| 1. |
- Skyvell Nilsson, Maria, 1961-, et al.
(författare)
-
Professional culture, information security and healthcare quality : an interview study of physicians' and nurses' perspectives on value conflicts in the use of electronic medical records
- 2018
-
Ingår i: Safety in health. - : BioMed Central. - 2056-5917. ; 4
-
Tidskriftsartikel (refereegranskat)abstract
- Digital healthcare information systems impose new demands on healthcare professionals, and information security rules may induce stressful value conflicts, which the professional culture may help professionals to handle.The aim of the study was to elucidate physicians' and registered nurses' shared professional assumptions and values, grounded in their professional cultures, and how these assumptions and values explain and guide healthcare professionals' handling of value conflicts involving rules regulating the use of electronic medical records.Methods Healthcare professionals in five organisations in two Swedish healthcare regions were interviewed.Results The study identified ensuring the patients' physical health and well-being as the overarching value and a shared basic assumption among physicians and registered nurses. A range of essential professional and organisational values were identified to help attain this goal. In value conflicts, different values were weighted in relation to each other and to the electronic information security rules.Conclusions The results can be used to guide effective design and implementation of electronic medical records and information security regulations in healthcare.
|
|
| 2. |
- Söderström, Eva, et al.
(författare)
-
Standardisation as a Means to Improve Information Security in Process-Oriented Distributed Healthcare
- 2008
-
Ingår i: Proceedings (ed) Kai Jacobs and Eva Söderström. Presented at the 13 th European Academy for Standardization (EURAS), 2008-06-16-17, Skövde Sweden.. - Aachen : Mainz. - 1437-8396. - 3861308096 ; 2008:ABI Band 40, s. 233-243
-
Konferensbidrag (refereegranskat)abstract
- Regardless of who we are, where we are, and when we get sick, we expect the healthcare sectors to take care of us. And we expect it to treat us with respect. Not the least, this concerns treating our personal information with care. However, the reality is that most healthcare institutions work separately, and that the flow of patient information therefore is less than optimal. This paper aims to investigate how current standards map against the concept of information security, and how process-orientation can be used in conjunction with standards to create secure information flows in healthcare. It does so by describing information security and process-orientation, and investigates how standards for information security apply in a process-oriented, distributed healthcare sector. The result shows that a dual focus is needed, on document and process standardisation, and that healthcare is facing great challenges in order to make this work.
|
|
| 3. |
- Gyllensten, Kristina, 1977, et al.
(författare)
-
The role of organizational and social factors for information security in a nuclear power industry
- 2021
-
Ingår i: Organizational Cybersecurity Journal: Practice, Process and People. ; 2:1, s. 3-20
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: The aim of this study was to explore the organizational and social prerequisites for employees’ participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this. Design/methodology/approach: Individual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden. Findings: We found that prerequisites for employees’ participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included welladapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility. Originality/value: The qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.
|
|
| 4. |
- Söderström, Eva, et al.
(författare)
-
Standards for information security and processes in healthcare
- 2009
-
Ingår i: Journal of Systems and Information Technology. - : Emerald Group Publishing Limited. - 1328-7265 .- 1758-8847. ; 11:3, s. 295-308
-
Tidskriftsartikel (refereegranskat)abstract
- Abstract Purpose – Regardless of who or where we are and when we get sick, we expect healthcare to make us well and to handle us and our information with care and respect. Today, most healthcare institutions work separately, making the flow of patient information sub-optimal and the use of common standards practically unheard of. The purpose of this paper is to emphasise the use for standards to improve information security in process-oriented distributed healthcare. Design/methodology/approach – The paper introduces a real-life case which is analysed to highlight how and where standards can and should be used in order to improve information security in process-oriented distributed healthcare. Findings – In total, 11 flaws or problems in information security and process-orientation are identified. From these, six changes are suggested which address how information is handled, and how organizational routines should be standardized. Research limitations/implications – The case setting is Swedish healthcare, but problems can be shared across international borders. The purpose is to highlight the issues at hand. Practical implications – If suggested changes are implemented, healthcare processes will be more streamlined and focused on patients. Routines will be standardized and uncertainties thus removed in terms of how to act in certain situations. Originality/value – Healthcare and academia has yet to address both document and process issues concerning standardization in distributed healthcare. There are also few actual cases from a patient perspective. This paper provides lessons learned from a real-life case, where results may impact how standardization is addressed in healthcare organizations.
|
|
| 5. |
- Berndtsson, Joakim, 1975, et al.
(författare)
-
Value conflicts and non-compliance: Attitudes to whistleblowing in Swedish organisations
- 2018
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961 .- 2056-497X. ; 26:2, s. 246-258
-
Tidskriftsartikel (refereegranskat)abstract
- © 2018, Emerald Publishing Limited. Purpose: The purpose of the study is to explore potential value conflicts between information security work and whistleblowing activities by analysing attitudes to whistleblowing among white-collar workers in Swedish organisations. Design/methodology/approach: The study is conducted using survey data among (n = 674) Swedish white-collar workers. Statistical analyses are conducted to explore variations in acceptance of whistleblowing and analyse the relationship between acceptance for whistleblowing and information security attitudes and behaviours. Findings: The study finds strong support for whistleblowing in both public and private spheres, and by both private and public sector employees. The study also finds stronger acceptance for intra-organisational whistleblowing, while support for external whistleblowing is low. Finally, the study shows that the whistleblowing activities might be perceived as coming in conflict with information security work, even as the support for including whistleblowing functions in information security practices is high. Research limitations/implications: With a focus on one country, the study is limited in terms of empirical scope. It is also limited by a relatively small number of respondents and survey items relating to whistleblowing, which in turn affects its explanatory value. However, the study does provide unique new insight into a specific form of “non-compliance”, i.e. whistleblowing, which merits further investigation. Originality/value: Few studies exist that combine insights from the fields of whistleblowing and information security research. Thus, this study provides a basis for further investigation into attitudes and behaviours linked to whistleblowing in public and private organisations, as well as attendant value conflicts related to information security management and practice.
|
|
| 6. |
- Eriksson, Nomie, 1955
(författare)
-
Implementation of an Electronic Patient’s Record in Process Oriented Healthcare
- 2008
-
Ingår i: The 3rd Nordic Workshop on Health Management and Organization. Between Public and Private, 4-5 december Uppsala. Sub-theme 3: Making professional work transparent..
-
Konferensbidrag (refereegranskat)abstract
- This article will offer a pathway for understanding recent changes and improvements in organizing and managing healthcare such as the flows of secure information about patients in healthcare. When patients visit healthcare providers they expect the personnel to have a patient centered view and to be informed what has happened in every unit they visited (Lindberg 2002, Eriksson 2007). I will discuss that this concerns a process-oriented organization and documented patient’s information treated with security. However, the reality is that most healthcare institutions like private healthcare and public healthcare work as traditional organizations (Scott et al 2000) and use paper based records, and as a consequence the flow of information is not optimal (Åhlfeldt 2008). Documentation takes personnel an increasing working time, crowding out the personnel’s time with patients. Still, documentation is necessary to give patients the best healthcare and make visible the personnel’s work. When improvements are accepted it becomes a condition for the strategizing healthcare organization, to emerge coordinating healthcare activities into a process-oriented healthcare with secure information. This study aims to investigate how the implementation of an electronic patient’s record manages information security and if process-oriented healthcare supports the flows of information. By describing process-orientation in healthcare, documents and questionnaires focus on the changes in personnel group’s opinions when an electronic patient’s record is implemented in a process organized hospital department. The personnel’s opinion compares between monitoring tools as paper based records and data based records. The study shows that to provide patients with opportunity for the best healthcare with the right information at the right time, and to protect sensitive patient information from distribution to unauthorized persons, increasing with an electronic patient record. The study also shows that process orientation particularly supports the flows of secure information. Thus, the personnel’s opinion support implementation of the new electronic patient’s record, they have a lack of knowledge to identify patient’s information as ongoing information without unnecessary repeating and commonly continue to double document about the patients. The study highlights high-quality education as protection against undesired changes in information security. I am argued that it is difficult to successfully manage implementations in the healthcare even when the organizations structures mostly support the improvements. Patient’s information transfer between healthcare personnel and organizational boarders need standardizations such as process-oriented organisation and an electronic patient record. The healthcare is facing great challenges in order to manage personnel’s way of working.
|
|
| 7. |
- Edkrantz, Michel, et al.
(författare)
-
Predicting cyber vulnerability exploits with machine learning
- 2015
-
Ingår i: Frontiers in Artificial Intelligence and Applications. - 0922-6389.
-
Konferensbidrag (refereegranskat)abstract
- For an information security manager it can be a daunting task to keep up and assess which new cyber vulnerabilities to prioritize patching first. Every day numerous new vulnerabilities and exploits are reported for a wide variety of different software configurations. We use machine learning to make automatic predictions for unseen vulnerabilities based on previous exploit patterns. As sources for historic vulnerability data, we use the National Vulnerability Database (NVD) and the Exploit Database (EDB). Our work shows that common words from the vulnerability descriptions, external references, and vendor products, are the most important features to consider. Common Vulnerability Scoring System (CVSS) scores and categorical parameters, and Common Weakness Enumeration (CWE) numbers are redundant when a large number of common words are used, since this information is often contained within the vulnerability description. Using machine learning algorithms, it is possible to get a prediction accuracy of 83% for binary classification. In comparison, the performance differences between some of the algorithms are marginal with respect to metrics such as accuracy, precision, and recall. The best classifier with respect to both performance metrics and execution time is a linear time Support Vector Machine (SVM) algorithm. We conclude that in order to get better predictions the data quality must be enhanced.
|
|
| 8. |
- Söderström, Eva, et al.
(författare)
-
Trusting digitized patient-related information: The need for a new approach
- 2011
-
Ingår i: In Furnell and Clarke (eds.), Proceedings of the 5th International Symposium on Human Aspects of Information Security and Assurance (HAISA), London, 2011. - : Plymouth Center for Security, Comunications & Network Research, University of Plymouth. - 9781841022840 ; , s. 119-129
-
Konferensbidrag (refereegranskat)abstract
- Trust is receiving increasing attention nowadays, particularly since new technology enables communication and collaboration like it has never been seen before. However, trust is a fuzzy concept that needs further examination and attention from multiple levels. For example, security is very important from a user’s point of view in trusting that technology will function in accordance with the user’s intended and requested function. This paper reviews the concept of patient safety, which thus far has been discussed and defined from a narrow technical perspective. We demonstrate that it is much more complex, and that it is not primarily the technical issues that are problematic, but rather the cultural, process-related and personnel issues. Our results point to a need for a new approach, which takes the patients’ view of healthcare and the patient-related digital information as its focus. The discussion is made from a Swedish perspective, but the issues are international. The needs for information and knowledge in healthcare are obvious. Without clear definitions of concepts and roles, a good information flow or process cannot be designed. Our discussion shows that trusted digital patient information gives an opportunity for a patient-focused healthcare. Multidimensional trust must be addressed on all levels; organization, person and technology. More empirical research into trust in digital patient-related information is necessary, to develop a model for patient safety from a trust perspective that encompasses all levels of trust.
|
|
| 9. |
- Gyllensten, Kristina, 1977, et al.
(författare)
-
Value conflicts and information security – a mixed-methods study in high-risk industry
- 2022
-
Ingår i: Information and Computer Security. - 2056-4961 .- 2056-497X. ; 30:3, s. 346-363
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: The purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry. Design/methodology/approach: A mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations. Findings: The qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour. Originality/value: This paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.
|
|
| 10. |
|
|
