The health information system security threat lifecycle: An informatics theory

International Journal of Medical Informatics

Volumn 78, Issue 12, 2009, Pages 815-826

  Fernando, Juanita I ^a   Dawson, Linda L ^a  

^a MONASH UNIVERSITY   (Australia)

Author keywords

Data security; Health information; Hospital information system; Informatics; Information protection; Information system; Medical informatics; Privacy

Indexed keywords

DATA SECURITY; HEALTH INFORMATIONS; HOSPITAL INFORMATION SYSTEMS; INFORMATION PROTECTION; MEDICAL INFORMATICS;

DATA PRIVACY; HEALTH; HEALTH RISKS; INFORMATION SYSTEMS; INFORMATION USE; LAWS AND LEGISLATION; NETWORK SECURITY; RESEARCH; SECURITY SYSTEMS;

HOSPITALS;

ARTICLE; AUSTRALIA; CLINICAL PRACTICE; COMPUTER SECURITY; HOSPITAL ADMISSION; LEGAL ASPECT; MEDICAL INFORMATICS; MEDICAL INFORMATION SYSTEM; PATIENT CARE; PRIORITY JOURNAL; PRIVACY; PRODUCTIVITY; PUBLIC HOSPITAL; TEACHING HOSPITAL; WORK ENVIRONMENT;

ATTITUDE OF HEALTH PERSONNEL; COMPUTER SECURITY; CONFIDENTIALITY; HOSPITAL INFORMATION SYSTEMS; HUMANS; INFORMATION SYSTEMS; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PHYSICIAN'S PRACTICE PATTERNS;

EID: 71549166995     PISSN: 13865056     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijmedinf.2009.08.006     Document Type: Article

References (63)

1. CEN/TC 251, Guidance [web page] 2006 5 June 2004, Available from: (cited 5.10.06).
2. Southeast Wyoming Telehealth Network (SEWTON) SWTN, Telemedicine terminology, 2008, Available from: (cited July 4.07.09).
3. Fernando J. Factors that have contributed to a lack of integration in health information system security. JITH 2 5 (2004) 313-328
4. Cheong I. Privacy and security of personal health information. Inform. Prim. Care (1996) March 15-9
5. Paterson M. Freedom of Information and Privacy in Australia: Government and Information Access in the Modern State (2005), LexisNexis Butterworths, Chatswood, NSW
6. Fernando J., and Dawson L. Clinician assessments of workplace security training-an informatics perspective. eJHI 3 1 (2008) e7
7. Ammenwerth E., Schnell-Inderst P., Machan C., and Siebert U. The effect of electronic prescribing on medication errors and adverse drug events: a systematic review. J. Am. Med. Inform. Assoc. 15 5 (2008) 585-600
8. Garg A., Adhikari N., McDonald H., Roses-Arellano M., Devereaux P., and Beyene J. Effects of computerized clinical decision support systems on practitioner performance and patient outcomes: a systematic review. JAMA 293 10 (2005) 1223-1238
9. Hersh W., and Helfand M.J.W. A systematic review of the efficacy of telemedicine for making diagnostic and management decisions. J. Telemed. Telecare 8 (2002) 197-209
10. Koppel R., Wetterneck T., Telles J.L., and Karsh B.-T. Workarounds to barcode medication administration systems: their occurrences, causes, and threats to patient safety. J. Am. Med. Inform. Assoc. (2008) M2616
11. Kripalani S., LeFevre F., Phillips C.O., Williams M.V., Basaviah P., and Baker D.W. Deficits in communication and information transfer between hospital-based and primary care physicians: implications for patient safety and continuity of care. JAMA 297 8 (2007) 831-841
12. Ash J.S., Sittig D.F., Dykstra R., Campbell E., and Guappone K. The unintended consequences of computerized provider order entry: findings from a mixed methods exploration. Int. J. Med. Inform. 78 Suppl. 1 (2009) 69-76
13. Balka E., Doyle-Waters M., Lecznarowicz D., and FitzGerald J.M. Technology, governance and patient safety: systems issues in technology and patient safety. Int. J. Med. Inform. 76 Suppl. 1 (2007) 35-47
14. Collmann J., and Cooper T. Breaching the security of the Kaiser Permanente Internet Patient Portal: the organizational foundations of information security. J. Am. Med. Inform. Assoc. 14 2 (2007) 239-243
15. Georgiou A., Westbrook J., Braithwaite J., Iedema R., Ray S., Forsyth R., Dimos A., and Germanos T. When requests become orders-a formative investigation into the impact of a computerized physician order entry system on a pathology laboratory service. Int. J. Med. Inform. 76 8 (2007) 583-591
16. Han Y.Y., Carcillo J.A., Venkataraman S.T., Clark R.S.B., Watson R.S., Nguyen T.C., Bayir H., and Orr R.A. Unexpected increased mortality after implementation of a commercially sold Computerized Physician Order Entry system. Pediatrics 116 6 (2005) 1506-1512
17. Koppel R., Metlay J.P., Cohen A., Abaluck B., Localio A.R., Kimmel S.E., and Strom B.L. Role of computerized physician order entry systems in facilitating medication errors. JAMA 293 10 (2005) 1197-1203
18. Kushniruk A.W., Triola M.M., Borycki E.M., Stein B., and Kannry J.L. Technology induced error and usability: the relationship between usability problems and prescription errors when using a handheld application. Int. J. Med. Inform. 74 7-8 (2005) 519-526
19. McAlearney A.S., Chisolm D.J., Schweikhart S., Medow M.A., and Kelleher K. The story behind the story: physician skepticism about relying on clinical information technologies to reduce medical errors. Int. J. Med. Inform. 76 11-12 (2007) 836-842
20. NEHTA, Privacy blueprint on unique healthcare identifiers-report on feedback [homepage on the internet-report] 2007 14/5/2009, Resource type: context and strategic direction. Available from: (cited 3.07.09).
21. D.J. Protti, The use of computers in health care can reduce errors, improve patient safety, and enhance the quality of service-there is evidence, 2005, Available from: (cited 3.07.09).
22. Timmons S. Nurses resisting information technology. Nurs. Inq. 10 4 (2003) 257-269
23. K. Bisset, Unscripted errors [news story] 2006, Available from: (cited 3.07.09).
24. Black R., Woolman P., and Kinsella J. Variation in the transcription of laboratory data in an intensive care unit. Anaesthesia 59 8 (2004) 767-769
25. Rodriguez-Vera J.F., Marin Y., Sanchez A., Borrachero C., and Pujol E. Illegible handwriting in medical records. J. R. Soc. Med. 95 (2002) 545-546
26. Ash J.S., Sittig D.F., Dykstra R.H., Guappone K., Carpenter J.D., and Seshadri V. Categorizing the unintended sociotechnical consequences of computerized provider order entry. Int. J. Med. Inform. 76 Suppl. 1 (2007) 21-27
27. Nichols P., Copeland T.-S., Craib I.A., Hopkins P., and Bruce D.G. Learning from error: identifying contributory causes of medication errors in an Australian hospital. eMJA 188 5 (2008) 276-279
28. Ash J.S., Berg M., and Coiera E. Some unintended consequences of information technology in health care: the nature of patient-care information system-related errors. J. Am. Med. Inform. Assoc. 11 2 (2004) 104-112
29. Campbell E., Sittig D.F., Ash J.S., Guappone K.P., and Dykstra R.H. Types of unintended consequences related to computerised provider order entry. J. Am. Med. Inform. Assoc. 13 5 (2006) 547-557
30. J. Nielsen, Medical usability: how to kill patients through bad design, Alertbox 2005 April 11 2005, eNewsletter, Available from: (cited 3.07.09).
31. Westbrook J.I., Braithwaite J., Georgiou A., Ampt A., Creswick N., Coiera E., and Iedema R. Multimethod evaluation of information and communication technologies in health in the context of wicked problems and sociotechnical theory. J. Am. Med. Inform. Assoc. 14 6 (2007) 746-755
32. NEHTA, Interoperability maturity model ver 1.0. 2007 [excerpt from home page] 26 March 2007, Available from: (cited 3.07.09).
33. Post G.V., and Kagan A. Evaluating information security tradeoffs: restricting access can interfere with user tasks. Comput. Secur. 26 3 (2007) 229-237
34. Vogelsmeier A.A., Halbesleben J.R.B., and Scott-Cawiezell J.R. Technology implementation and workarounds in the nursing home. J. Am. Med. Inform. Assoc. 15 1 (2008) 114-119
35. C. Bartlett, K. Boehncke, M. Haikerwal, E-health: enabler for Australia's health reform v.2.0 (Discussion paper) [pdf file] 2008, p. 66. Available from: (cited 2.07.09).
36. KPMG for NSW Health, HealtheLink Electronic Health Record Pilot evaluation-summary report [pdf file] 2008 1 September 2008 government report, Available from: (cited 2.07.09).
37. Medlin B.D., and Cazier J.A. An empirical investigation: health care employee passwords and their crack times in relationship to HIPAA security standards. Int. J. Health Care Inform. Syst. Informatics 2 3 (2007) 39-48
38. Williams P. When trust defies commons sense. Health Informatics J. 14 3 (2008) 211-221
39. The Boston Consulting Group. National health information management and information and communications technology strategy (8 April, 2004), National Health Information Group (NHIG) and Australian health Information Council
40. Chaudhry B., Wang J., Wu S., Maglione M., Mojica W., Roth E., Morton S.C., and Shekelle P.G. Systematic review: impact of health information technology on quality, efficiency, and costs of medical care. Ann. Intern. Med. 144 10 (2006) 742-752
41. Fassett M.J., Hannan T.J., Robertson I.K., Bollipo S.J., and Fassett R.G. A national survey of medical morning handover report in Australian hospitals. eMJA 187 3 (2007) 164-165
42. Amarasingham R., Pronovost P.J., Diener-West M., Goeschel C., Dorman T., Thiemann D.R., and Powe N.R. Measuring clinical information technology in the ICU setting: application in a quality improvement collaborative. J. Am. Med. Inform. Assoc. 14 3 (2007) 288-294
43. Ralston J.D., Carrell D., Reid R., Anderson M., Moran M., and Hereford J. Patient web services integrated with a shared medical record: patient use and satisfaction. J. Am. Med. Inform. Assoc. 14 6 (2007) 798-806
44. M. Haikerwal, Patient privacy must be governed by a unified national system [news] 2006 28 October 2006, Available from: (cited 4.07.09).
45. Standards Australia, HB 174 2003: information security management-implementation guide for the health sector-the key controls, Standards Australia, 2006.
46. Bryan C.S. What is the Oslerian tradition?. Ann. Intern. Med. 120 8 (1994) 682-687
47. Siegler M. A legacy of Osler. Teaching clinical ethics at the bedside. JAMA 239 10 (1978) 951-956
48. G. O'Grady, J. Koea, T. Koelmeyer, The system and method of medicine [Home page on the internet] 2006, Available from: (cited 2.07.09).
49. Piccini J.P., and Nilsson K.R. The Osler Medical Handbook. 2nd ed. (2006), Mosby: The Johns Hopkins Hospital, Philadelphia, PA
50. O'Rourke M.F. William Osler: a model for the 21st century? Osler's teachings are as relevant now as they were 100 years ago. eMJA (1999) 577-579
51. S. Hinohara, Olser in Japan, Osler Library Newsletter, 1984, pp. e1-2, Available from: (cited 4.07.09).
52. Irvine D.H. Everyone is entitled to a good doctor. eMJA (2007) 256-261
53. A. Thomas, Walker-Smith JC-p, Osler Club of London, January 6 2008, Available from: (cited 3.07.09).
54. J. Fernando, An analysis of current clinician security practices while using health information systems security, Melbourne, Monash, Unpublished Ph.D. Thesis, 2008.
55. Yin R.K. Case Study Research: Design and Methods. 3 ed. (2003), Sage Publications, Thousand Oaks, CA
56. Pope C., and Mays N. Reaching the parts the other methods cannot reach: an introduction to qualitative methods in health and health services research. BMJ 3 11 (1995) 42-45
57. Adamson J., Gobberman-Hill R., Woolhead G., and Donovon J. 'Questerviews': using 'questerviews' in qualitative interviews as a method of integrating qualitative and quantitaive health services research. J. Health Serv. Res. Policy 9 3 (2004) 139-145
58. HL7 Inc., HL7 reference information model becomes ISO standard [pdf] 2006 18 September, Available from: (cited 4.07.09).
59. HL7, HL7 Version 3 (Draft), 2003, Available from: (cited 4.07.09).
60. Glaser B.G. The future of grounded theory. QHR 9 6 (1999) 836-846
61. Miles M.B., and Huberman A.M. Qualitative Data Analysis: An Expanded Sourcebook. 2nd ed. (1994), Sage Publications, Thousand Oaks
62. Charmaz K. Constructing Grounded Theory: A Practical Guide Through Qualitative Analysis (2006), Sage, Thousand Oaks, CA
63. Urquhart C., and Fernandez W. Grounded theory method: the researcher as blank slate and other myths. Twenty-Seventh International Conference on Information Systems. Milwaukee, USA (2006) 457-464