Information Technology Reference
In-Depth Information
Front Office
Data Flows
Back Office
Patient/Doctor/Admin
Access Methods
Intermediate
Transport
Access Points
Infrastructure
Data Storage & Management
Wired/Wireless
PSTN
Cell/
Wireless
Agent
Multimedia PC
LAN
- Ethernet
PDA
Patient Data
Laptop
WAN
- ATM, FR, ...
Cable
Modem
Internet
ISP
IP Phone
Web Server
External
Interfaces
Internal
Interfaces
- wireless
- Appointments
- Follow up
- Hospitals
- Accounting/Finance
- Legacy Interfaces
(1)
- Etc.
- wired
Satellite
Filtered View
Satellite Dish
US Mail
(snail-mail)
Application
Server
E-Mail Server
Modem
Fiber Optic
- Copper, coax, ...
- Vendor Interface
- e.g. pharmaceutical
- Partner interface
- e.g. doctor network or hospitals
- External fulfillment
- e.g. lab work
- Insurance
(1)
Interfaces are services/mechanics to
support the more important business
driver of “integration.”
Private Shipping
(e.g. UPS)
PC
Interactive Voice
Response Server
PSTN
Cell/
Wireless
- Private (home)
- Semi-Private (work)
- Public (internet bar)
Doctor's
Assistant
Walk-in
Information Assurance Issues w.r.t. Health Care E-Commerce
- Device security
- Device access
- Local device storage
- Transmission
interception
- Storage encryption
- Access control
- Anti-virus
- Transport access
- Masquerading
- Session hijacking
- ISP security
- Managed networks
- E-mail servers
- Physical security
-Patient access
- Agent support
infrastructure
- Multimedia PC & IP
phone VoIP support
- Web server
Infrastructure
- File encryption
- Session encryption
- VPN; SSL
- Authentication mgmt
- PKI
- Integrity checking
- Anti-virus
- Personnel training
- Wired & wireless security
controls
- LAN/WAN security
- Satellite transmission &
interception
- Copper, coax, fiber, and other
transport medium security
- Transmission encryption
- Monitoring for surveillance
- IDS
- Aggregate services (defense-in-
depth)
- Data storage
- Data sharing
- 3
rd
party access/disclosure
- Privacy obligations
- e.g. patient records, lab results, etc.
- Privacy policy
-Privacy laws (e.g. privacy act 1974, HIPPA)
- HIPPA compliance verification
- Protecting proprietary information obligations
- View management; see only what supposed
to see
- E.g. medical research
- Internal access and view management
PSTN = public switched telephone network
Figure 9.9
Health care e-commerce and iA issues oeriew.
Considering the decomposition of the intermediate transport clouds, there are
some things over which the health care organization will have direct control, oth-
ers over which it will have influence, and some over which it will have no control
at all (e.g., weather, economic cycles). However, the organization can still manage
its reaction or response to unexpected events over which it has no control. This
same taxonomy of decomposition as in Figure 9.9 is useful for many aspects of
E-commerce.
9.17
Deelopment Quality Assurance
Development quality assurance (DQA) is a superset of software quality assurance
(SQA). DQA addresses the entire development process and environment. SQA
focuses on software development specifically. Table 9.20 presents an IA
2
summary
of DQA.
