Information Security in Distribued Health Information Systems in Scandinavia: A Comparative Study of External Conditions and Solutions for Exchange and Sharing of Sensitive Health Information in Denmark, Norway and Sweden
MetadataShow full item record
Exchange and sharing of sensitive health information have to happen according to prevailing external conditions established by laws, regulations and liable authorities. These external conditions create various limitations, making requests for adaptative health information systems. Especially, when developing new solutions, defining the balance between protection of personal privacy and availability of information, is a great challenge. Several projects are working on possible solutions to the problem of sharing health information in a distributed way. Based on two different pilot projects in each of the countries Denmark, Norway and Sweden, and seen from an information security perspective, this thesis does a comparison of external conditions and various approaches to these conditions. Main focus is on the Scandinavian health legislation, but organisation of health services will also be considered briefly. The objective is to acquire new knowledge about and to contribute to the debate concerning exchange and sharing of health information. The results of this project are founded on an inductive multiple case study, and empirical data have been collected through semi-structured interviews. Through this thesis, it has become evident that health care in the Scandinavian countries is upon the whole equally organised and struggles with many of the same technological challenges. All three countries' health legislation promotes personal integrity, with Sweden as the most expressive. Nevertheless, there is a tendency towards enhancement of the patient's autonomy and a request for more united health care processes, leading to needs for new types of technological tools to ensure information security. In order to meet these requests, common national technological standards, concepts and infrastructure have become more important. In addition, the systems made have to be in accordance with Acts and regulations. Parts of the prevailing legislation are to a hindrance for exchange and sharing of information across organisational borders. The technological solutions chosen within the scope of the limiting external conditions are generally well-defined, high quality systems which have information security in focus. Still, there has become evident that some weak points exist, and there is room for improvements. In order to make health care of higher quality and ensure information security to an even larger degree, legal amendments and a more extensive national co-operation will arrange for the possibility of developing better information security solutions.