Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende

Live-Webinar: Aktuelle Leitlinien bei Herz-Kreislauf-Erkrankungen

Konkret geht es um den Diabetes-Patienten mit kardiovaskulären Erkrankungen oder Risiken, die Herzinsuffizienz sowie die kardiovaskuläre Primär- und Sekundärprävention. Sind Sie hier schon auf dem neuesten Stand? Unsere Experten beleuchten, wo und warum das bisherige Procedere geändert werden soll und was in der Praxis sinnvoll ist. Holen Sie sich Ihr Update und 2 CME-Punkte beim MMW-Webinar am 24. April von 17.30 bis 19 Uhr
Erweiterte Suche
Anmelden
nach oben
Journal of Medical Systems
Erschienen in: Journal of Medical Systems 6/2013

01.12.2013 | Original Paper

Fuzzy Assessment of Health Information System Users’ Security Awareness

verfasst von: Özlem Müge Aydın, Oumout Chouseinoglou

Erschienen in: Journal of Medical Systems | Ausgabe 6/2013

Einloggen, um Zugang zu erhalten

Abstract

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
Ng et al. define computer security incidents as “a security-related adverse event in which there is a loss of information confidentiality, disruption of information or system integrity, disruption or denial of system availability, or violation of any computer security policies” [1]
 
Literatur
1.
Ng, B.-Y., Kankanhalli, A., and Xu, Y., Studying users' computer security behavior: a health belief perspective. Decis. Support. Syst. 46(4):815–825, 2009.CrossRef
2.
Kankanhalli, A., Teo, H.-H., Tan, B. C. Y., and Wei, K.-K., An integrative study of information systems security effectiveness. Int. J. Inf. Manag. 23(2):139–154, 2003.CrossRef
3.
Stanton, J. M., Mastrangelo, P. R., Stam, K. R., and Jolton, J., Behavioral information security: two end user survey studies of motivation and security practices. Proceedings of the Tenth Americas Conference on Information Systems, New York, 2004.
4.
Aurigemma, S., and Panko, R., A composite framework for behavioral compliance with information security policies. System Science (HICSS) 45th Hawaii International Conference on System Sciences, Maui, 2012.
5.
Chan, M., Woon, I., and Kankanhalli, A., Perceptions of information security at the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security 1(3):18–41, 2005.
6.
Pahnila, S., Siponen, M., and Mahmood, A., Employeesbehavior towards IS security policy compliance. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, 2007.
7.
D’Arcy, J., and Hovav, A., Countermeasures and information systems misuse behaviors. Journal of Information System Security 3(2):3–30, 2007.
8.
Hadasch, F., Mueller, B., and Maedche, A., Exploring antesedent environmental and organizational factors to user-caused information leaks: a qualitative study. ECIS 2012 Proceedings, 2012.
9.
Zhang, J., Reithel, B. J., and Li, H., Impact of perceived technical protection on security behaviors. Information Management & Computer Security 17(4):330–340, 2009.CrossRef
10.
Bulgurcu, B., Cavusoglu, H., and Benbasat, I., Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3):523–548, 2010.
11.
LaRose, R., Rifon, N. J., and Enbody, R., Promoting personal responsibility for internet safety. Commun. ACM 51(3):71–76, 2008.CrossRef
12.
13.
Katsikas, S. K., Health care management and information systems security: awareness, training or education? Int. J. Med. Inform. 60(2):129–135, 2000.MathSciNetCrossRef
14.
Giuse, D. A., and Kuhn, K. A., Health information systems challenges: the Heidelberg conference and the future. International journal of medical informatics 69(2):105–114, 2003.CrossRef
15.
Ammenwerth, E., Gräber, S., Herrmann, G., Bürkle, T., and König, J., Evaluation of health information systems—problems and challenges. Int. J. Med. Inform. 71(2):125–135, 2003.CrossRef
16.
Haux, R., Health information systems? past, present, future. Int. J. Med. Inform. 75(3–4):268–281, 2006.CrossRef
17.
Appari, A., and Johnson, M. E., Information security and privacy in healthcare: current state of research. Int. J. Internet and Enterprise Management 6(4):279–314, 2010.CrossRef
18.
Grandison, T., and Sloman, M., A survey of trust in internet applications. Communications Surveys & Tutorials 3(4):2–16, 2000.CrossRef
19.
Blumenthal, D., Stimulating the adoption of health information technology. N. Engl. J. Med. 360(15):1477–1479, 2009.CrossRef
20.
Goldschmidt, P. G., HIT and MIS: implications of health information technology and medical information systems. Commun. ACM 48(10):68–74, 2005.CrossRef
21.
Janczewski, L., and Xinli Shi, F., Development of information security baselines for healthcare information systems in New Zealand. Computers & Security 21(2):172–192, 2002.CrossRef
22.
Rindfleisch, T. C., Privacy, information technology, and health care. Commun. ACM 40(8):92–100, 1997.CrossRef
23.
Smith, E., and Eloff, J., Cognitive fuzzy modeling for enhanced risk assessment in a health care institution. Intelligent Systems and their Applications, IEEE 15(2):69–75, 2000.CrossRef
24.
Buckovich, S. A., Rippen, H. E., and Rozen, M. J., Driving toward guiding principles a goal for privacy, confidentiality, and security of health information. J. Am. Med. Inform. Assoc. 6(2):122–133, 1999.CrossRef
25.
Zadeh, L. A., Fuzzy sets as a basis for a theory of possibility. Fuzzy sets and systems 100 Supplement, pp. 9–34, 1999.
26.
Dhillon, G., and Torkzadeh, G., Value–focused assessment of information system security in organizations. Inf. Syst. J. 16(3):293–314, 2006.CrossRef
27.
Carrasco, R. A., Muñoz-Leiva, F., Sánchez-Fernández, J., and Liébana-Cabanillas, F. J., A model for the integration of e-financial services questionnaires with SERVQUAL scales under fuzzy linguistic modeling. Expert Syst. Appl. 39:11535–11547, 2012.CrossRef
28.
Ngan, S.-C., Decision making with extended fuzzy linguistic computing, with applications to new product development and survey analysis. Expert Syst. Appl. 38:14052–14059, 2011.
29.
Belohlavek, R., Sigmund, E., and Zacpal, J., Evaluation of IPAQ questionnaires supported by formal concept analyis. Inf. Sci. 181:1774–1786, 2011.MathSciNetCrossRef
30.
Azar, A., and Darvishi, Z. A., Development and validation of a measure of justice perception in the frame of fairness theory—fuzzy approach. Expert Syst. Appl. 38:7364–7372, 2011.CrossRef
31.
Hosmer, H. H., Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. Proceedings on the 1992-1993 workshop on New security paradigms, 1993.
32.
Phuong, N. H., and Kreinovich, V., Fuzzy logic and its applications in medicine. Int. J. Med. Inform. 62(2):165–173, 2001.CrossRef
33.
Binaghi, E., Gallo, I., Ghiselli, C., Levrini, L., and Biondi, K., An integrated fuzzy logic and web-based framework for active protocol support. Int. J. Med. Inform. 77(4):256–271, 2008.CrossRef
34.
Başçiftçi, F., and İncekara, H., Design of web-based fuzzy input expert system for the analysis of serology laboratory tests. J. Med. Syst. 36(4):2187–2191, 2012.CrossRef
35.
Esposito, M., De Falco, I., and De Pietro, G., An evolutionary-fuzzy DSS for assessing health status in multiple sclerosis disease. Int. J. Med. Inform. 80(12):245–254, 2011.CrossRef
36.
Lopes, M. H. B. D. M., Ortega, N. R. S., Silveira, P. S. P., Massad, E., Higa, R., and Marin, H. D. F., Fuzzy cognitive map in differential diagnosis of alterations in urinary elimination: a nursing approach. Int. J. Med. Inform. 80(12):201–208, 2013.CrossRef
37.
Badawi, A. M., Derbala, A. S., and Youssef, A.-B., Fuzzy logic algorithm for quantitative tissue characterization of diffuse liver diseases from ultrasound images. Int. J. Med. Inform. 55(2):135–147, 1999.CrossRef
38.
Singh, S., Kumar, A., Panneerselvam, K., and Vennila, J. J., Diagnosis of arthritis through fuzzy inference system. J. Med. Syst. 36(3):1459–1468, 2012.CrossRef
39.
Das, S., Chowdhury, S. R., and Saha, H., Accuracy enhancement in a fuzzy expert decision making system through appropriate determination of membership functions and its application in a medical diagnostic decision making system. J. Med. Syst. 36(3):1607–1620, 2012.CrossRef
40.
Ogutcu, G., and Aydin, O., Analysis of personal information security behavior and awareness in E-transformation process. Submitted manuscript.
41.
Milne, G. R., Labrecque, L. I., and Cromer, C., Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3):449–473, 2009.CrossRef
42.
Bechara, A., Risky business: emotion, decision-making, and addiction. J. Gambl. Stud. 19(1):23–51, 2003.CrossRef
43.
Moore, S., and Gullone, E., Predicting adolescent risk behavior using a personalized cost-benefit analysis. Journal of Youth and Adolescence 25(3):343–359, 1996.CrossRef
44.
Birch, D. G., and McEvoy, N. A., Risk analysis for information systems. J. Inf. Technol. 7(1):44–53, 1992.CrossRef
45.
Rainer, R. K. J., Snyder, C. A., and Carr, H. H., Risk analysis for information technology.
46.
Horst, M., Kuttschreuter, M., and Gutteling, J. M., Perceived usefulness, personal experiences, risk perception and trust as determinants of adoption of e-government services in The Netherlands. Comput. Hum. Behav. 23(4):1838–1852, 2007.CrossRef
47.
Slovic, P., Finucane, M. L., Peters, E., and MacGregor, D. G., Risk as analysis and risk as feelings: some thoughts about affect, reason, risk, and rationality. Risk Anal. 24(2):311–322, 2004.CrossRef
48.
Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E., Formulating information systems risk management strategies through cultural theory. Information Management & Computer Security 14(3):198–217, 2006.CrossRef
49.
Dubois, D., and Prade, H., Gradualness, uncertainty and bipolarity: making sense of fuzzy sets. Fuzzy Sets Syst. pp. 3–24, 2012
50.
Gong, D.-W., Yuan, J., and Sun, X.-Y., Interactive genetic algorithms with individual’s fuzzy fitness. Comput. Hum. Behav. 27(5):1482–1492, 2011.CrossRef
51.
Chiou,H.-K., Tzeng, G.-H. and Cheng, D.-C., Evaluating sustainable fishing development strategies using fuzzy MCDM approach, Omega, pp. 223–234, 2005
52.
Deng, W.-J., and Pei, W., Fuzzy neural based importance-performance analysis for determining critical service attributes, Expert Systems With Applications, pp. 3774–3784, 2009
53.
Ma, J., Ruan, D., Xu, Y., and Zhang, G., A fuzzy-set approach to treat determinacy and consistency of linguistic terms in multi-criteria decision making. International Journal of Approximate Reasoning, pp. 165–181, 2007
54.
Klir, G. J., and Yuan, B., Fuzzy sets and systems. Prentice Hall PTR, New Jersey, 1995.
55.
Tsai, H.-H., and Lu, I.-Y., The evaluation of service quality using generalized Choquet integral. Inf. Sci. 176(6):640–663, 2006.CrossRefMATH
Metadaten
Titel
Fuzzy Assessment of Health Information System Users’ Security Awareness
verfasst von
Özlem Müge Aydın
Oumout Chouseinoglou
Publikationsdatum
01.12.2013
Verlag
Springer US
Erschienen in
Journal of Medical Systems / Ausgabe 6/2013
Print ISSN: 0148-5598
Elektronische ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9984-x

Weitere Artikel der Ausgabe 6/2013

Journal of Medical Systems 6/2013 Zur Ausgabe

Original Paper

An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems

Original Paper

Free Web-based Personal Health Records: An Analysis of Functionality

Original Paper

A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care

Original Paper

Designing an Intelligent Health Monitoring System and Exploring User Acceptance for the Elderly

Original Paper

A Patient Privacy Protection Scheme for Medical Information System

Original Paper

Privacy Preserving Index for Encrypted Electronic Medical Records