Health Informatics presents many wicked problems due to the complexity and diversity of reliance on public and private sector services. This is compounded by the added need to satisfy widely differing agendas which are derived from practitioners, policy makers, governance bodies and healthcare recipients (i.e. patients) [Westbrook et al 2007]. One particular area is the need for confidentiality in healthcare through the practices of privacy protection with contemporary ICT applications [Choi et al 2006]. This problem has been exasperated in Australia and overseas by differing privacy legislation that applies to private organisations, federal agencies and each individual state. Hence, the policy driven approach for ensuing privacy compliance is fraught with problems.
The healthcare recipient would ideally have a ubiquitous electronic health record that tracks the patient journey across an episode of healthcare delivery. To date, this ambition is far from realised with, in practice, many fragmented solutions presenting wicked problems in terms of interoperability and legislative compliance [Caldwell, 2015]. This is particularly evident with privacy, security and safety goals.
To address this problem, the author has undertaken research into the building of policies through semi-formal mathematical modelling techniques [Croll, 2007, 2011]. A macro holistic view is taken of the key objectives, which are then defined as mathematical sets rather than the textual descriptions found in existing policies. This helps alleviate the complexities and apparent differences across organisations. The result is a well-defined graphical model that is easy for practitioners to follow, yet has a formal underpinning to ensure coverage of all key aspects and their interdependencies.
This talk will present the high-level holistic model and show how by selecting one central concern, that of safety, it is possible to break down the wicked problem of privacy compliance. The model shows up deficiencies in current policies and ensure that greater compliance can be obtained when compared with the application of the current disjoint policies. Actual case studies will be presented to clarify the model and demonstrate the viability of taking such an approach.
(Caldwell, 2015) P Caldwell, ‘Epic Fail – Digitising America’s Medical Records was supposed to help patients and save money. Why hasn’t that Happened?’, Pub: Mother Jones, http://goo.gl/iEnVvh, November -December 2015 issue.
(Choi et al 2006) YB. Choi , KE. Capitan, JS. Krause, MM. Streeper ‘Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules’, Journal of Medical Systems, February 2006, Volume 30, Issue 1, pp 57-64
(Croll, 20011) PR Croll, ‘Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling’, International Journal of Medical Informatics 8 0 (2011) e32–e38
(Croll, 2007) PR Croll and J Croll ‘Investigating Risk Exposure in e-health Systems’, International Journal. Medical Informatics, Nov 27, 2006..
(Westbrook et al 2007) JI. Westbrook, J Braithwaite, A Georgiou, A Ampt, N Creswick, E Coiera, R Iedema, ‘Multimethod Evaluation of Information and Communication Technologies in Health in the Context of Wicked Problems and Sociotechnical Theory’, Journal American Medical Informatics Association, 746-755, 1 November 2007
