Managing security and privacy issues while re-engineering the healthcare enterprise

Abstract

Healthcare providers today perceive the adoption and utilization of information technology (IT) as vital to their success in the marketplace. The extent to which security and privacy issues are addressed in this process can influence the public's perception of an organization. Within healthcare organizations the process of adopting IT and re-engineering the organization is one that must not fail, as to fail in such a process is to expose people to the risk of death, or at least loss of personal information. It is vital then that, when re-engineering in the medical sector, we ensure that confidentiality, security and safety polices are not compromised. Recent medical information system failures have shown that the process of adoption and utilization of IT is far from easy. This has sparked a research debate into why systems development and re-engineering activities are failing. It is, therefore, vital that we develop techniques that allow us: (1) to explore and define how an information system is going to change the organization's structure and behaviour; and (2) to demonstrate that the re-engineered structures are still in-line with regard to the privacy, confidentiality and security policies of the enterprise.