and attitudes to VC were surveyed prospectively in the general surgical outpatient department (OPD; n=223). A subset of patients who had undergone endoscopy and day surgery were recruited to follow-up in a VC and subsequently surveyed with regard to their satisfaction (20/243). Other outcomes measured included a comparison of consultation times in traditional and virtual outpatient settings and financial cost to both patients and the institution. Results Almost half of the patients reported barriers to prospective use of VCs. However, within the cohort who had been followed-up in the VC, satisfaction was higher than the traditional OPD (100% as compared with 187/223, 83.9%). Significant savings in both time (P=.003) and financial costs to patients and the institution were found. Conclusions For an appropriately selected group of patients, VCs offer a viable alternative to traditional OPD. This alternative can improve both patient satisfaction and efficiency of patient care.
Collapse
Affiliation(s)
- Emily Rutherford
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Roghinio Noray
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Caolán Ó hEarráin
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Kevin Quinlan
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Aisling Hegarty
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Lenin Ekpotu
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Chinedum Arize
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Fiyinfoluwa Fabamwo
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | | | - Avinash Bhupalan
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Abdulla Alshehhi
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | - Colm Power
- Department of Surgery, Royal College of Surgeons in Ireland, Dublin, Ireland
| | | |
Collapse
|
|
90
|
Satti FA, Ali T, Hussain J, Khan WA, Khattak AM, Lee S. Ubiquitous Health Profile (UHPr): a big data curation platform for supporting health data interoperability. COMPUTING 2020; 102. [PMCID: PMC7437110 DOI: 10.1007/s00607-020-00837-2] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 05/02/2023]
Abstract
The lack of Interoperable healthcare data presents a major challenge, towards achieving ubiquitous health care. The plethora of diverse medical standards, rather than common standards, is widening the gap of interoperability. While many organizations are working towards a standardized solution, there is a need for an alternate strategy, which can intelligently mediate amongst a variety of medical systems, not complying with any mainstream healthcare standards while utilizing the benefits of several standard merging initiates, to eventually create digital health personas. The existence and efficiency of such a platform is dependent upon the underlying storage and processing engine, which can acquire, manage and retrieve the relevant medical data. In this paper, we present the Ubiquitous Health Profile (UHPr), a multi-dimensional data storage solution in a semi-structured data curation engine, which provides foundational support for archiving heterogeneous medical data and achieving partial data interoperability in the healthcare domain. Additionally, we present the evaluation results of this proposed platform in terms of its timeliness, accuracy, and scalability. Our results indicate that the UHPr is able to retrieve an error free comprehensive medical profile of a single patient, from a set of slightly over 116.5 million serialized medical fragments for 390,101 patients while maintaining a good scalablity ratio between amount of data and its retrieval speed.
Collapse
Affiliation(s)
- Fahad Ahmed Satti
- Ubiquitous Computing Lab, Department of Computer Engineering, Kyung Hee University, Global Campus, Yongin, South Korea
| | - Taqdir Ali
- Division of ICT, College of Science and Engineering, Hamad Bin Khalifa University (HBKU), Education City, Doha, Qatar
| | - Jamil Hussain
- Ubiquitous Computing Lab, Department of Computer Engineering, Kyung Hee University, Global Campus, Yongin, South Korea
| | - Wajahat Ali Khan
- College of Engineering and Technology, University of Derby, Markeaton Street, Derby, DE223AW UK
| | | | - Sungyoung Lee
- Ubiquitous Computing Lab, Department of Computer Engineering, Kyung Hee University, Global Campus, Yongin, South Korea
| |
Collapse
|
|
91
|
Alami H, Gagnon MP, Ag Ahmed MA, Fortin JP. Digital health: Cybersecurity is a value creation lever, not only a source of expenditure. HEALTH POLICY AND TECHNOLOGY 2019. [DOI: 10.1016/j.hlpt.2019.09.002] [Citation(s) in RCA: 17] [Impact Index Per Article: 3.4] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/24/2022]
|
|
92
|
Abstract
OBJECTIVE. As health care moves into a new era of increasing information vulnerability, radiologists should understand that they may be using systems that are exposed to altered data or data that contain malicious elements. This article explains the vulnerabilities of DICOM images and discusses requirements to properly secure these images from cyberattacks. CONCLUSION. There is an important need to properly secure DICOM images from attacks and tampering. The solutions described in this article will go a long way to achieving this goal.
Collapse
|
|
93
|
Kumar T, Braeken A, Jurcut AD, Liyanage M, Ylianttila M. AGE: authentication in gadget-free healthcare environments. INFORMATION TECHNOLOGY & MANAGEMENT 2019. [DOI: 10.1007/s10799-019-00306-z] [Citation(s) in RCA: 10] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/29/2022]
Abstract
Abstract
Mobile and sensor related technologies are significantly revolutionizing the medical and healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT /AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics based remote user authentication schemes.
Collapse
|
|
94
|
Abstract
INTRODUCTION Cardiac implantable electronic devices (CIEDs) integrate numerous automatic and monitor functions. Nowadays, most CIEDs are connected to the Internet (via Wi-Fi, Bluetooth or smartphone) to ensure remote monitoring of technical and clinical data: despite the importance of such a monitoring, especially from a clinical point of view, concerns have been raised about information (IT) security in terms of both privacy and security for CIEDs' carriers. AREAS COVERED This review will provide an outline of remote monitoring of CIEDs, main IT security issues that have affected them so far, main cybervulnerabilities and possible solutions. EXPERT OPINION Although there is no evidence that cyber-attacks have been carried out against any CIED so far, they may occur in the future. Cyber-attacks are usually aimed at stealing sensitive information or granting access to the IT systems to which CIEDs are connected; the possibility of an active reprogramming of CIEDs by cyber-attacks is extremely low. Political, regulatory, scientific, and clinical integration is essential to provide not only effective IT solutions for CIEDs and their carriers, but also for the development of educational programs; it should also promote cooperation between stakeholders in order to reduce the risk of CIEDs' cybervulnerability and increase patient safety.
Collapse
Affiliation(s)
- Cristian Martignani
- a Department of Experimental, Diagnostic and Specialty Medicine , S. Orsola Hospital , Bologna , Italy
| |
Collapse
|
|
95
|
Uwizeyemungu S, Poba-Nzaou P, Cantinotti M. European Hospitals' Transition Toward Fully Electronic-Based Systems: Do Information Technology Security and Privacy Practices Follow? JMIR Med Inform 2019; 7:e11211. [PMID: 30907732 PMCID: PMC6452275 DOI: 10.2196/11211] [Citation(s) in RCA: 6] [Impact Index Per Article: 1.2] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/02/2018] [Revised: 11/29/2018] [Accepted: 12/29/2018] [Indexed: 11/13/2022] Open
Abstract
BACKGROUND Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources. OBJECTIVE In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems. METHODS Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system. RESULTS A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level. CONCLUSIONS Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations.
Collapse
Affiliation(s)
- Sylvestre Uwizeyemungu
- Accounting Department, Université du Québec à Trois-Rivières, Trois-Rivières, QC, Canada
| | - Placide Poba-Nzaou
- Department of Organization and Human Resources Management, École des Sciences de la Gestion, Université du Québec à Montréal, Montréal, QC, Canada
| | - Michael Cantinotti
- Psychology Department, Université du Québec à Trois-Rivières, Trois-Rivières, QC, Canada
| |
Collapse
|
|
96
|
Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments. SENSORS 2019; 19:s19051114. [PMID: 30841592 PMCID: PMC6427746 DOI: 10.3390/s19051114] [Citation(s) in RCA: 36] [Impact Index Per Article: 7.2] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/30/2018] [Revised: 02/16/2019] [Accepted: 02/27/2019] [Indexed: 11/29/2022]
Abstract
Medical Cyber-Physical Systems (MCPS) hold the promise of reducing human errors and optimizing healthcare by delivering new ways to monitor, diagnose and treat patients through integrated clinical environments (ICE). Despite the benefits provided by MCPS, many of the ICE medical devices have not been designed to satisfy cybersecurity requirements and, consequently, are vulnerable to recent attacks. Nowadays, ransomware attacks account for 85% of all malware in healthcare, and more than 70% of attacks confirmed data disclosure. With the goal of improving this situation, the main contribution of this paper is an automatic, intelligent and real-time system to detect, classify, and mitigate ransomware in ICE. The proposed solution is fully integrated with the ICE++ architecture, our previous work, and makes use of Machine Learning (ML) techniques to detect and classify the spreading phase of ransomware attacks affecting ICE. Additionally, Network Function Virtualization (NFV) and Software Defined Networking (SDN)paradigms are considered to mitigate the ransomware spreading by isolating and replacing infected devices. Different experiments returned a precision/recall of 92.32%/99.97% in anomaly detection, an accuracy of 99.99% in ransomware classification, and promising detection and mitigation times. Finally, different labelled ransomware datasets in ICE have been created and made publicly available.
Collapse
|