Table 9 Barriers for HIT acceptance linked with cybersecurity and interoperability
ID | Description | Expected impact on technical design and/or the overall KONFIDO project activities | Category |
|---|---|---|---|
B1 | Lack of awareness regarding information technology risks | Need to reinforce awareness on cybersecurity risks associated with healthcare delivery. | Awareness |
B2 | Lack of end-user confidence on their overall electronic health data handling | The technical design shall account for a comprehensive and transparent data handling scheme. | Trust |
B3 | Lack of trust to private companies providing HIT services | The solution should focus on using infrastructure in the most transparent way possible. | Trust |
B4 | Lack of interest regarding the “Terms and Conditions” for using HIT services | ▪ Need to make “Terms and Conditions” more comprehensive for all users. ▪ Need to support the implementation of a comprehensive and transparent data handling scheme. | Trust |
B5 | Inadequate level of legislation awareness | Need to promote awareness on legislation aspects. | Awareness |
B6 | Lack of perceived effectiveness of legislation by end-users | Need to explain and illustrate the effectiveness of legislation to end-users. | Trust |
B7 | Lack of clear and transparent consent processes currently applied | Need to design a comprehensive consent mechanism. | Trust |
B8 | Legislation not aligned among EU Member States | Need to track ongoing legislation initiatives and adapt the technical design accordingly. | Legislation |
B9 | Immaturity of existing frameworks | Need to reduce strong dependencies with such frameworks to the extent possible. | Usability |
B10 | Partial lack of management commitment | Need to raise awareness on cybersecurity risks associated with healthcare delivery. | Awareness |
B11 | Lack of a cybersecurity-oriented culture in everyday operations | Need to raise awareness on the cybersecurity risks associated with healthcare delivery. | Awareness |
B12 | Lack of budget | Need to raise awareness on the impact of cybersecurity incidents and the economic burden that these may entail. | Awareness |
B13 | Usability reduced due to IT security measures | Need to prioritize usability in the technical design process. | Usability |
B14 | Inadequate use of established cybersecurity mechanisms (e.g. active directory, intrusion detection systems, etc.) | Need to promote the use and added value of novel/standard cybersecurity mechanisms. | Awareness |
B15 | Diversity of information workflows among organizations | Need to contextualize the technical design, in order to accommodate the requirements of local healthcare delivery processes and therefore increase end-user acceptance through enhanced usability. | Usability |
B16 | Free-text content in different languages | Need to employ reference medical terminologies/encodings to address interoperability. | Interoperability |
B17 | Legislation not aligned among EU Member States | Need to follow ongoing legislation initiatives and adapt the design according to EU directives. | Legislation |
B18 | Legal issues not clarified (e.g. data ownership, liability etc.) | Focus on provenance and auditing mechanisms, in order to clarify details if/when needed and, therefore, increase trust on the overall data exchange process. | Legislation |
B19 | Lack of inter-organizational trust | Need to promote robust and transparent cybersecurity measures while illustrating the added value of health data sharing (e.g. considering patient safety, quality of care, etc.). | Trust |
B20 | Complexity of consent process | Need to design a comprehensive consent mechanism for patients. | Usability |
B21 | Lack of available IT expertise in organizations | Need to raise awareness about the required personnel to address cybersecurity risks in organizations delivering healthcare services. | Awareness |
B22 | Data exchange agreement’s complexity | Need to establish data exchange agreements compliant with legal norms. | Usability |