Abstract
Globally, health information security and associated topics have received considerable attention from both professionals and the academic community. The literature on the threats and mitigations when it comes to developing countries is scarce, and tends to focus on issues such as cryptographic techniques for secure safe data transmission or patients’ perceptions of data confidentiality. However, investigation of health information threats in relation to the local context has received less attention. In this paper we reflect on a long-term and global action research project that presents different perspectives on information security. Operating in environments of absent or obsolete relevant jurisdiction, poor institutional capacity for adherence and oversight, and limited awareness of appropriate security and confidentiality issues, we note unique security and confidentiality threats “where there is no CISO”. We reflect on mitigations adopted over the years to counter rising threats, and provide recommendations for practice and further research in this regard.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adu-Gyamfi, E., Nielsen, P., Sæbø, J.: The dynamics of a global health information systems research and implementation project. In: Proceedings of the 17th Scandinavian Conference on Health Informatics, Oslo, Norway, 12–13 November (2019)
Jolliffe, B., Poppe, O., Adaletey, D., Braa, J.: Models for online computing in developing countries: issues and deliberations. Inf. Technol. Dev. 21(1), 151–161 (2015). https://doi.org/10.1080/02681102.2014.902354
Nicholson, B., Nielsen, P., Saebo, J.: Special issue: digital platforms for development. Inf. Syst. J. 31(6), 863–868 (2021). https://doi.org/10.1111/isj.12364
Zuboff, S.: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs, New York (2019)
Werner, D., Thuman, C., Maxwell, J.: Where there is no doctor: a village health care handbook. Hesperian Health Guides (2020)
Arksey, H., O’Malley, L.: Scoping studies: towards a methodological framework. Int. J. Soc. Res. Methodol. 8(1), 19–32 (2005). https://doi.org/10.1080/1364557032000119616
Baskerville, R.L.: Distinguishing action research from participative case studies. J. Syst. Info. Tech. 1(1), 24–43 (1997). https://doi.org/10.1108/13287269780000733
Braa, J., Monteiro, E., Sahay, S.: Networks of action: sustainable health information systems across developing countries. MIS Quarterly 28(3), 337 (2004). https://doi.org/10.2307/25148643
Solomon, M.G., Chapple, M.: Information security illuminated. Jones and Bartlett Publishers (2004)
Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 8(1), 31–41 (2000). https://doi.org/10.1108/09685220010371394
Hulkower, R., Penn, M., Schmit, C.: Privacy and confidentiality of public health information. In: Magnuson, J.A., Dixon, B.E. (eds.) Public Health Informatics and Information Systems Health Informatics HI, pp. 147–166. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41215-9_9
Misra, M.K., Chaturvedi, A., Tripathi, S.P., Shukla, V.: A unique key sharing protocol among three users using non-commutative group for electronic health record system. J. Discret. Math. Sci. Cryptogr. 22(8), 1435–1451 (2019). https://doi.org/10.1080/09720529.2019.1692450
Kamble, P., Gawade, A.: Digitalization of healthcare with IoT and cryptographic encryption against DOS attacks. In: 2019 International Conference on contemporary Computing and Informatics (IC3I), pp. 69–73 (2019 Dec). https://doi.org/10.1109/IC3I46837.2019.9055531
Sari, P.K., Yazid, S.: Design of blockchain-based electronic health records for indonesian context: narrative Review. https://ieeexplore.ieee.org/abstract/document/9255571?casa_token=aPIf9bowQucAAAAA:JOJd5MYSIOa6l2Hn3ic_i0HgOevIFgCyvVYyzY6I9G8k1eKXijDkYBWkCHvoUEgz_qb7WuZ33A. Accessed 17 Jan 2022
Osebe, S., et al.: Enabling care continuity using a digital health wallet. In: 2019 IEEE International Conference on Healthcare Informatics (ICHI), pp. 1–7 (Jun 2019). https://doi.org/10.1109/ICHI.2019.8904625
Jack, C., Singh, Y., Mars, M.: Pitfalls in computer housekeeping by doctors and nurses in KwaZulu-Natal: no malicious intent. BMC Med. Ethics 14(Suppl 1), S8 (2013). https://doi.org/10.1186/1472-6939-14-S1-S8
Tissera, S.R., Silva, S.N.: Attitude towards health information privacy and electronic health records among urban sri lankan adults. Nursing Informatics 2016, 1003–1004 (2016). https://doi.org/10.3233/978-1-61499-658-3-1003
Forster, M., et al.: Electronic medical record systems, data quality and loss to follow-up: survey of antiretroviral therapy programmes in resource-limited settings. Bull World Health Organ 86(12), 939–947 (2008). https://doi.org/10.2471/BLT.07.049908
Gesicho, M.B., Moon, T.D., Heitman, E., Were, M.C.: Ethical issues in implementing national-level health data warehouses in developing countries. MEDINFO 2017: Precision Healthcare Through Informatics, pp. 718–722 (2017). https://doi.org/10.3233/978-1-61499-830-3-718
Namara, M., Wilkinson, D., Lowens, B.M., Knijnenburg, B.P., Orji, R., Sekou, R.L.: Cross-cultural perspectives on eHealth privacy in Africa. In: Proceedings of the Second African Conference for Human Computer Interaction: Thriving Communities, New York, NY, USA, pp. 1–11 (Dec 2018). https://doi.org/10.1145/3283458.3283472
Antonio, C.A.T., Patdu, I.D., Marcelo, A.B.: Health information privacy in the philippines: trends and challenges in policy and practice. Acta Med. Philipp. 50(4) (Dec 2016). https://doi.org/10.47895/amp.v50i4.760
Gerson, N., Shava, F.B.: A review of security system assessment tools - ProQuest. https://www.proquest.com/docview/2455896172/fulltextPDF/237C474A4684F42PQ/1. Accessed 17 Jan 2022
Zainudin, A., Sudarsono, A., Prakoso, B.M.: An implementation of secure medical data delivery for rural areas through delay tolerant network. In: 2016 International Electronics Symposium (IES), pp. 414–419 (Sep 2016). https://doi.org/10.1109/ELECSYM.2016.7861042
Pankomera, R., van Greunen, D.: Mitigating vulnerabilities and threats for patient-centric healthcare systems in low income developing countries. In: 2017 IST-Africa Week Conference (IST-Africa), pp. 1–11 (May 2017). https://doi.org/10.23919/ISTAFRICA.2017.8102384
Koivu, A., Mavengere, N., Ruohonen, M.J., Hederman, L., Grimson, J.: Exploring the information and ICT skills of health professionals in low- and middle-income countries. In: Brinda, T., Mavengere, N., Haukijärvi, I., Lewin, C., Passey, D. (eds.) SaITE 2016. IAICT, vol. 493, pp. 152–162. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-54687-2_15
Hai, N.K., Lawpoolsri, S., Jittamala, P., Huong, P.T.T., Kaewkungwal, J.: Practices in security and confidentiality of HIV/AIDS patients’ information: a national survey among staff at HIV outpatient clinics in Vietnam. PLoS One 12(11), e0188160 (2017). https://doi.org/10.1371/journal.pone.0188160
Khan, S.I., Hoque, A.S.Md.L.: Health data integration with secured record linkage: a practical solution for bangladesh and other developing countries. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 156–161 (Jan 2017). https://doi.org/10.1109/NSysS.2017.7885818
Roland, L.K., Sanner, T., Sæbø, J.I., Monteiro, E.: P for Platform. Architectures of large-scale participatory design. Scand. J. Inf. Syst. 29(2), (Dec 2017). [Online]. Available: http://aisel.aisnet.org/sjis/vol29/iss2/1
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Sæbø, J.I., Büttner, A., Gruschka, N., Jolliffe, B., McGee, A. (2022). Where There is No CISO. In: Zheng, Y., Abbott, P., Robles-Flores, J.A. (eds) Freedom and Social Inclusion in a Connected World. ICT4D 2022. IFIP Advances in Information and Communication Technology, vol 657. Springer, Cham. https://doi.org/10.1007/978-3-031-19429-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-19429-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19428-3
Online ISBN: 978-3-031-19429-0
eBook Packages: Computer ScienceComputer Science (R0)