Foreword E-HEALTH SECTOR

E-health sector

When applying the method within the e-health sector it is recommended that best practice processes be developed for two areas of interest: 

Managing the stakeholder model

A recommendation is that the stakeholder model is managed and maintained by a government department or a dedicated body, representing the sector being managed.  It is acknowledged that this is an enormous and difficult task, which may take a very long time to achieve. However, making identity management “completely effective” may require this approach. There are many issues to take into account, such as security, privacy, data protection, inter-relationships and interoperability between the many institutions that need to be involved. It is envisaged that the FIDIS Best Practice Method will assist in this task.

Best practice within individual institutions

Within different institutions best practice processes will be similar. Such institutions include hospitals, medical councils and health authorities. These are broadly shown within the stakeholder model in Figure 8. 

Figure 8 

The actions which need to be addressed, when managing the stakeholder model, and by the individual institutions are listed below. 

Requirements Domain

Identity management activities:

1. Develop a stakeholder model 

2. Specify interoperability activities, which should include: 

1. What information is required

2. Where the information is to be delivered

3. When is the information to be delivered

4. Information resources, their origin and interoperability uses 

5. Legal issues to be addressed  

6. Roles and responsibilities of personnel 

7. Incentives 

8. Processes and procedures to be adopted 

9. Technologies to be applied  

10. Audit and control methods required 

11. Quality levels to be adopted  

12. Standards to be applied  

13. Change management 

Management activities: 

1. 1. Develop a strategy for managing and maintaining interoperability activities 

   2. Specify risk assessments to be performed 

   3. Decisions to be made on such topics as:  

      1.    Security

      2.    Processes for performing analyses

      3.    Processes for delivering information

      4.    Management tools, techniques and procedures to be employed

         1. Specify information, roles and responsibilities, processes and technologies to manage the resources 

Business modelling domain

1. Develop models, similar to that shown in Figure 9, to represent the interoperability processes: 

1. Activities within and between institutions 

1. Application of technologies  

2. Information resources and flows 

1. Trigger events and their impact on  interoperability

1. Document interoperability processes including: 

1. Work procedures and tasks 

2. Roles and responsibilities of personnel 

3. Audit and control points 

Figure 9 

Information management principles domain

Information: 

1. Information to be collected, analysed, distributed, stored and maintained includes: 

   1.    Identity parameters

   2.    Personal details

   3.    Laws

   4.    Regulations

   5.    Intelligence reports

   6.    Behaviour profiles

Duty of Care: 

1. All personnel should be aware of their legal obligations  

2. Procedures should be documented to assist staff in their work 

3. Perform training for staff 

4. Understand laws and regulations 

5. Specify liaison between stakeholders    

6. Specify the roles and responsibilities of staff  

Processes and procedures: 

1. Specify and document all interoperability processes and procedures including:

   1.    Introducing the changes (evangelisation, training, overcoming the resistances, etc.)

   2.    Creating and monitoring rules and regulations

   3.    Identity procedures

   4.    Investigation procedures

   5.    Recovery and correction procedures

Enabling technologies: 

1. Identify, assess and apply appropriate technologies to support and enable interoperability processes and procedures 

2. Establishes procedures to monitor and control potential exposure to risks arising from the misuse or failure of its computer systems 

3. Develop electronic versions of policies, processes, procedures and reference material on the institution’s computer network to allow access by relevant staff, at the appropriate level of security. 

Audit: 

1. The positioning of audit points should be specified and agreed 

2. The audit methods at each audit point should be documented 

3. The nature and frequency of audit to ensure compliance should be documented 

System Domain

All of the above domains and their components should assist with creating the specification and requirements for any specified computer or manual identity management system in terms of processes, information and personnel requirements.

Mapping best practice procedures

1.  

   The information may be mapped onto the models as well as onto a matrix. Table 3 shows a typical matrix for developing best practice within the e-health sector as discussed above; one axis being the five principles of information management and the other axis being the stakeholders. 

    

   The information may be mapped onto the models as well as onto a matrix. Table 3 shows a typical matrix for developing best practice within the e-health sector as discussed above; one axis being the five principles of information management and the other axis being the stakeholders. 

Table 3