Investigating risk exposure in e-health systems

Croll, Peter R. & Croll, Jasmine (2007) Investigating risk exposure in e-health systems. International Journal of Medical Informatics, 76(5-6), pp. 460-465.

View at publisher



Health managers, administrators and health practitioners now face new challenges due to the increasing dependency being placed on electronic health information systems. This paper focuses on Electronic Health Records for determining the critical attributes for e-health system development. The proposed QUiPS model aims to provide a framework for building trustworthy solutions by identifying the pertinent issues needed to determine the risk exposure with a given system.


To produce dependable, low risk and viable IT solutions, each critical attribute needs to be specifically addressed and prioritized. It is shown how these attributes possess a number of interdependencies making the analysis and prioritization tasks complex and hence, in practice, often incomplete. Two Australian case studies are presented that access enterprise level applications of live health records where these risk based techniques have been applied.


The value and the shortcomings of taking a risk based approach to developing and deploying electronic health information systems that are safe and secure, is evaluated. The case studies presented indicate that traditional methods used to derive the requirements are often inadequate and the risks that are faced in ensuring a safe and secure system are highly application dependent and dynamic.


Convergence towards a viable universal solution for our electronic health records is not imminent and trust in e-health is fragile. Policies that data custodians follow need to be flexible and updated on a regular basis. Technological solutions are at best a stop gap to avoid the common hazards associated with access control and secure messaging. A wider range of analysis techniques to determine the key issues for a dependable health information system can derive longer term sustainable solutions.

Impact and interest:

26 citations in Scopus
Search Google Scholar™
11 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

512 since deposited on 17 Sep 2008
19 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 14890
Item Type: Journal Article
Refereed: Yes
Keywords: Personal health records, Acceptability of health care, Public health informatics, e, Health, Risk analysis
DOI: 10.1016/j.ijmedinf.2006.09.013
ISSN: 1386-5056
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Information Systems not elsewhere classified (080699)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Information Systems Development Methodologies (080608)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2007 Elsevier
Copyright Statement: This is the author’s version of a work that was accepted for publication in International Journal of Medical Informatics. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Journal of Medical Informatics, [VOL 76, ISSUE 5-6, (2007)] DOI: 10.1016/j.ijmedinf.2006.09.013
Deposited On: 17 Sep 2008 00:00
Last Modified: 19 Sep 2013 03:06

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page