Skip to main content

Advertisement

Table 9 Barriers for HIT acceptance linked with cybersecurity and interoperability

From: Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

ID Description Expected impact on technical design and/or the overall KONFIDO project activities Category
B1 Lack of awareness regarding information technology risks Need to reinforce awareness on cybersecurity risks associated with healthcare delivery. Awareness
B2 Lack of end-user confidence on their overall electronic health data handling The technical design shall account for a comprehensive and transparent data handling scheme. Trust
B3 Lack of trust to private companies providing HIT services The solution should focus on using infrastructure in the most transparent way possible. Trust
B4 Lack of interest regarding the “Terms and Conditions” for using HIT services ▪ Need to make “Terms and Conditions” more comprehensive for all users. ▪ Need to support the implementation of a comprehensive and transparent data handling scheme. Trust
B5 Inadequate level of legislation awareness Need to promote awareness on legislation aspects. Awareness
B6 Lack of perceived effectiveness of legislation by end-users Need to explain and illustrate the effectiveness of legislation to end-users. Trust
B7 Lack of clear and transparent consent processes currently applied Need to design a comprehensive consent mechanism. Trust
B8 Legislation not aligned among EU Member States Need to track ongoing legislation initiatives and adapt the technical design accordingly. Legislation
B9 Immaturity of existing frameworks Need to reduce strong dependencies with such frameworks to the extent possible. Usability
B10 Partial lack of management commitment Need to raise awareness on cybersecurity risks associated with healthcare delivery. Awareness
B11 Lack of a cybersecurity-oriented culture in everyday operations Need to raise awareness on the cybersecurity risks associated with healthcare delivery. Awareness
B12 Lack of budget Need to raise awareness on the impact of cybersecurity incidents and the economic burden that these may entail. Awareness
B13 Usability reduced due to IT security measures Need to prioritize usability in the technical design process. Usability
B14 Inadequate use of established cybersecurity mechanisms (e.g. active directory, intrusion detection systems, etc.) Need to promote the use and added value of novel/standard cybersecurity mechanisms. Awareness
B15 Diversity of information workflows among organizations Need to contextualize the technical design, in order to accommodate the requirements of local healthcare delivery processes and therefore increase end-user acceptance through enhanced usability. Usability
B16 Free-text content in different languages Need to employ reference medical terminologies/encodings to address interoperability. Interoperability
B17 Legislation not aligned among EU Member States Need to follow ongoing legislation initiatives and adapt the design according to EU directives. Legislation
B18 Legal issues not clarified (e.g. data ownership, liability etc.) Focus on provenance and auditing mechanisms, in order to clarify details if/when needed and, therefore, increase trust on the overall data exchange process. Legislation
B19 Lack of inter-organizational trust Need to promote robust and transparent cybersecurity measures while illustrating the added value of health data sharing (e.g. considering patient safety, quality of care, etc.). Trust
B20 Complexity of consent process Need to design a comprehensive consent mechanism for patients. Usability
B21 Lack of available IT expertise in organizations Need to raise awareness about the required personnel to address cybersecurity risks in organizations delivering healthcare services. Awareness
B22 Data exchange agreement’s complexity Need to establish data exchange agreements compliant with legal norms. Usability