• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>BMC Medical Informatics and Decision Making >Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
【24h】

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

机译:全面的用户需求工程方法论,用于安全,可互操作的健康数据交换

获取原文
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients’ and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three?pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.
机译:随着网络犯罪数量的增加,医疗保健数字化的增加。这导致患者和医疗保健提供者对采用健康信息技术(HIT)表示怀疑。在欧洲,此缺点妨碍了有效的跨境健康数据交换,这需要一个整体,安全和可互操作的框架。这项研究旨在为在KONFIDO项目范围内进行的欧盟(EU)内跨境卫生数据交换设计安全且可互操作的工具包提供基础。特别是,我们介绍了用户需求工程方法和获得的结果,从而推动了KONFIDO工具包的技术设计。我们的方法基于四个支柱:(a)差距分析研究,审查有关HIT互操作性和网络安全的一系列相关项目/倡议,技术以及网络安全策略; (b)在该项目的三个试点国家确定用户方案,主要侧重于跨境卫生数据交换; (c)用户需求启发阶段,其中包含对用户场景中所涉及业务流程的威胁分析,以及(d)与主要利益相关者进行调查和讨论,旨在验证获得的结果并确定与网络安全相关的采用HIT的障碍和促进者和互操作性。根据差距分析的结果,目前尚未普遍达到完全遵守信息安全标准的要求。应该定义可持续性计划,以使现有/不断发展的框架适应最新技术水平。总体而言,明确发现缺乏整体安全方法的集成。对于每种用户场景,我们以全面的工作流程作为结束,重点介绍了在我们的试验站点中应用它们所面临的挑战和未解决的问题。威胁分析得出了总共30个用户目标的集合,并有详细记录。最后,HIT接受的指示性障碍包括对HIT风险和法规的认识不足,缺乏以安全为导向的文化和管理承诺以及可用性限制,而重要的推动者则关注标准的采用和当前为制定共同的欧盟法规所做的努力框架。我们的研究为解决安全和可互操作的健康数据交换提供了重要的见识,而我们的方法框架则构成了研究卫生部门与网络安全相关的各种风险的范例。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号