Abstract
Alignment of business and IT is a serious challenge in enterprises due to continuously changing business environments and at the same time changing organizational IT infrastructures. The same challenges can be detected in health information technology accompanied by domain-specific information security demands regarding the access to patient-related information and medical data. The paper addresses a specific aspect in this area, which is of high relevance for business and IT alignment: how to define and apply policies as means to translate organizational requirements into guidelines and rules in IT management. The scope of the paper is limited to hospital information systems and policies in information security. The main contributions of this paper are (1) to present a case study from hospital information security confirming the need for supporting policy implementation, (2) to identify and describe the problem of policy conflict management as part of IT and business alignment, and (3) to define the research design for addressing this problem from a design science perspective.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Seigerroth, U.: Enterprise Modeling and Enterprise Architecture: The Constituents of Transformation and Alignment of Business and IT. IJITBAG 2(1), 16–34 (2011)
Woitsch, R., Karagiannis, D., Plexousakis, D., Hinkelmann, K.: Business and IT alignment: the IT-Socket. e & i Elektrotechnik und Informationstechnik 126(7–8), 308–321 (2009)
Krogstie, J.: Model-Based Development and Evolution of Information Systems - A Quality Approach. Springer, London (2012)
Haas, P., Kuhn, K.A.: Hospital Information Systems. In: Kramme, R., Hoffmann, K.-P., Pozos, R.S. (eds.) Springer Handbook of Medical Technology, pp. 1095–1118. Springer, Heidelberg (2011)
Haux, R.: Health information systems–past, present, future. International Journal of Medical Informatics 75(3-4), 268–281 (2006)
Brigl, B., Ammenwerth, E., Dujat, C., Gräber, S., Große, A., Häber, A., Jostes, C., Winter, A.: Preparing strategic information management plans for hospitals: a practical guideline. SIM plans for hospitals: a guideline. International Journal of Medical Informatics 74(1), 51–65 (2005)
Wies, R.: Policies in Network and Systems Management – Formal Definition and Architecture. Journal of Network and Systems Management 2(1), 63–83 (1994)
Caumanns, J., Kuhlisch, R., Pfaff, O., Rode, O.: IHE IT-Infrastructure White Paper: Access Control. IHE International (September 2009)
IHE IT Infrastructure Technical Framework: Volume 1 (ITI TF-1): Integration Profiles. IHE International, 9.0 (August 2012)
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems 24(3), 45–78 (2007)
Flyvbjerg, B.: Case Study. In: Denzin, N.K., Lincoln, Y.S. (eds.) The Sage Handbook of Qualitative Research, 4th edn., pp. 301–316. Sage Publications Ltd. (2011)
Winter, R.: Design science research in Europe. European Journal of Information Systems 17(5), 470–475 (2008)
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design Science in Information Systems Research. MIS Quarterly 28(1), 75–105 (2004)
Benbasat, I., Goldstein, D.K., Mead, M.: The Case Research Strategy in Studies of Information Systems. MIS Quarterly 11(3), 369–386 (1987)
Klein, H.K., Myers, M.D.: A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems. MIS Quarterly 23(1), 67–88 (1999)
Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empirical Software Engineering 14(2), 131–164 (2009)
Singer, J., Sim, S.E., Lethbridge, T.C.: Software Engineering Data Collection for Field Studies. In: Shull, F., Singer, J., Sjberg, D.I.K. (eds.) Guide to Advanced Empirical Software Engineering, pp. 9–34. Springer London, London (2008)
Conference of the Data Protection Commissioners of the Federation and the Federal Länder: Orientierungshilfe Krankenhausinformationssysteme, in Datenschutzkonforme Gestaltung und Nutzung von Krankenhausinformationssystemen, Würzburg (2011)
Moffett, J.D., Sloman, M.S.: Policy Conflict Analysis in Distributed System Management. Journal of Organizational Computing 4(1), 1–22 (1994)
Kempter, B., Danciu, V.: Generic Policy Conflict Handling Using a priori Models. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 84–96. Springer, Heidelberg (2005)
Bonatti, P.A., di Vimercati, S.D.C., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 5(1), 1–35 (2002)
Cabinet Office, IT Infrastructure Library, Official ITIL® Website (May 11, 2012), http://www.itil-officialsite.com/ (accessed: March 26, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kuhlisch, R., Sandkuhl, K. (2013). Policy Conflict Handling as a Monitoring Activity of Hospital Information Systems. In: Abramowicz, W. (eds) Business Information Systems Workshops. BIS 2013. Lecture Notes in Business Information Processing, vol 160. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41687-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-41687-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41686-6
Online ISBN: 978-3-642-41687-3
eBook Packages: Computer ScienceComputer Science (R0)