6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Towards Persistent Control over Shared Information in a<br />
Collaborative Environment<br />
Shada Alsalamah, Alex Gray and Jeremy Hilton<br />
Cardiff University, UK<br />
S.A.Salamah@cs.cardiff.ac.uk<br />
W.A.Gray@cs.cardiff.ac.uk<br />
Jeremy.hilton@cs.cardiff.ac.uk<br />
Abstract: In a complex collaborative environment, such as healthcare, where Multi-Disciplinary care Team<br />
(MDT) members and information come from independent organisational domains, there is a need for informationsharing<br />
across the organizations’ information systems in order to achieve the overall goal of collaboration.<br />
Inability to provide a secure communication method, giving local/global protection is affecting inter-professional<br />
communications and hindering sharing among MDT members. This research aims to facilitate a secure<br />
collaborative environment enabling persistent control over shared information across boundaries of the<br />
organisations that own the data. This paper is based on the early stages of the research and its results will feed<br />
into following stages. It looks at the structure of a healthcare system to understand the types of inter-professional<br />
communication and information exchange that occur in practice. Additionally it presents an initial assessment<br />
identifying the Information Security (IS) needs and challenges faced in providing persistent control in a shared<br />
collaborative environment by using conceptual modelling of a selected medical scenario (breast cancer in<br />
Wales). The results show that a considerable number of professionals are involved in a patient’s treatment. Each<br />
plays a well-defined role, but often uses different Healthcare Information Systems (HIS) to store sensitive and<br />
confidential patient medical information. These HIS cannot provide secure multi-organisational informationsharing<br />
to support collaboration among the MDT members. This causes inter-professional communication issues<br />
among team members that inhibit decision-making using the information. The findings from this study show how<br />
to improve information support from HIS stored information for MDT members. Also the resulting IS functions will<br />
be described which facilitate establishing secure collaborative environments guaranteeing persistent control over<br />
shared information.<br />
Keywords: information security, information system, Information sharing, multi-disciplinary team, persistent<br />
control, secure collaborative environment<br />
1. Introduction<br />
Current innovation in Information and Communication Technology (ICT) has encouraged collaboration<br />
within and among different fields, including healthcare. This has introduced novel inventions or<br />
tackled large-scale scientific problems. Such collaboration often demands extensive sharing of<br />
different resources among collaborating organisations in order to achieve an overall goal (Park and<br />
Sandhu, 2002; Wasson and Humphrey, 2003; Yau and Chen, 2008). Such collaboration may involve<br />
information in distributed resources being used and shared by users from geographically and<br />
administratively distributed physical organisations that own the resources. On all sites, these<br />
collaborations form Virtual Organisations (VOs) (Wasson and Humphrey, 2003; Yau and Chen, 2008).<br />
Therefore, a key characteristic of a VO is that users and information may come from different<br />
organisations, and thus various administrative domains (Thompson et al., 2003) with each applying<br />
local Information Security (IS) rules to protect its own information. As a result, when these<br />
organisations come together in a VO, they demand a Secure Collaborative Environment (SCE) for<br />
sharing resources, mainly information and data. However, there are three possible levels of protection<br />
when user(a) in domain(a) needs to share information with user(b) in domain(b) outside its secured<br />
administrative domain(a).<br />
Level 1 is local to domain(a) - user(a) loses control over the information once it is shared as the<br />
protection level applied inside domain(a) using IS rules(a) is not guaranteed outside this domain<br />
(once it has passed to domain(b) where IS rules(a) are not applied).<br />
Level 2 allows user(a) to have static control over the shared information when its protection is<br />
assured by user(b) using IS rules(b) when inside domain(b). (Here user(a) passes control to<br />
user(b), and although the information will still be protected, the rules applied change once the<br />
information is received, since user(a) has no control over domain(b)’s protection authority. Thus if<br />
the protection level of original information changes in domain(a), there is no guarantee that<br />
user(b) will also change it on the shared version of this information in domain(b). Additionally, if<br />
user(b) changes the protection on the shared version, user(a) cannot retain control).<br />
278