BIS 2013: Business Information Systems Workshops pp 89-99 | Cite as
Policy Conflict Handling as a Monitoring Activity of Hospital Information Systems
Abstract
Alignment of business and IT is a serious challenge in enterprises due to continuously changing business environments and at the same time changing organizational IT infrastructures. The same challenges can be detected in health information technology accompanied by domain-specific information security demands regarding the access to patient-related information and medical data. The paper addresses a specific aspect in this area, which is of high relevance for business and IT alignment: how to define and apply policies as means to translate organizational requirements into guidelines and rules in IT management. The scope of the paper is limited to hospital information systems and policies in information security. The main contributions of this paper are (1) to present a case study from hospital information security confirming the need for supporting policy implementation, (2) to identify and describe the problem of policy conflict management as part of IT and business alignment, and (3) to define the research design for addressing this problem from a design science perspective.
Keywords
E-health hospital intra-enterprise policy conflict policy compliance verification information security design science case studyPreview
Unable to display preview. Download preview PDF.
References
- 1.Seigerroth, U.: Enterprise Modeling and Enterprise Architecture: The Constituents of Transformation and Alignment of Business and IT. IJITBAG 2(1), 16–34 (2011)Google Scholar
- 2.Woitsch, R., Karagiannis, D., Plexousakis, D., Hinkelmann, K.: Business and IT alignment: the IT-Socket. e & i Elektrotechnik und Informationstechnik 126(7–8), 308–321 (2009)CrossRefGoogle Scholar
- 3.Krogstie, J.: Model-Based Development and Evolution of Information Systems - A Quality Approach. Springer, London (2012)CrossRefGoogle Scholar
- 4.Haas, P., Kuhn, K.A.: Hospital Information Systems. In: Kramme, R., Hoffmann, K.-P., Pozos, R.S. (eds.) Springer Handbook of Medical Technology, pp. 1095–1118. Springer, Heidelberg (2011)CrossRefGoogle Scholar
- 5.Haux, R.: Health information systems–past, present, future. International Journal of Medical Informatics 75(3-4), 268–281 (2006)CrossRefGoogle Scholar
- 6.Brigl, B., Ammenwerth, E., Dujat, C., Gräber, S., Große, A., Häber, A., Jostes, C., Winter, A.: Preparing strategic information management plans for hospitals: a practical guideline. SIM plans for hospitals: a guideline. International Journal of Medical Informatics 74(1), 51–65 (2005)CrossRefGoogle Scholar
- 7.Wies, R.: Policies in Network and Systems Management – Formal Definition and Architecture. Journal of Network and Systems Management 2(1), 63–83 (1994)CrossRefGoogle Scholar
- 8.Caumanns, J., Kuhlisch, R., Pfaff, O., Rode, O.: IHE IT-Infrastructure White Paper: Access Control. IHE International (September 2009)Google Scholar
- 9.IHE IT Infrastructure Technical Framework: Volume 1 (ITI TF-1): Integration Profiles. IHE International, 9.0 (August 2012)Google Scholar
- 10.Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems 24(3), 45–78 (2007)CrossRefGoogle Scholar
- 11.Flyvbjerg, B.: Case Study. In: Denzin, N.K., Lincoln, Y.S. (eds.) The Sage Handbook of Qualitative Research, 4th edn., pp. 301–316. Sage Publications Ltd. (2011)Google Scholar
- 12.Winter, R.: Design science research in Europe. European Journal of Information Systems 17(5), 470–475 (2008)CrossRefGoogle Scholar
- 13.Hevner, A.R., March, S.T., Park, J., Ram, S.: Design Science in Information Systems Research. MIS Quarterly 28(1), 75–105 (2004)Google Scholar
- 14.Benbasat, I., Goldstein, D.K., Mead, M.: The Case Research Strategy in Studies of Information Systems. MIS Quarterly 11(3), 369–386 (1987)CrossRefGoogle Scholar
- 15.Klein, H.K., Myers, M.D.: A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems. MIS Quarterly 23(1), 67–88 (1999)CrossRefGoogle Scholar
- 16.Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empirical Software Engineering 14(2), 131–164 (2009)CrossRefGoogle Scholar
- 17.Singer, J., Sim, S.E., Lethbridge, T.C.: Software Engineering Data Collection for Field Studies. In: Shull, F., Singer, J., Sjberg, D.I.K. (eds.) Guide to Advanced Empirical Software Engineering, pp. 9–34. Springer London, London (2008)CrossRefGoogle Scholar
- 18.Conference of the Data Protection Commissioners of the Federation and the Federal Länder: Orientierungshilfe Krankenhausinformationssysteme, in Datenschutzkonforme Gestaltung und Nutzung von Krankenhausinformationssystemen, Würzburg (2011)Google Scholar
- 19.Moffett, J.D., Sloman, M.S.: Policy Conflict Analysis in Distributed System Management. Journal of Organizational Computing 4(1), 1–22 (1994)CrossRefGoogle Scholar
- 20.Kempter, B., Danciu, V.: Generic Policy Conflict Handling Using a priori Models. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 84–96. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 21.Bonatti, P.A., di Vimercati, S.D.C., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 5(1), 1–35 (2002)CrossRefGoogle Scholar
- 22.Cabinet Office, IT Infrastructure Library, Official ITIL® Website (May 11, 2012), http://www.itil-officialsite.com/ (accessed: March 26, 2013)