OpenLB
Open Library of Bioscience
Advanced Search
BMC medical informatics and decision making
10 16, 2018;18 (1): 85.

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange.

Pantelis Natsiavas, Janne Rasmussen, Maja Voss-Knude, Κostas Votis, Luigi Coppolino, Paolo Campegiani, Isaac Cano, David Marí, Giuliana Faiella, Fabrizio Clemente, Marco Nalin, Evangelos Grivas, Oana Stan, Erol Gelenbe, Jos Dumortier, Jan Petersen, Dimitrios Tzovaras, Luigi Romano, Ioannis Komnios, Vassilis Koutkias
Author Information
  1. Pantelis Natsiavas: Institute of Applied Biosciences, Centre for Research & Technology Hellas, Thermi, Thessaloniki, Greece. ORCID
  2. Janne Rasmussen: MedCom, Odense, Denmark.
  3. Maja Voss-Knude: Sundhed.dk, Copenhagen, Denmark.
  4. Κostas Votis: Information Technologies Institute, Centre for Research & Technology Hellas, Thermi, Thessaloniki, Greece. ORCID
  5. Luigi Coppolino: Department of Engineering, University of Naples "Parthenope", Naples, Italy. ORCID
  6. Paolo Campegiani: Bit4id S.r.l, Naples, Italy.
  7. Isaac Cano: IDIBAPS, Hospital Clinic de Barcelona, Universitat de Barcelona, Barcelona, Spain. ORCID
  8. David Marí: eHealth R&D Unit, EURECAT, Barcelona, Spain.
  9. Giuliana Faiella: Fondazione Santobono Pausilipon, Naples, Italy.
  10. Fabrizio Clemente: Fondazione Santobono Pausilipon, Naples, Italy. ORCID
  11. Marco Nalin: Telbios S.r.l, Milan, Italy.
  12. Evangelos Grivas: Eulambia Advanced Technologies Ltd, Athens, Greece. ORCID
  13. Oana Stan: CEA, LIST, Point Courrier 172, 91191, Gif-sur-Yvette Cedex, France.
  14. Erol Gelenbe: Department of Electrical and Electronic Engineering, Imperial College of Science, Technology and Medicine, London, UK. ORCID
  15. Jos Dumortier: Time.lex, Brussels, Belgium.
  16. Jan Petersen: MedCom, Odense, Denmark.
  17. Dimitrios Tzovaras: Information Technologies Institute, Centre for Research & Technology Hellas, Thermi, Thessaloniki, Greece. ORCID
  18. Luigi Romano: Department of Engineering, University of Naples "Parthenope", Naples, Italy. ORCID
  19. Ioannis Komnios: Exus Software Ltd, London, UK. ORCID
  20. Vassilis Koutkias: Institute of Applied Biosciences, Centre for Research & Technology Hellas, Thermi, Thessaloniki, Greece. vkoutkias@certh.gr. ORCID
PMID: 30326890 DOI: 10.1186/s12911-018-0664-0

Abstract

BACKGROUND: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit.
METHODS: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability.
RESULTS: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework.
CONCLUSIONS: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.

Keywords

Barriers and facilitators for HIT acceptance Cross-border health data exchange Cybersecurity Digital health Gap analysis Health information technologies (HIT) Interoperability User requirements engineering

References

  1. BMC Med Inform Decis Mak. 2017 Jul 5;17(1):97 [PMID: 28679423]
  2. Stud Health Technol Inform. 2015;210:617-21 [PMID: 25991222]
  3. Circ Cardiovasc Qual Outcomes. 2017 Sep;10(9):null [PMID: 28912202]
  4. Sci Rep. 2018 Jun 25;8(1):9653 [PMID: 29941976]
  5. Inform Health Soc Care. 2018 Dec;43(4):379-389 [PMID: 28920708]

MeSH Term

Computer Security
Data Collection
Europe
Humans
Medical Informatics
Workflow
Journal Article Research Support, Non-U.S. Gov't
Article has an altmetric score of 8

Word Cloud

Created with Highcharts 10.0.0healthHITuserdataexchangeanalysissecureinteroperablerequirementscross-borderframeworkstudyengineeringmethodologycybersecurityfacilitatorslackhealthcareresultsHealthholistictoolkitEUKONFIDOprojectobtainedgaptechnologieswellinteroperabilityscenariosthreatoutcomesbarriersadoptioninformationsecuritystandardsacceptancerisksimportantBACKGROUND:Increaseddigitalizationcomesalongcostcybercrimeproliferationpatients'providers'skepticismadoptInformationTechnologiesEuropeshortcominghampersefficientrequiresaimedprovidefoundationsdesigningwithinEuropeanUnionconductedscopeParticularlypresentdrivingtechnicaldesignMETHODS:reliedfourpillars:reviewingrangerelevantprojects/initiativesstrategiesbdefinitionmajorfocusthree pilotcountriescelicitationphasecontainingbusinessprocessesentaileddsurveyingdiscussingkeystakeholdersaimingvalidateidentifylinkedRESULTS:AccordingfulladherencecurrentlyuniversallymetSustainabilityplansshalldefinedadaptingexisting/evolvingframeworksstate-of-the-artOverallintegrationapproachclearlyidentifiedscenarioconcludedcomprehensiveworkflowhighlightingchallengesopenissuesapplicationpilotsitesresultedset30goalstotaldocumenteddetailFinallyindicativeincludeawarenessregardinglegislationssecurity-orientedculturemanagementcommitmentusabilityconstraintsconcerncurrenteffortscommonlegislationCONCLUSIONS:providesinsightsaddressmethodologicalconstitutesparadigminvestigatingdiversecybersecurity-relatedsectorComprehensiveBarriersCross-borderCybersecurityDigitalGapInteroperabilityUser

Similar Articles

Cited By