Information Technology Reference
In-Depth Information
9.16.2
Health Care E-Commerce Example
These excerpts are taken from an outline architecting information assurance for a
health care E-commerce solution:
n
−
−
Architectural drivers
Business: Cost reduction, employee productivity increase.
Technical: Take advantage of private, virtually private, and public com-
munications infrastructure to minimize costs, optimize revenues, and
provide redundancy for business continuity.
IA
2
views
People
Business process
Policies
Development
Information technology
IA core principles
Compliance requirements
HIPAA: Compliance required to:
Avoid fines and other unbudgeted penalties
Accomplish patient privacy protection
Compliance verification
Although compliance assessment is costly, verifying HIPAA compli-
ance is appropriate. Budget justification comes in the form of one poorly
designed/implemented Web site that discloses hundreds of patient
records.
n
−
−
−
−
−
n
n
−
n
n
n
−
Identifying E-commerce IA concerns is easiest by first abstracting the E-com-
merce process into front office, data flows, and back office processes. Figure 9.9
shows these categories and subsequent decomposition in more detail; a brief list of
IA issues is included in context.
The simple framework of front office, back office, and data flows categorizes
operations, supporting personnel, and supporting constructs; further consider-
ation is given to the interfaces and relationships between all. Although the exam-
ple focuses on health care E-commerce, much is repeatable to other E-commerce
circumstances.
Figure 9.9 depicts the first steps in decomposing E-commerce into manage-
able chunks. For example, subsequent decomposition of PDAs as
security domains
with
security domain interfaces
and
security domain interactions
will isolate specific
security and privacy concerns. Subsequent decomposition of the various transport
media into component parts that become security domains likewise leads to isola-
tion of specific security and privacy concerns.
