Information Security when Integrating Actors in Health Care Processes
There is a growing interest within organisations today to focus on the core processes, i.e. the processes that create value for the intended customer, in order to stay compatible within the ever-fiercer competition. To have full control of the key processes may be a great step forward towards a more lean and effective organisation, not only for profit seeking companies but also for public welfare institutions like health care. Software aimed at supporting a process focus is continuously being developed and one such family of programs is commonly referred to as process managers.A process manager lets the people in an organisation who have complete knowledge of the processes model these without requiring them to have expert knowledge of computers and programming. Once a process has been defined graphically according to a predefined modelling language, it can be deployed and monitored. The process manager software takes care of the routing of messages between actors, both human as well as non-human (e.g. other applications), and it drives the individual errand forward according to how the process flow has been defined in the model. However, applying a process manager approach in health care processes requires a certain amount of caution. Messages sent between actors in health care organisations are often of a delicate nature since they may contain sensitive information, such as illness, mental state, family situation and similar, that is related to an identifiable individual. There are also other aspects of security that need to be addressed besides the confidentiality aspect. For example, it must be guaranteed that the information is correct and not altered during transfer, the information must be available when needed and it should be possible to trace a message to its sender, among other things.This work identifies a set of security requirements from the literature that need to be fulfilled in health care organisations when applying a process manager approach. With these requirements as a basis, a process manager system is evaluated with regards to security and the conclusion is that future versions need improvement on some points. Future work is also suggested that could help to explore the area further.
School:Högskolan i Skövde
Source Type:Master's Thesis
Keywords:security process managers health care processes
Date of Publication:02/15/2008