Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data ex...

ver descrição completa

Detalhes bibliográficos
Autores: Natsiavas, Pantelis, Rasmussen, Janne, Voss Knude, Maja, Votis, Kostas, Coppolino, Luigi, Campegiani, Paolo, Cano Franco, Isaac, Mari, David, Faiella, Giuliana, Clemente, Fabrizio, Nalin, Marco, Grivas, Evangelos, Stan, Oana, Gelenbe, Erol, Dumortier, Jos, Petersen, Jan, Tzovaras, Dimitrios, Romano, Luigi, Komnios, Ioannis, Koutkias, Vassilis
Formato: artículo
Estado:Versión publicada
Fecha de publicación:2018
País:España
Recursos:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:2445/177038
Acesso em linha:https://hdl.handle.net/2445/177038
Access Level:acceso abierto
Palavra-chave:Seguretat informàtica
Interoperabilitat en xarxes d'ordinadors
Digitalització
Computer security
Internetworking (Telecommunication)
Digitization
id ES_42e35715606ac487d22eb4e15470d710
oai_identifier_str oai:recercat.cat:2445/177038
network_acronym_str ES
network_name_str España
repository_id_str
spelling Comprehensive user requirements engineering methodology for secure and interoperable health data exchangeNatsiavas, PantelisRasmussen, JanneVoss Knude, MajaVotis, KostasCoppolino, LuigiCampegiani, PaoloCano Franco, IsaacMari, DavidFaiella, GiulianaClemente, FabrizioNalin, MarcoGrivas, EvangelosStan, OanaGelenbe, ErolDumortier, JosPetersen, JanTzovaras, DimitriosRomano, LuigiKomnios, IoannisKoutkias, VassilisSeguretat informàticaInteroperabilitat en xarxes d'ordinadorsDigitalitzacióComputer securityInternetworking (Telecommunication)DigitizationBackground: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Methods: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. Results: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Conclusions: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.BioMed Central2021202120182021info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersion16 p.application/pdfhttps://hdl.handle.net/2445/177038Articles publicats en revistes (Medicina)reponame:Recercat. Dipósit de la Recerca de Catalunyainstname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)InglésReproducció del document publicat a: https://doi.org/10.1186/s12911-018-0664-0BMC Medical Informatics and Decision Making, 2018, vol. 18, num. 1, p. 85https://doi.org/10.1186/s12911-018-0664-0info:eu-repo/grantAgreement/EC/H2020/727528cc-by (c) Natsiavas, Pantelis et al., 2018http://creativecommons.org/licenses/by/3.0/esinfo:eu-repo/semantics/openAccessoai:recercat.cat:2445/1770382026-05-29T05:05:01Z
dc.title.none.fl_str_mv Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
title Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
spellingShingle Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
Natsiavas, Pantelis
Seguretat informàtica
Interoperabilitat en xarxes d'ordinadors
Digitalització
Computer security
Internetworking (Telecommunication)
Digitization
title_short Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
title_full Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
title_fullStr Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
title_full_unstemmed Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
title_sort Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
dc.creator.none.fl_str_mv Natsiavas, Pantelis
Rasmussen, Janne
Voss Knude, Maja
Votis, Kostas
Coppolino, Luigi
Campegiani, Paolo
Cano Franco, Isaac
Mari, David
Faiella, Giuliana
Clemente, Fabrizio
Nalin, Marco
Grivas, Evangelos
Stan, Oana
Gelenbe, Erol
Dumortier, Jos
Petersen, Jan
Tzovaras, Dimitrios
Romano, Luigi
Komnios, Ioannis
Koutkias, Vassilis
author Natsiavas, Pantelis
author_facet Natsiavas, Pantelis
Rasmussen, Janne
Voss Knude, Maja
Votis, Kostas
Coppolino, Luigi
Campegiani, Paolo
Cano Franco, Isaac
Mari, David
Faiella, Giuliana
Clemente, Fabrizio
Nalin, Marco
Grivas, Evangelos
Stan, Oana
Gelenbe, Erol
Dumortier, Jos
Petersen, Jan
Tzovaras, Dimitrios
Romano, Luigi
Komnios, Ioannis
Koutkias, Vassilis
author_role author
author2 Rasmussen, Janne
Voss Knude, Maja
Votis, Kostas
Coppolino, Luigi
Campegiani, Paolo
Cano Franco, Isaac
Mari, David
Faiella, Giuliana
Clemente, Fabrizio
Nalin, Marco
Grivas, Evangelos
Stan, Oana
Gelenbe, Erol
Dumortier, Jos
Petersen, Jan
Tzovaras, Dimitrios
Romano, Luigi
Komnios, Ioannis
Koutkias, Vassilis
author2_role author
author
author
author
author
author
author
author
author
author
author
author
author
author
author
author
author
author
author
dc.subject.none.fl_str_mv Seguretat informàtica
Interoperabilitat en xarxes d'ordinadors
Digitalització
Computer security
Internetworking (Telecommunication)
Digitization
topic Seguretat informàtica
Interoperabilitat en xarxes d'ordinadors
Digitalització
Computer security
Internetworking (Telecommunication)
Digitization
description Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Methods: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. Results: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Conclusions: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.
publishDate 2018
dc.date.none.fl_str_mv 2018
2021
2021
2021
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
format article
status_str publishedVersion
dc.identifier.none.fl_str_mv https://hdl.handle.net/2445/177038
url https://hdl.handle.net/2445/177038
dc.language.none.fl_str_mv Inglés
language_invalid_str_mv Inglés
dc.relation.none.fl_str_mv Reproducció del document publicat a: https://doi.org/10.1186/s12911-018-0664-0
BMC Medical Informatics and Decision Making, 2018, vol. 18, num. 1, p. 85
https://doi.org/10.1186/s12911-018-0664-0
info:eu-repo/grantAgreement/EC/H2020/727528
dc.rights.none.fl_str_mv cc-by (c) Natsiavas, Pantelis et al., 2018
http://creativecommons.org/licenses/by/3.0/es
info:eu-repo/semantics/openAccess
rights_invalid_str_mv cc-by (c) Natsiavas, Pantelis et al., 2018
http://creativecommons.org/licenses/by/3.0/es
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv 16 p.
application/pdf
dc.publisher.none.fl_str_mv BioMed Central
publisher.none.fl_str_mv BioMed Central
dc.source.none.fl_str_mv Articles publicats en revistes (Medicina)
reponame:Recercat. Dipósit de la Recerca de Catalunya
instname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
instname_str Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
reponame_str Recercat. Dipósit de la Recerca de Catalunya
collection Recercat. Dipósit de la Recerca de Catalunya
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1869406978192703488
score 15,81155