Comprehensive user requirements engineering methodology for secure and interoperable health data exchange
Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data ex...
| Autores: | , , , , , , , , , , , , , , , , , , , |
|---|---|
| Formato: | artículo |
| Estado: | Versión publicada |
| Fecha de publicación: | 2018 |
| País: | España |
| Recursos: | Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| Repositorio: | Recercat. Dipósit de la Recerca de Catalunya |
| OAI Identifier: | oai:recercat.cat:2445/177038 |
| Acesso em linha: | https://hdl.handle.net/2445/177038 |
| Access Level: | acceso abierto |
| Palavra-chave: | Seguretat informàtica Interoperabilitat en xarxes d'ordinadors Digitalització Computer security Internetworking (Telecommunication) Digitization |
| id |
ES_42e35715606ac487d22eb4e15470d710 |
|---|---|
| oai_identifier_str |
oai:recercat.cat:2445/177038 |
| network_acronym_str |
ES |
| network_name_str |
España |
| repository_id_str |
|
| spelling |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchangeNatsiavas, PantelisRasmussen, JanneVoss Knude, MajaVotis, KostasCoppolino, LuigiCampegiani, PaoloCano Franco, IsaacMari, DavidFaiella, GiulianaClemente, FabrizioNalin, MarcoGrivas, EvangelosStan, OanaGelenbe, ErolDumortier, JosPetersen, JanTzovaras, DimitriosRomano, LuigiKomnios, IoannisKoutkias, VassilisSeguretat informàticaInteroperabilitat en xarxes d'ordinadorsDigitalitzacióComputer securityInternetworking (Telecommunication)DigitizationBackground: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Methods: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. Results: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Conclusions: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.BioMed Central2021202120182021info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersion16 p.application/pdfhttps://hdl.handle.net/2445/177038Articles publicats en revistes (Medicina)reponame:Recercat. Dipósit de la Recerca de Catalunyainstname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)InglésReproducció del document publicat a: https://doi.org/10.1186/s12911-018-0664-0BMC Medical Informatics and Decision Making, 2018, vol. 18, num. 1, p. 85https://doi.org/10.1186/s12911-018-0664-0info:eu-repo/grantAgreement/EC/H2020/727528cc-by (c) Natsiavas, Pantelis et al., 2018http://creativecommons.org/licenses/by/3.0/esinfo:eu-repo/semantics/openAccessoai:recercat.cat:2445/1770382026-05-29T05:05:01Z |
| dc.title.none.fl_str_mv |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| title |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| spellingShingle |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange Natsiavas, Pantelis Seguretat informàtica Interoperabilitat en xarxes d'ordinadors Digitalització Computer security Internetworking (Telecommunication) Digitization |
| title_short |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| title_full |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| title_fullStr |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| title_full_unstemmed |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| title_sort |
Comprehensive user requirements engineering methodology for secure and interoperable health data exchange |
| dc.creator.none.fl_str_mv |
Natsiavas, Pantelis Rasmussen, Janne Voss Knude, Maja Votis, Kostas Coppolino, Luigi Campegiani, Paolo Cano Franco, Isaac Mari, David Faiella, Giuliana Clemente, Fabrizio Nalin, Marco Grivas, Evangelos Stan, Oana Gelenbe, Erol Dumortier, Jos Petersen, Jan Tzovaras, Dimitrios Romano, Luigi Komnios, Ioannis Koutkias, Vassilis |
| author |
Natsiavas, Pantelis |
| author_facet |
Natsiavas, Pantelis Rasmussen, Janne Voss Knude, Maja Votis, Kostas Coppolino, Luigi Campegiani, Paolo Cano Franco, Isaac Mari, David Faiella, Giuliana Clemente, Fabrizio Nalin, Marco Grivas, Evangelos Stan, Oana Gelenbe, Erol Dumortier, Jos Petersen, Jan Tzovaras, Dimitrios Romano, Luigi Komnios, Ioannis Koutkias, Vassilis |
| author_role |
author |
| author2 |
Rasmussen, Janne Voss Knude, Maja Votis, Kostas Coppolino, Luigi Campegiani, Paolo Cano Franco, Isaac Mari, David Faiella, Giuliana Clemente, Fabrizio Nalin, Marco Grivas, Evangelos Stan, Oana Gelenbe, Erol Dumortier, Jos Petersen, Jan Tzovaras, Dimitrios Romano, Luigi Komnios, Ioannis Koutkias, Vassilis |
| author2_role |
author author author author author author author author author author author author author author author author author author author |
| dc.subject.none.fl_str_mv |
Seguretat informàtica Interoperabilitat en xarxes d'ordinadors Digitalització Computer security Internetworking (Telecommunication) Digitization |
| topic |
Seguretat informàtica Interoperabilitat en xarxes d'ordinadors Digitalització Computer security Internetworking (Telecommunication) Digitization |
| description |
Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Methods: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. Results: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Conclusions: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector. |
| publishDate |
2018 |
| dc.date.none.fl_str_mv |
2018 2021 2021 2021 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
https://hdl.handle.net/2445/177038 |
| url |
https://hdl.handle.net/2445/177038 |
| dc.language.none.fl_str_mv |
Inglés |
| language_invalid_str_mv |
Inglés |
| dc.relation.none.fl_str_mv |
Reproducció del document publicat a: https://doi.org/10.1186/s12911-018-0664-0 BMC Medical Informatics and Decision Making, 2018, vol. 18, num. 1, p. 85 https://doi.org/10.1186/s12911-018-0664-0 info:eu-repo/grantAgreement/EC/H2020/727528 |
| dc.rights.none.fl_str_mv |
cc-by (c) Natsiavas, Pantelis et al., 2018 http://creativecommons.org/licenses/by/3.0/es info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
cc-by (c) Natsiavas, Pantelis et al., 2018 http://creativecommons.org/licenses/by/3.0/es |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
16 p. application/pdf |
| dc.publisher.none.fl_str_mv |
BioMed Central |
| publisher.none.fl_str_mv |
BioMed Central |
| dc.source.none.fl_str_mv |
Articles publicats en revistes (Medicina) reponame:Recercat. Dipósit de la Recerca de Catalunya instname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| instname_str |
Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| reponame_str |
Recercat. Dipósit de la Recerca de Catalunya |
| collection |
Recercat. Dipósit de la Recerca de Catalunya |
| repository.name.fl_str_mv |
|
| repository.mail.fl_str_mv |
|
| _version_ |
1869406978192703488 |
| score |
15,81155 |