{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:05:30Z","timestamp":1754157930977,"version":"3.41.2"},"reference-count":30,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2009,8,14]],"date-time":"2009-08-14T00:00:00Z","timestamp":1250208000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009,8,14]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>Regardless of who or where we are and when we get sick, we expect healthcare to make us well and to handle us and our information with care and respect. Today, most healthcare institutions work separately, making the flow of patient information sub\u2010optimal and the use of common standards practically unheard of. The purpose of this paper is to emphasise the use for standards to improve information security in process\u2010oriented distributed healthcare.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The paper introduces a real\u2010life case which is analysed to highlight how and where standards can and should be used in order to improve information security in process\u2010oriented distributed healthcare.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>In total, 11 flaws or problems in information security and process\u2010orientation are identified. From these, six changes are suggested which address how information is handled, and how organizational routines should be standardized.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>The case setting is Swedish healthcare, but problems can be shared across international borders. The purpose is to highlight the issues at hand.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>If suggested changes are implemented, healthcare processes will be more streamlined and focused on patients. Routines will be standardized and uncertainties thus removed in terms of how to act in certain situations.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>Healthcare and academia has yet to address both document and process issues concerning standardization in distributed healthcare. There are also few actual cases from a patient perspective. This paper provides lessons learned from a real\u2010life case, where results may impact how standardization is addressed in healthcare organizations.<\/jats:p><\/jats:sec>","DOI":"10.1108\/13287260910983650","type":"journal-article","created":{"date-parts":[[2009,10,5]],"date-time":"2009-10-05T10:55:53Z","timestamp":1254740153000},"page":"295-308","source":"Crossref","is-referenced-by-count":9,"title":["Standards for information security and processes in healthcare"],"prefix":"10.1108","volume":"11","author":[{"given":"Eva","family":"S\u00f6derstr\u00f6m","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rose\u2010Mharie","family":"\u00c5hlfeldt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nomie","family":"Eriksson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022030720201068600_b1","unstructured":"\u00c5hlfeldt, R.\u2010M. (2008), \u201cInformation security in distributed healthcare \u2013 exploring the needs for achieving patient safety and patient privacy\u201d, PhD dissertation, Report Series No. 08\u2010003."},{"key":"key2022030720201068600_b2","doi-asserted-by":"crossref","unstructured":"Andersson, A., Hallberg, N. and Timpka, T. (2003), \u201cA model for interpreting work and information management in process\u2010oriented healthcare organizations\u201d, International Journal of Medical Informatics, Vol. 72, pp. 47\u201056.","DOI":"10.1016\/j.ijmedinf.2003.09.001"},{"key":"key2022030720201068600_b3","doi-asserted-by":"crossref","unstructured":"Batalden, P.B. and Stoltz, P.K. (1993), \u201cA framework for the continual improvement of health care: building and applying professional and improvement knowledge to test changes in daily work\u201d, Joint Commission Journal of Quality Improvement, Vol. 19 No. 10, pp. 424\u201047.","DOI":"10.1016\/S1070-3241(16)30025-6"},{"key":"key2022030720201068600_b4","unstructured":"BS 17799 (2002), Information security management, part 2. Specification for information security management systems, Technical Report BS 7799\u20102, British Standards Institute, London."},{"key":"key2022030720201068600_b5","doi-asserted-by":"crossref","unstructured":"Edelson, D.C. (1996), \u201cLearning from cases and questions: the Socratic case\u2010based teaching architecture\u201d, The Journal of the Learning Sciences, Vol. 5 No. 4, pp. 357\u2010410.","DOI":"10.1207\/s15327809jls0504_3"},{"key":"key2022030720201068600_b6","unstructured":"Eriksson, N. (2005), \u201cA new dawn is breaking in medical service. Supports and hinders for change in professional organization\u201d, PhD thesis, University of Gothenburg, Gothenburg."},{"key":"key2022030720201068600_b7","unstructured":"Erlingsd\u00f3ttir, G. (1999), \u201cSeducing ideas \u2013 quality ensurance in healthcare\u201d (in Swedish), PhD thesis, Lund University, Ekonomih\u00f6gskolan, Lund."},{"key":"key2022030720201068600_b8","doi-asserted-by":"crossref","unstructured":"Hall, M. (2004), \u201cManaged care patient protection or provider protection? A qualitative assessment\u201d, The American Journal of Medicine, Vol. 117, pp. 932\u20107.","DOI":"10.1016\/j.amjmed.2004.06.042"},{"key":"key2022030720201068600_b9","doi-asserted-by":"crossref","unstructured":"Hasselblad, H. and Bejerot, E. (2007), \u201cWebs of knowledge and circuits of communication \u2013 institutional transformation in Swedish health care\u201d, Organization, Vol. 14 No. 2, pp. 175\u2010200.","DOI":"10.1177\/1350508407074223"},{"key":"key2022030720201068600_b10","unstructured":"ISO (2008), \u201cThe ISO 27000 Directory\u201d, available at: www.27000.org\/ (accessed 10 December)."},{"key":"key2022030720201068600_b11","unstructured":"ISO 27002 Directory (2008), An Introduction to ISO 27001, ISO 27002 \u2026 ISO 27008, available at: www.27000.org\/ (accessed 25 March, 2008)"},{"key":"key2022030720201068600_b12","unstructured":"ISO\u2010IEC (1996), \u201cISO\u2010IEC Guide 2:1996(E\/F\/R), ISO\/IEC\u201d, Geneva."},{"key":"key2022030720201068600_b13","unstructured":"ISO\/IEC (2005a), \u201cInformation technology \u2013 security techniques \u2013 code of practice for information security management\u201d, Technical Report (International standard ISO\/IEC 17799:2005), International Organization for Standards, Geneva."},{"key":"key2022030720201068600_b14","unstructured":"ISO\/IEC (2005b), \u201cInformation technology \u2013 security techniques \u2013 code of practice for information security management\u201d, Technical Report (International standard ISO\/IEC 27002:2005), International Organization for Standards, Geneva."},{"key":"key2022030720201068600_b15","unstructured":"ISO\/IEC (2006), \u201cInformation technology \u2013 security techniques \u2013 information security management systems \u2013 requirements\u201d (International standard ISO\/IEC 27001:2006), International Organization for Standards, Geneva."},{"key":"key2022030720201068600_b16","doi-asserted-by":"crossref","unstructured":"Jackson, J. (2004), \u201cCase\u2010based teaching in a bilingual context: perceptions of business faculty in Hong Kong\u201d, English for Specific Purposes, Vol. 23, pp. 213\u201032.","DOI":"10.1016\/j.esp.2003.05.001"},{"key":"key2022030720201068600_b17","doi-asserted-by":"crossref","unstructured":"Janczewski, L. and Shi, F.X. (2002), \u201cDevelopment of information security baselines for healthcare information systems in New Zealand\u201d, Computers & Security, Vol. 21 No. 2, pp. 172\u201092.","DOI":"10.1016\/S0167-4048(02)00212-2"},{"key":"key2022030720201068600_b18","unstructured":"Kjell\u00e9n, B., Lundberg, K. and Myrman, Y. (1994), \u201cTo teach with the case methodology: a handbook on teaching and writing\u201d (in Swedish), Council for the Renewal of Higher Education, Stockholm."},{"key":"key2022030720201068600_b19","unstructured":"Landstingsrevisorerna, (2000), The Role of Home Healthcare in Healthcare (in Swedish), Landstingsrevisorernas rapport, February."},{"key":"key2022030720201068600_b20","doi-asserted-by":"crossref","unstructured":"McNaught, C., Lau, W.M., Lam, P., Hui, M.Y.Y. and Au, P.C.T. (2005), \u201cThe dilemma of case\u2010based teaching and learning in science in Hong Kong: students need it, want it, but may not value it\u201d, International Journal of Science Education, Vol. 27 No. 9, pp. 1017\u201036.","DOI":"10.1080\/09500690500068618"},{"key":"key2022030720201068600_b21","doi-asserted-by":"crossref","unstructured":"Mas, N. and Seinfeld, J. (2008), \u201cIs managed care restraining the adoption of technology by hospitals?\u201d, Journal of Health Economics, Vol. 27, pp. 1026\u201045.","DOI":"10.1016\/j.jhealeco.2008.02.009"},{"key":"key2022030720201068600_b22","unstructured":"Ministry of Health and Social Affairs (2006), National Strategy for eHealth, S2006.019, available at: www.regeringen.se\/sb\/d\/2028\/a\/64324 (accessed December 2007)."},{"key":"key2022030720201068600_b23","unstructured":"Ministry of Health and Social Affairs (2007), Web\u2010page, available at: www.sweden.gov.se\/health (accessed November 2007)."},{"key":"key2022030720201068600_b24","unstructured":"National Board of Health and Welfare (2004), Patient Safety in Electronic Healthcare Documentation (in Swedish), Report from an Organisation Overview 2003 in a Health District in the Northern Region, Article No: 2004\u2010109\u201011."},{"key":"key2022030720201068600_b25","unstructured":"S\u00e5g\u00e4nger, J. and Utbult, M. (1998), The Healthcare Chain and Information Technology (in Swedish), Teldok Report No. 119."},{"key":"key2022030720201068600_b26","unstructured":"Scott, W.R., Ruef, M., Mendel, P.J. and Caronna, C. (2000), Institutional Change and Healthcare Organizations \u2013 From Professional Dominance to Managed Care, The University of Chicago Press, Chicago, IL."},{"key":"key2022030720201068600_b27","unstructured":"SIS (2003), SIS Handbook 550 (in Swedish), Terminology for information security, SIS F\u00f6rlag AB, Stockholm."},{"key":"key2022030720201068600_b28","unstructured":"SIS (2009), \u201cLIS \u2013 Management systems for information security \u2013 SIS\/TK318\u201d (in Swedish), available at: www.sis.se\/DesktopDefault.aspx?tabname=%40Projekt&PROJID=1191 (accessed 19 May)."},{"key":"key2022030720201068600_b29","unstructured":"S\u00f6derstr\u00f6m, E. (2004), \u201cB2B standards implementation: issues and solutions\u201d, PhD thesis, Department of Computer and Systems Sciences, Stockholm University, Akademitryck."},{"key":"key2022030720201068600_b30","doi-asserted-by":"crossref","unstructured":"Thomas, M.D., O'Connor, F.W., Albert, M.L., Boutain, D. and Brandt, P.A. (2001), \u201cCase\u2010based teaching and learning experiences\u201d, Issues in Mental Health Nursing, Vol. 22, pp. 517\u201031.","DOI":"10.1080\/01612840152393708"}],"container-title":["Journal of Systems and Information Technology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/13287260910983650","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/13287260910983650\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/13287260910983650\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:24:16Z","timestamp":1753403056000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jsit\/article\/11\/3\/295-308\/250963"}},"subtitle":[],"editor":[{"given":"Rosemary","family":"Stockdale","sequence":"first","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2009,8,14]]},"references-count":30,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2009,8,14]]}},"alternative-id":["10.1108\/13287260910983650"],"URL":"https:\/\/doi.org\/10.1108\/13287260910983650","relation":{},"ISSN":["1328-7265"],"issn-type":[{"type":"print","value":"1328-7265"}],"subject":[],"published":{"date-parts":[[2009,8,14]]}}}