Abstract
Guneypark Hastenesi Hatay is one of the key healthcare facilities in Turkey and it has continued appreciating the significance of technology within the organization. Effective technological application in hospitals is vital in leading to more efficient operations. Nevertheless, it is always critical to consider the protection of the confidentiality of patients in the best ways possible to ensure that the technology is working for their best interests. As a challenge, privacy and confidentiality need to be always protected using full proof electronic patient record (EPR). This project is aimed at building a robust system for Guneypark Hastanesi Hatay Hospital to improve on the existing operations while also ensuring that the hospital is in the best position to protect the privacy and confidentiality of patients. The system will be strategic to boosting the hospital operations in both the short-term and long-term in a manner that is reliable enough.
 
Keywords: Guneypark Hastanesi Hospital, technology, e-health, confidentiality
 
 
 
 
 
 
Table of Contents
Abstract 2
CHAPTER ONE: INTRODUCTION AND BACKGROUND.. 7
1.1 Background of the Problem.. 7
1.2 Motivation. 7
1.3 Research Aim.. 8
1.4 MOST Analysis. 8
1.5 Study Design. 9
1.6 Legal, Social and Ethical Concerns. 11
CHAPTER TWO: LITERATURE REVIEW… 12
2.1 Systems Theories and the Health Information Systems (HIS). 12
2.2 Types of Health Information Systems (HIS). 14
2.3  The Technologies of the Health Information Systems. 17
Semantic Web. 17
Web Services. 17
Health Grid. 18
VOIP. 18
Application of the Health Information Systems at the Hospital 19
2.4 Threats to Healthcare networks. 21
2.5 Data Security to maintain Privacy and Confidentiality. 23
2.6 Threat Assessment. 26
2.7 Health Information Systems Techniques and Data Modeling in Healthcare Organizations. 27
2.8 Project Management Tools. 34
2.8.1 SCRUM AS A TOOL TO BE USED IN THE MANAGEMENT OF THE PROJECT.. 34
2.8.2 Critical Path. 36
2.8.3 Work Breakdown structure. 37
CHAPTER FOUR: DISCUSSION.. 38
3.1 Current Health Information Systems in Guneypark Hastanesi Hospital 38
3.2 Requirements Catalogue. 40
3.2.1 Functional Requirements. 40
3.2.2 Non-Functional Requirements. 42
3.3 Issues of Data Security and Privacy at Guneypark Hastanesi Hospital 42
3.4 Recommended System to Improve Hospital Operations and Patient Privacy at Guneypark Hastanesi Hatay Hospital 44
3.5 Soft Systems Methodology. 44
Step 1: The consideration of the problematic situation. 45
Step 2: Problem expression. 45
Step 3: Formulation of root definitions. 47
3.6 Strategic Analysis. 66
3.6.1 SWOT Analysis. 66
3.6.2 GENERAL RISK ASSESSMENT.. 69
3.6.3 PESTEL Analysis. 71
3.6.4 Balanced Score Card. 73
3.7 Software development life-cycle. 75
3.8  Enterprise Architecture  with the Zachman Framework. 76
Guneypark Hospital Management System Modeling with Zachman. 77
3.8.2 The Enterprise/Business Model 80
3.8.3 System Model 80
3.8.4 The Technology. 82
3.8.5 Detailed Representation. 82
3.8.6 Functioning Enterprise. 83
3.8.7 Conclusion. 83
3.9 Stakeholder Responses. 83
3.10 Design Models as per Zachman Framework. 85
5.1 Conclusion. 94
5.2 Recommendations. 96
Appendices. 99
INFORMATION SHEET. 102
INFORMED CONSENT FORM… 102
QUESTIONNAIRE. 103
Bibliography. 104
 
 
List of Figures
Figure 1: Hospital Information systems (CISs). 14
Figure 2: Community Health Information network (CHIN). 15
Figure 3: e- Public health information systems. 16
Figure 4: System Architecture of Security Framework for Health Information Management (Jung, Jang and Kang, 2014). 24
Figure 5: Security of Patient’s Data through Encryption (Kardas and Tunali, 2006). 26
Figure 6: Patient Security Model ……………………………………………………………………………………………………..31
Figure 7: E-Health Components (Aer-ameos.net, 2015). 36
Figure 8: The Problematic Situation……………………………….……………………….……………………….………………41
Figure 9: The Rich Picture – Issues Arising from Implementation……………………….…………………………….43
Figure 10: Receptionist Case Diagram……………………….……………………….……………………….…………………..46
Figure 11: Patient Case Diagram……………………….……………………….……………………….…………………………..47
Figure 12: Nurse Case Diagram……………………….……………………….……………………….…………………………….48
Figure 13: Doctor Case Diagram……………………….……………………….……………………….……………………….….49
Figure 14: User Case Log-in Process……………………….……………………….……………………….……………………..50
Figure 15: Overall Hospital User Case……………………….……………………….……………………….…………………..51
Figure 16: Activity Diagram……………………….……………………….……………………….……………………….………….52
Figure 17: Admin User Level Security……………………….……………………….……………………….……………………53
Figure 18: Sequence Diagram For Appointment Scheduling……………………….……………………….………….54
Figure 19: Sequence Diagram for Consulting……………………….……………………….…………………………………55
Figure 20: Creating Appointment……………………….……………………….……………………….…………………………56
Figure 21: Sequence Diagram for Doctor Allocation……………………….……………………….………………………57
Figure 22: Class Diagram……………………….……………………….……………………….……………………….……………..58
Figure 23: State Chart Diagram……………………….……………………….……………………….…………………………….59
Figure 24: Entity Relationship Model……………………….……………………….……………………….……………………60
Figure 25: Balance Score-Card for Guney park Hospital……………………….……………………….…………………66
Figure 26: Project Scope Diagram……………………….……………………….……………………….…………………………72
Figure 27: Patient registration……………………….……………………….……………………….………………………………92
Figure 28: Patient Appointment……………………….……………………….……………………….……………………….…..92
Figure 29: Patient Management……………………….……………………….……………………….……………………………93
Figure 30: Appointment Management……………………….……………………….……………………….………………….93
 
 
 
List of Tables
Table 1: Threats Identified At Guneypark Hospital…………………………………………………………………….26
Table 2: Functional and Non-Functional Requirements for Guneypark Hospital………………………………37
Table 3: Comparison of Problems and Solutions………………………………………………………………………………60
Table 4: PESTEL Analysis. 65
Table 5: His Model…………………………………………………………………………………………………………………………..66
Table 6: Artifacts and the Zachman Framework. 70
Table 7: Guneypark Hospital Management System Modeling with Zachman. 78
 
 
 
 
 
 
 

 
 

 

CHAPTER ONE: INTRODUCTION AND BACKGROUND

1.1 Background of the Problem

Information and Communication Technologies (ICT) are gaining importance in healthcare industry as more and more hospitals are adapting to new technologies. ICT has helped these hospitals increase the efficiency and effectiveness of their services. A standard practice is to deploy a Healthcare information systems (HIS) which is very useful in assessing information quickly and performing other activities like data storage, and information processing (Akbulut, Terekli and Yıldırım, 2012).
Some trends have been observed in HIS systems of shifting their focus from departmental systems to regional or global HIS, use of HIS data for multiple purposes including patient care, administrative work, healthcare planning, and research investigation. HIS systems were used initially with an aim to improve the quality of healthcare services. In a Health Information system, individuals, processes and technologies interact with each other to deliver information to a user.
There are a variety of HIS systems available such as Community Health Information network (CHIN), and the e- Public Health Information Systems. Guneypark Hastanesi Hospital from Turkey uses a Health information system which is currently facing certain issues related to privacy, confidentiality and security.

1.2 Motivation

            An HIS can have significant effect on the service quality of a hospital. This project would thus, involve development of a system which is improved upon the current system used by the hospital. The solution would be able to boost operations in the hospital (Bolin & Kaestner, 2012). This would get the operations aligned with the aim of the hospital to always provide services to patients in best possible ways and achieve its mission, “District and local people; Reliable, quality, economical and easily accessible health service” (Locatelli, Restifo, Gastaldi, & Corso, 2011).  The solution will provide three key benefits to the hospital business and these include:

  • Business processes would be automated that would improve the efficiency of the system with reduction in human errors and increased accuracy of data
  • With improved efficiency of work, hospital staff would be able to take better and faster decisions which would improve the quality of patient care which in turn would increase the bed turnover positively affecting revenues of the hospital
  • Operational costs of the hospital would reduce in the long run with reduction in administrative expenses with automation

The vision of the project is to develop a hospital management system that eliminates all the current issues of the Guneypark hospital and makes the hospital most efficient and effective in the region using state-of-art technologies.

1.3 Research Aim

The aim of this project is to design a new and advanced business process model for Guneypark Hastanesi Hatay Hospital and develop a new system that is built based on the new business model. The system would be coded from scratch and thus, it would be highly customized for the hospital such that it would resolve all the management problems that are currently faced by the Hospital.

1.4 MOST Analysis

The MOST analysis can be used to come up with the mission, objectives, strategies and tactics for the project.
Mission is the purpose and function of a business. Mission of Guneypark system project is to develop business process model and an aligned system.
Objectives of the project are the measurable goals that include:

  • To identify business problems and design a modified business process model that can solve the current management issues faced by the hospital
  • Use system modeling to design prototype of a new system as per the new business model using coding from scratch
  • Develop a prototype and technology model for the new hospital management application using Agile approach
  • Design and develop the application architecture using a professional framework that links all the system components
  • Design a database for the hospital considering all ethical and security conerns of the business

A high-level strategy that can be used for achieving these goals would be to develop a highly customized prototype of the business system as per the new proposed business model for the hospital using coding from scratch such that all the problems could be taken care of. Tactics that would be used for implementing this strategy would be use of Agile approach for the development of the system.

1.5 Study Design

In this study, the prospective research design is utilized. According to Matthews and Kostelis (2011), a prospective study is one that is focused on the realization of the study outcomes. The focus of the project is the Guneypark Hastenesi Hospital, and the aims primarily emphasize on the provision of organ transplant services. It works in tandem with the principle of public health, which is always aimed at ensuring that the community needs are addressed in a manner that is deep and satisfactory enough (Beaumont, 2011). The hospital is emphatic on the use of technologies with high capabilities with the view of ensuring that it delivers the needed community goals to the target population. Being a transplant hospital, there is a focus on ensuring that effective equipment’s are utilized in the laboratories to attain the best possible outcomes for their patients (Cruz-Cunha, Miranda and Goncalves, 2013).
This study uses secondary data that is collected from other sources i.e. literatures published by other individuals. Use of secondary data is needed to understand how the systems are currently working in the hospital and identify the need for the development for improvement from those involved in managing technologies and processes (Farrimond, 2012). With secondary research, the data obtained provided an insight into the current technologies in use, thus allowing for a better prototyping of more efficient technology, that is able to improve on the current privacy issues concerning the architecture of the software deployed, to collect confidential data that ought to remain in safe-hands, with strong recommendations on current technologies, helping to improve data collection and storage. Moreover, with secondary research, a better analysis can be made to improve upon the current systems. It has allowed for better analysis through the use of SWOT, to understand the weaknesses and strengths of the current architecture; which is discussed throughout this article, thus, utilizing better approaches to designing a system capable of maintaining high-level information that will remain undisclosed, but also easily accessible by staff members i.e. doctors, clinicians or any other authorized personnel that is allowed to access the data.
Since the data is collected from secondary sources and does not involve on-sight data gathering, the collection process would be cost efficient (Pope and Mays, 2006).
To be able to present and analyze views of the respondents effectively in this research, that is; the technicians and staff that are currently maintaining the data systems, the soft systems methodology (SSM) has been used (Thomas and Piccolo, 2009) discussed later in the article. A part of this methodology is to take into consideration the current architecture being used, understanding the effectiveness and where improvements can be made and providing alternative suggestions. With the new suggestions, the database designers and maintainers can be handed a questionaaire assessment to respond to, which will involve questions based around security for the technicians to analyse, user-experience i.e. doctors can also be asked to fill in the assessment as part of the model, to understand their ease of access to the data and being able to update as necessary, or indicating any areas that require more enhancements, if data handling is slowing up the process due to a flaw in the design. SSM is applied to organizational process modeling (business process modeling) for it can handle both the general solution of problems and the change in management. The approach is focused on the improvement of technology for the future (Miller-Cochran and Rodrigo, 2013). Before suggesting any improvements, a SWOT analysis would be done to understand the strengths and weaknesses of current system as well as the threats they face and the opportunities for improvement (Street, 2011). of the systems that are applied to the organization and its operational perspective.

1.6 Legal, Social and Ethical Concerns

Legal questions can arise related to rights, expectations, and duties of healthcare professionals and the patients. The protection of the personal health data of the patient is the right as identified by Health Insurance Portability and Accountability Act (HIPAA) which puts the duty on caregivers to ensure confidentiality of patients such that the patient data is not disclosed outside of the legally recognized system including doctor, patient, and attorney. Any disclosures outside this system would have contextual limitations. Hospital authorities or service providers can take the benefit out of such disclosures and thus, legal laws identify the benefits that are prohibited and thus, any disclosures done for getting these benefits are considered improper.
Use of social networking by the healthcare professional and by patients also pose risk to confidentiality and privacy of the patient. Online communities are protected under the HIPAA law and thus, a different mechanism needs to be used for protection.
Ethics can significantly influence the outcome of a research and thus, would be addressed in this research. An ethical committee would be formed in Guneypark Hastanesi that would approve the project upon considering the ethics so that they can ensure that the practices approved in the research and development are ethical (Farrimond, 2012).
If the research is successful and qualified to be carried out as a primary approach for data collection, the respondents involved as part of the research i.e. answering questions from the survey, it is essential that their consent be taken before-hand to ensure that their responses are purely from their personal views and they are in no way pressured into the survey Furthermore, it is the duty of the researcher to maintain the data in safe hands, not losing or leaking confidential papers to third parties (Whiteman, 2012).
To ensure privacy needs, the researcher would ensure to not collect any personally identifiable data from respondents but only the demographic or organizational data needed to understand the situation of the hospital (Wang, 2014).

CHAPTER TWO: LITERATURE REVIEW

2.1 Systems Theories and the Health Information Systems (HIS)

Health information systems play an instrumental role in facilitating the success of the healthcare sector. A well-functioning healthcare system enhances accuracy and reliability, as well as saves on time (Tatar, Mollahalilog˘lu, Sahin, Aydın, Maresso and Hernández-Quevedo, 2011). Its application is helpful in adequate decision making in the healthcare system.
Guneypark Hastanesi Hospital is one of the hospitals in Turkey that highly relies on the Health information systems (HISs) for making clinical decisions. In the clinical setting, a network of systems that are hierarchical is needed in the correct transfer of clinical information. The health information systems can be termed as a data base that is computerized particularly designed with the objective of communicating and storing health information and the administrative information.
The HIS provides support to the care of patients as it relies on the interdependence of tasks, thus putting into consideration priorities in the departments and specialties of health. With a view of ensuring quality support in the light of the effective implementation of the HISs, there is the need to provide accurate information in supporting the clinical process of decision making (Sun and Reddy, n.d.). The features of the HISs provide an opportunity to obtain adequate functional information, thus improving the overall needs of the healthcare system. The implementation of effective HISs enables the positive transformation in the delivery of healthcare (Cinaroglu and Baser, 2017). However, the issues concerning the protection of confidentiality and security of the patients’ information arise with the use of the health information systems. This is one of the technological menaces facing Guneypark Hastanesi Hospital. There is, therefore, the need to identify specific strategies that can enhance the protection of the confidentiality and security of the information of the patients.

2.2 Types of Health Information Systems (HIS)

Figure 1: Hospital Information systems (CISs) – A model representation of information system designed for implementing control data-structures for all aspects of a hospital’s operation, from patient management, clinical information to other data managements.
One type of health information systems is Clinical Information systems (CISs), which are based on technology and supports system based on specific requirements (Suder and Durucu, 2015). The CISs enhance the provision storage with the capabilities in the processing of information. This type of the HISs is designed to allow the users to perform various activities, including utilizing, sharing and retrieving information (Cruz-Cunha, Miranda and Goncalves, 2013). Clinical and healthcare professionals take part in documenting clinical information by the use of sources, such as lists of medication, clinical history, lab reports, and radiology reports.  These reports are stored in a patient information database that can be used to access medical records of patients whenever needed.
Figure 2: Community Health Information network (CHIN) – A model showing the exchange of information with non-community organizations
The Community Health Information network (CHIN) is another type of health information network that links stakeholders in healthcare community (Street, 2017). This involves integration of telecommunications and network capabilities that enhances communication with patients (Daim, Behkami, Basoglu, Kök and Hogaboam, 2016). The CHIN also promotes the facilitation of the effective flow of information among a wide range of providers and employers and the stakeholders in the system of healthcare and in other areas. These stakeholders include technology providers, non-community organizations, future community organizations, health information exchanges and eHealth systems. Figure above shows one example of A CHIN in which state designated services and other exchanges form an information network that is shared with the community.
Figure 3: e- Public health information systems. This model provides a way of tying together the disciplines of public health, clinical and other health services, allowing health practitioners to understand the growing e-health technologies. Common technique for public health surveillance, gathering intelligence on health data, to collect, analyze and interpret data, and create models for emerging health problems.
The e- Public health information systems is another type of HIS which provides support to healthcare organizations through the use of emerging e-technologies (Sridhar, 2013). These systems can be used for collecting, tabulating, analyzing and communicating crucial health statistics. Some examples of e- Public technologies are geographical systems of information (GSI), data warehousing, the methodologies of data mining, and technologies application (Daim, Behkami, Basoglu, Kök and Hogaboam, 2016). Electronic Health records are maintained in the system that includes information of provider, demographics of patient, drug information, lab test results, diagnostic imaging, and public health information.
The geographical systems of information are significant tools employed in the collection, recording, storage, analysis, displaying and manipulation of information. Spatial data with the inclusion of the digitalized maps are utilized in providing geographical information in healthcare (Simon, 2010). The technologies in the geographical systems of information are helpful in conducting epidemiological activities and in mapping out specified endemic and epidemic diseases. The information that is provided is based on the regions and districts, and even states. The collected information is further utilized in the development of strategies that promote effective and efficient interventions in healthcare (Dikmen, Karataş, Arslan and Ak, 2016). The emergence of the web in information dissemination provides relevant information on infectious diseases both at the national level and the international level.

2.3  The Technologies of the Health Information Systems

There is a wide range of emerging tools, in addition to the technologies used in the creation and management of the Health Information Systems (Sampietro-Colom and Martin, 2016).

Semantic Web

A World Wide Web extension, offers an approach that can be used for knowledge processing and management using representation standards that can be interpreted by machines. This technology assists computers and individuals in enhancing their work by providing them a better understanding of content. The use of the Semantic Web has also been recognized by the research communities in research (Street, 2017).

Web Services

Health Information Systems also use Web services as another technology. This technology is a software component or rather a software application that support interaction by the use of XML, as well as Internet technologies (Dogac, 2012). The technologies are used in the transmission of information in the form of messages. The technologies have significantly increased the interest in the services that are oriented by architectures. There are various benefits that are associated with the use of the web services in the HISs. These benefits include loose coupling, as well as the promotion of the ability and the ease of integration and accessibility (Russell, 1979). Various support systems in health information provide a demonstration of the computer network applications that play the vital role in tapping into huge array of the information on health that is available widely on the Web. The systems are particularly designed taking into consideration the needs of the patients that are experiencing a health crisis or medical concerns and the providers of primary care.
The health information systems that are centered on the patients utilize a variety of strategies for filtering the information on health available on the web. Focused information is obtained on health issues such as asthma, the abuse of alcohol / drugs, HIV/AIDS, and stress (Grain, Martin-Sanchez and Schaper, 2014). Support systems that provide health information that is centered on the physician utilize a wide range of strategies in the provision of health information that is filtered particularly from the WWW for the physicians, the patients and the families of the patients concerning such topics as safety, the health of a child, and insulin management.

Health Grid

A health grid is another technology that is used in the HISs. This technology is used to gather and share medical records, health records and clinical records that are maintained by the hospitals, the organizations of healthcare, and drug companies (Ozturk, Bahcecik and Ozcelik, 2014). A health grid can be referred to an environment that provides an opportunity for the storage of the medical interest data. It also facilitates the ease in the availability of the various actors in the system of healthcare, including physicians, allied professions, healthcare centers, administrators, patients, and the general public.

VOIP

VoIP is another technology used in the HISs. This technology is a major driving force for HIS because of its capability of saving on costs, its portability and functionality (Groves, Kayyali, Knott and Kuiken, 2013). Integrating the mobile HIS with the VoIP technology results in various benefits, particularly in the case of a wireless hospital.
The ubiquitous environment of computing provides numerous possibilities in the new ways of organization, communication, besides working and living (Olcay, 2013). It is, however, significant to make the assertion that the application of ubiquitous systems of computing results in the creation of new risks with respect to security and privacy. With the objective of organizing the u-healthcare infrastructure, there is the need to establish a framework that is aware of the context appropriate specifically for the wearable computer or rather the personal computers that are small sized and portable (Gözlü and Kaya, 2016). In this regard, the mobile health abbreviated as the m-health is the current type of ubiquitous computing categorized as the network technologies in mobile in the system of healthcare. This idea brings out the evidence that there have been drastic changes in e-health systems from use of desktops and wired connections use of compact disks and later to the application of wireless connections.

Application of the Health Information Systems at the Hospital

Telemedicine
Guneypark Hastanesi Hospital utilizes various health information systems. It employs the telemedicine as an e-health application. Generally, telemedicine uses techniques of video conferencing to provide aid in delivery of consultations to the patients residing in distant locations from the healthcare centers (Okem, 2011). Telemedicine puts into consideration the usage of electronic technologies, information technologies as well as communication technologies in providing and supporting healthcare for remote patients. This application is also known as e-medicine that involves various aspects, including tele-radiology and tele-dermatology (Günes, Gürlek and Sönmez, 2016). This is an effort that drastically improves the delivery of healthcare.
Telemedicine can be effectively and efficiently used for solving a variety of problems in healthcare. Guneypark Hastanesi Hospital uses the telemedicine application for solving the medical problems of patients. This application is particularly employed in this hospital in exchanging information by the use of various forms, such as voice and images (Günes, Gürlek snd Sönmez, 2016). Based on the perspective of technological advancement in the world, telemedicine is a field that is rapidly growing as it involves transferring information through phone or the internet, in addition to the use of other networks with an objective of enhancing clinical consultations. Telemedicine is also currently used in the remote examination of medical procedures. Guneypark Hastanesi Hospital uses telemedicine for various purposes, including the diagnosis and treatment of the patients (OECD, 2014). The hospital also uses the application for the prevention of diseases and the provision of education for both the patients and the professionals of healthcare in the hospital setting.
Telemedicine is also employed as a significant research tool in the hospital. In this regard, telemedicine provides a way for the diagnosis and treatment of patients at a distance (Moore and Sharma, 2013). The remote monitoring of patients has enhanced the provision of healthcare in Guneypark Hastanesi Hospital as a result of the use of telemedicine. Patients also have adequate access to information in healthcare as a result of the application of telemedicine in the Guneypark Hastanesi Hospital.
Electronic Health Records (EHR)
Additionally, there is use of electronic health records in the provision of healthcare to its patients that include the Electronic Medical Records (EMR) and the Electronic Patient Record (EPR) (Mettler, Rohmer and Baacke, n.d.).  These systems and applications enhance the facilitation of the retrieval and storage processes of a single record of a patient by the utilization of a computer application. The difference that exists between the Electronic Medical Records (EMR) and the Electronic Health Record (EHR) is that EMR focuses on longevity in the storage of organizational records while EHR focuses on integrity (Kasapoglu, 2016). In this regard, problems arise from the management of the same nature of various electronic records. The EMR is concerned with the records of the patient and the legal documents associated to a particular event that has taken place in the process of encounter of the patient in the hospital while receiving medical services (Marcus, 2014). Specifically, the Electronic Medical Record is possessed by the hospital while the Electronic Health Record contains the health records of a patient and can be used as an update of the EMR. A single patient might be in possession of various EMR that originates from a wide range of hospitals. However, the records are all coordinated and centralized specifically in the EHR (Kirimlioglu, 2017). The collection evidence, such as the system, facilitates the clinical practice is employed in the management of digital images and the work flow of the information systems.
Guneypark Hastanesi Hospital thus uses the EMR and the EHR in disaster management in the case of the patients and gauging the warnings of a forthcoming disease in the body of a patient. This is because the EMR and the EHR provide relevant information concerning the medical history of a patient (Mantas and Hasman, 2013). The electronic cabinet is used in storing the data of the patients emanating from various sources, such as images and text. Guneypark Hastanesi Hospital improves the safety of the patients by the use of the EHR. This is because the EHR allows this hospital to share medical information of the patients that is comprehensive (Mahalli, 2015). The EMR, however, has both advantages and disadvantages. In reference to the advantages, the EMR saves on time, improves the outcome of care and enhances coordination in the provision of care (Kohlwes, 2014). In relation to the disadvantages, the aspect of the consent from patients emanates with the use of the EMR. This is because permission has to be sought from the patients before viewing their health records. More so, the knowledge of the previously used medication in treating the patients ought to be put into consideration.

2.4 Threats to Healthcare networks

Information is an asset for a healthcare organization which is used for patient care and attaining efficiency in operations. The data is digitally distributed to a large number of people including medical practitioners, health personnel, clinicians, therapists, and patients. This sharing of information introduces some risks such as unauthorized access, database modifications, data theft, and hacking.  To maintain the privacy of the information of a hospital, data governance structures can be used with encryption techniques for data protection.
However, the hospital still remains exposed to certain risks like packet sniffers, IP spoofing, denial of service [DoS], spam, man-in-the-middle attack, and viruses. Packet sniffers spy on the data that is being transferred. Sensitive patient data can be assessed by them in this way which can be used for spying over the patients.
IP spoofing happens when a hacker shows up as a legitimate computer system in the network and gains access to the medical information. Bogus URLs are sent by the hacker to the system to gain access. A Denial of Service attack is rather a common type of attack that is launched by hacker to prevent genuine users from getting services by depletion of system resources through flooding of gates with http requests. Man-in-the-Middle is another type of cyber-attack in which the hacker sits in the mid of sender and receiver and can modify the message that is being transferred.
Besides these common threats, the hospital can also face other security risks such as worms, viruses, Trojan horses and spams. There are certain tools available that can be used for reducing these risks. An anti-virus application is the most commonly used security tool that can counter virus threats. These applications can also be used to block unauthorized access to systems. However, such a tool may not be able to detect all the virus signatures such as in the cases where virus code pattern matches file code patterns. This can also happen if the program is not updated regularly. There is also a practical challenge with using antivirus and that is need for use of large amount of computer memory and drive space that can slow down other applications while scanning causing disruption in services.
Intrusion detection Systems can be used for monitoring traffic which is a preventive measure targeted to identify malicious activity and block the culprit before systems face a damage. IDS add protection measures to a network as it can end a user session that is not following security policy. However, there are certain drawbacks with this technology such as high maintenance requirement, failure to detect intrusions if not updated, and existence of cases of false positives and negatives.
Security Socket Layer (SSL) can be used for preventing malware from entering the hospital network. Every security tool has some benefits and some drawbacks. Thus, they may be used in combination so that they can complement each other to give better protection through assurance of protection of integrity, confidentiality and availability of data.

2.5 Data Security to maintain Privacy and Confidentiality

The security of data is one of the significant aspects required by a database system. The safety of the data prevents the accessing of data by the third parties that are not authorized. In this regard, security is required in avoiding any form of damage to the data related to the patients as this can result in negative implications on the hospital, as well as the patient (Kohlwes, 2014). It is significant there is an increased probability of the database systems being attacked majorly because of the amount of data that is stored in them. In the recent past, the database systems have increasingly become the major focal point of cyber-attacks. All the challenges with security emanates from various sources (Lu, Street, Currim and Hylock, 2009). To begin with, masquerades are the most prevalent form of cyber-attacks. Masquerades take the form of a disguise whereby an attacker acts as a user that is authorized in a target system. Through the use of disguise, the masquerades end up gaining access to the database systems and accessing the primary data that is stored in the database systems. The attackers have the access to the database systems by the use of stolen passwords or usernames due to different security gaps that are present in the application code (Kose, et al., n.d.). For the record system related to the patient, the hospital experiences various challenges as a result of the leaking of the patient’s data. In facilitating the aspect of security and confidentiality of the information from computer resources and technologies, the framework below gives the approach to the effective information security framework that could be followed by organizations.
Figure 4: System Architecture of Security Framework for Health Information Management (Jung, Jang and Kang, 2014)
State of Data Protection in Turkey
In ensuring that the data of individuals is protected in the best ways possible, the Turkish Constitution works toward ensuring that every particular information of individuals is secured in the best ways possible (Akbulut & Yıldırım, 2012). The data protection aspect is captured in Article 20 of the Constitution asserts that any individual using data has the responsibility of going by the strict rules that are commonly known as the principles of data protection. That is, the individuals should follow the set principles while using data:

  • Usage of data should be pegged on fairness and legality.
  • Data usage should be used for an intended purpose. It should thus be relevant for its area of use and not be excessive.
  • Safety and security should be promoted in the use of data.
  • Data should not be transferred in the places that are outside the economic area of Europe with the lack of adequate protection.

Moreover, in line with the data protection law, there should be a strong legal protection with respect to highly sensitive information, such as records of crime, sexual health, and opinions in politics, health information, religious beliefs, and even ethnic background (Kose, et al., 2008). This law also requires an individual to provide consent in the case of the collection of the individual information and the use of the individual information for the purpose in question. According to the directive in data protection, consent is defined as the willingness to allow using or retrieving one’s information for various purposes (Lu, Street, Currim and Hylock, 2009). This measure creates an impression that an individual might be a representation of agreement instead of the presentation of the agreement in writing. Non-communication on its part is not considered as consent. Various factors ought to be put into consideration when it comes to the provision of consent in the collection of data (Kose, et al., n.d.). These factors include the age and capacity of a person, as well as other conditions and circumstances related to the case.
Data protection is a critical element for all types of organizations even in the organizations of healthcare. Health organizations have the responsibility of storing large amounts of confidential data, as well as personal data including, the age, address, treatment, and the type of medications, health test results and medical conditions of the patients (Locatelli, Restifo, Gastaldi and Corso, n.d.). This information ought to be kept confidential and only be seen by the right personnel, such as the medical staff, and the patients themselves. This is because the data protection law does not provide for the misuse of data even by the individuals in the organization storing the data. If other individuals apart from the required ones have access to the information, they can perform various activities on the information, such as the editing or deletion of the data (Layman and Watzlaf, 2009). In the overall sense, the data protection law requires a stronger system of individual patient protection as demonstrated below.
Figure 5: Security of Patient’s Data through Encryption (Kardas and Tunali, 2006)

2.6 Threat Assessment

OCTAVE methodology provides a tool for assessment of threats in an organization. It involves exploration of the existing systems to identify threats, methods of their attacks, target of attack, and assessment of outcomes of attacks.
 
Table 1: In case of the Guneypark Hospital, some of the threats were identified as shown in the table below:

Threat IT Asset Compromised Access Actor Motive Outcome
Packet Sniffers Patient Data
Hospital Files
Emails
Through web interface Hacker Deliberate Data access infringement and damage to hospital reputation
IP Spoofing Clinical data
Patient Data
Through web interface Hacker Intentional Data exposure and modification leading to invasion of privacy
Web Defacing Clinical data
Patient Data
Through web interface Hacker Deliberate Disclosure of sensitive clinical information
DDOS Attacks Medical Data
Patient Data
Network devices
Network interface Hacker Deliberate Slow down of systems spoiling reputation by making services unavailable to users
Virus/Trojan/Worms Healthcare data
Patient data
Routers
Servers
Network Interface Malware Intentional Data intrusion causing service disruption and privacy infringement

2.7 Health Information Systems Techniques and Data Modeling in Healthcare Organizations

The application of the Health Information Systems (HIS) in the provision of healthcare has become common in many healthcare centers. The HIS techniques in the healthcare sector have led to the improved quality of healthcare services given to patients. These techniques have been facilitated by the evolution in the technological field (Zheng, Zhang and Li, 2014). The techniques have enhanced storage of large volumes of data in computers that have assured the security and privacy of the information stored in such technologies. The HIS techniques in the healthcare systems have made work easier and allows to save on time since there has been drastic change from the use of papers as storage facilities in the healthcare centers to the integration of technology in these centers (Akbulut, Terekli and Yıldırım, 2012). To add on, the HIS techniques are also used in administration, apart from improving the quality of the services delivered.
The healthcare centers also use the electronic health records in the provision of healthcare to the patients include the Electronic Medical Records (EMR) and the Electronic Patient Record (EPR) (Altin, Bektas, Antep and Irban, 2012). These systems and applications enhance retrieval and storage processes of a single record of a patient by the utilization of a computer application. However, there is a difference between (EMR) and the (EHR). As such, the former focuses on longevity in the storage of the organizational records, while the Electronic latter put much of their focus on integrity (Cinaroglu and Baser, 2017). The EMRs are concerned with the records of the patient and the legal documents associated to a particular event that has taken place in the process of encounter of the patient in the hospital while receiving medical services. This has implications that the Electronic Medical Records are possessed by the hospital (Lu, Street, Currim, Hylock and Delaney( 2009).
Due to the existence of the EHRs, there is a possibility that a single patient might be in possession of various EMRs that originate from a wide range of hospitals. However, the records are all coordinated and centralized specifically in the HERs and help in availing the medical history and treatment of patients (Top, Yilmaz and Gider, 2013). The collection evidence such as the system facilitates the clinical practice is employed in the management of digital images and the work flow of the information systems. The healthcare centers thus use the EMRs and the EHRs in disaster management in the case of the patients and gauging the warnings of a forthcoming disease in the body of a patient, in addition to planning and budget of the cost of such a treatment. This is because the EMRs and the EHRs provide relevant information concerning the medical history of a patient (Locatelli, Restifo, Gastaldi and Corso, n.d.). The electronic cabinet is used in storing the data of the patients emanating from various sources, such as images and text.
The HISs in the healthcare centers is applied to improve the safety of the patients by the use of the EHRs. This is because the EHRs provide an opportunity to the hospitals to share medical information of the patients that is comprehensive and confidential. The EMRs however have both advantages and disadvantages (Sun and Reddy, n.d.). As to the advantages, the EMRs save on time, improve the outcome of care and enhance coordination in the provision of care. In relation to the disadvantages, the aspect of the consent from the patients emanates with the use of the EMRs. This is because permission has to be sought from the patients before viewing their health records. More so, the knowledge of the previously used medication in treating the patients ought to be put into consideration. The HISs has improved the services of delivering healthcare to patients. This has prompted the use of technology by health organizations. Technology is important since it stores not only information but also a source of information used by medical practitioners in the healthcare centers (Tatar, Mollahalilog˘lu, Sahin, Aydın, Maresso and Hernández-Quevedo, 2011). The HISs in healthcare organizations have thus improved through the use of many technological applications utilized in providing health services to patients. Improved technology in the field of medicine has enhanced an effective application of e-health globally. E-health has enhanced the use of telemedicine in the healthcare organizations (Kohlwes, 2014). The knowledge in e-health has facilitated the epidemiology of patients.
Healthcare organizations use the telemedicine application in solving the medical problems among patients. This application is particularly employed in the healthcare organizations in exchanging information concerning the use of various forms, such as voice and images (Grain, Martin-Sanchez and Schaper, 2014). Based on the perspective of technological advancement in the world, telemedicine entails transferring information by the use of the phone or the internet, in addition to the use of other networks with the objective of enhancing clinical consultations. Different health facilities use the application for the prevention of diseases and the provision of education for both the patients and the professionals of the healthcare sector. Telemedicine is also employed as a significant research tool in the hospital (Gözlü and Kaya, 2016). In this regard, telemedicine provides a way for the diagnosis and treatment of patients at a distance. The remote monitoring of patients has enhanced the provision of healthcare in the healthcare organizations as a result of the use of telemedicine.
Data modeling in the healthcare organizations is essential in enhancing the delivery of better healthcare services. It is the determinant factor in the success of delivery of patient care by a healthcare organization. Data modeling software helps in identifying the exact hospital population, in addition to the services that each patient should be accorded (Grain, Martin-Sanchez snd Schaper, 2014). Data modeling is the art of enhancing methods of data management and storage so as to enhance goods results in the healthcare organizations. Improved technology has facilitated data modeling in the health sector. Data modeling in the healthcare centers is critical and should be handled carefully. This implies that the healthcare centers should be in position to give clear and comprehensive reports about their services and business based on the adoption of better data modeling techniques. Technology has emerged to be the best tool that can be used to ensure that the health organizations can effectively implement different data mechanisms strategies in the delivery of services (Top, et al., 2015). It should, however, be noted that the highly experienced experts are needed in data modeling so as to ensure the organization reports are better prepared and analyzed properly.
The establishment of data models in the health organizations calls for the person involved to plan better while considering the patients’ preferences. Communication within the health center should be considered before choosing on the suitable data modeling strategies (Gözlü and Kaya, 2016). This is in addition to the inclusion of other databases within the system. The data models should also be flexible enough to be able to meet the ever-changing demands. This measure includes being compliant, as well as putting in the strategies that will facilitate reimbursement. The models should be in position to hold the data needed for the intended health organization and also to ensure that the finances for the healthcare organization are better managed (Yurt, 2008), this is as demonstrated below:
 
Figure 6: The Patient Security Model (Catalona, 2014) – Model describing security domains for keeping data safe, and allowing access to patient’s to some extent for their medical records, but also preventing access to other unauthorized data. In each phase, a level of security is implemented to help maintain safety over the net when sharing or using data – depending on the person or parties that are trying to access.
It is worth noting that data modeling in the healthcare organizations is done in three ways. First, there is an application of data modeling that an organization attempts using the locally available resources. This implies that a health organization can decide to put in place various mechanisms of data storage and management using the personnel in the healthcare center (Bakker, Nuijens and Kaplan, 2015). There will be a possibility of lack of experienced knowledge since the employees will implement data mechanisms because it is a requirement of the healthcare organization. This approach is somehow cumbersome to the medical personnel since most of them lack the skills required in data modeling. The health organizations have often resolved to use their personnel with the excuse of saving on costs and time for reaching the experienced personnel (Lu, Street, Currim and Hylock, 2009). Unfortunately, this often comes with devastating consequences, especially where inexperienced personnel have given wrong reports or leaks out confidential information that is likely to bring fear among the patients and other people involved.
Second, data modeling can also be done using experts. This is where an organization hires the services of the experienced consultants in the modeling departments. This method of data modeling is easier; though, it is expensive, since the health organization only uses people with experience who will thus do the work faster in addition to being costly as a result of the highly experienced consultants (Sun and Reddy, n.d.). The use of the experienced consultants in data modeling in the health organizations is advisable since the team will avoid anomalies that may arise if an inexperienced team is used. This strategy will also help in saving the image of the healthcare organizations and help in attainment of the set goals. Additionally, there is confidence in the nature of services that offered when the consultants with experience in data modeling are called upon to install the software in the healthcare organization data management system (Aksu, Kipapci, Catar and Mumcu, 2015).
Last but not least, the health organizations have also come up with the most popular data modeling technique that is acceptable. This entails purchasing of data models from the known vendors. Many health organizations have resorted to the purchasing of data models due to lack of data modeling skills among their medical personnel (Beaumont, 2011). Such models are made based on their participation in other healthcare organizations. The models carry out EHRs roles, such as admission of patients, prescription, and billing. These purchased vendors are disadvantageous to the healthcare organizations as it is not easy to install new applications in case they arise. The addition of new customization skills, such as dates, definitions of new terms and new codes in the data models that were purchased takes time as the organization will have to look for the vendors who will have to be paid again (Street, 2017). Since it is costly and time-consuming to get back to the vendors, the health organizations are forced to do the customization on their own.
There are several steps that are supposed to be used to enhance successful data modeling by healthcare organizations. The first step implies that the organization should conduct enough research as it relates to the health data models, for instance, finding out the type of the health services that other health organizations offer before choosing theirs (Bolin and Kaestner, 2012). Working as a team is another step that should be applied to ensure successful data modeling. This ensures sharing of ideas and acquisition of new knowledge from the team members. The knowledge from the experienced consultants is vital in the application of data models in the healthcare organizations (Cruz-Cunha, Miranda and Goncalves, 2013). This will avoid making costly mistakes that could affect the provision of health services due to giving the wrong reports.
Data modeling requires experienced skills since it determines how a health organization will execute its duties. A health organization should thus ensure that better steps are followed for effective application of data models within its data management systems. The data models should always be ready to solve different health-related problems, in addition to giving reports that meet the required standards.

2.8 Project Management Tools

2.8.1 SCRUM

The scrum management tools falls under the larger umbrella of agile project management tools (Gosh, Forrest, Dinetta, Wolfe, & lambert, 2015). In this regard, the tool is used to effectively execute projects that have variable demands and are likely to change during the actual implementation stage. Therefore, the tool may be used effectively in ensuring that the technology to be implemented is by no way short of the requirements.Furthermore,the tool has a light framework and employs iteration to effectively manage the project.Moreover,its major application has been in software application and as such may form an effective tool in the case of the Guneypark hospital.
As stated, the tool works on the principle of iteration and each stage has a major milestone that is to be observed. The term that is used for every iteration is called the sprint and provides the managers with an assessment tool.
The major factors that limit the application of the tool include budget deficit, completed work or deadline factors. However, deadlines are the least of concern because the iterative process ensures that the work percentage done in every sprint is substantial. The traditional tools that have been commonly used are more straightforward with the final outcome the most pivotal factor in the project management. Any project manager willing to execute a project on an efficient and reliable manner has to therefore understand the underlying principles of this tool.
 
 
 
Execution
In the implementation of the project, the first aspect of the manager is to design a team that may be made up of professionals and experts in IT, data analysis, software etc.However,all team members should play a role in the final product outcome. The three parties involved in this final outcome will therefore include: the product owner, the scrum master and the teams.
The initial phase of scrum project management begins with a meeting between the three parties involved. The meeting is meant to provide all the necessary project insight to the teams involved. The meeting is known as a scrum meeting and the product owner prioritizes everything that is to be done. In the case of the soft systems methodology application for the hospital functioning, the highest priorities might fall on the software and interfaces. Other aspects that may be prioritized may include the data management systems, the connectivity among others. Depending on the detailed requirements and priorities of the hospital, each team is to ensure that the specified tasks are completed within the sprint. The sprint backlog is used to indicate the items to be completed during the sprint with each checkbox indicating a certain task.
Daily meetings are organized by the various teams to contemplate on the way forward while estimating and deciding the works done. Because the scrum tool breaks down the whole process into various and manageable chunks, the team can easily describe the chunks completed and those that need to be completed. Furthermore, the meetings ensure that each team member is in sync with the other members by providing a platform for discussion on the impediments and other useful factors in the project.
The other aspect considered in using scrum pertains the progress in each team relative to the goals and the agenda set out by the board. The sprint review tries to describe the functionality aspect that is achieved during the previous sprint. Furthermore, it sets out the clear objective for the next sprint. By engaging the various stakeholders in a review of each sprint. , appropriate feedback and steps are provided to each team member and to the different teams.
 
Finally, there is a sprint retrospective that is used as the guiding tool after every sprint. The retrospective describes the goals of each team in a much deeper context and ensures that the team members have a clear cut objective in mind during the next sprint. As with the management of the tool, it is important to specify the difference between a scrum master and the project manager. In this regard, the scrum master is responsible for initiating the scrum but may not be involved in monitoring and managing the daily activities of the teams. Furthermore, the scrum master will not be involved in assigning roles to the members of the team. The positive thing about not assigning roles and not monitoring the activities is the fact that the various members of the team are free and therefore can concentrate on the tasks at hand with no barriers to overcome.Frthermore, team members are given the responsibility of managing themselves and as such, determine the general goal and the necessary steps towards its achievement.
The soft systems methodology implementation is a huge project which may involve remote teams and experts.Thereofre, unlike the traditional methodology of sticky notes and task boards, technologies such as teleconferencing and central systems may be used to manage the huge number of members in the teams.
 

2.8.2 Critical Path

Critical path as a tool to be used in trying to ensure the project is completed on time.
There are various routes that a project may use in order to achieve the final outcome. However, the project manager has to be well conversant with the critical path of project completion. The most important factor in every project management strategy is the capital and time. In this regard, the uses of the final product depend on the ability of the project manager to ensure that the project is completed within the allocated time.
It is because of the gravity of the various tasks that projects have two types of tasks. The first type of task is known as the float while the second is known as the critical task. Critical tasks are fundamental in time management since their delay means a delay in the overall completion time while float activities have no effect on the final time and therefore have no effect on the schedule. As a matter of fact, float activities may be rescheduled without having an effect on the overall time. On the other hand, critical activities cannot be rescheduled and any delay means a backlog of activities which means a delay in the overall time required. Therefore, the critical path is defined as the longest route that the project may require to be successfully implemented.
The various tasks involved in the project have to be categorized as float or critical and the time allocated against each. By categorizing the activities and determining the extent of dependency between them, the project manager is able to determine the critical path.

2.8.3 Work Breakdown structure

The work breakdown structure defines and separates the tasks that make up the project. It has been defined as a hierarchical approach that defines the works to be executed by the team. (Project management Institute, 2013).Therefore, the whole scope of the project is divided and defined into chunks that can be managed.Furthermore,the structure provides each project task in detail ensuring that each member is within his/her capacity.
One of the major advantage that arises from the use of the WBS in the project management is the fact that the budget and time allocation are very effective. The higher levels of the project are allocated budgets that are used to manage the lower levels in the hierarchy.
 

CHAPTER FOUR: DISCUSSION

3.1 Current Health Information Systems in Guneypark Hastanesi Hospital

Guneypark Hastanesi Hospital employs various Health Information Systems. To begin with, the hospital uses the Clinical Information Systems (CIS). In tandem to this type of the HISs, these systems are based on technology besides being applicable to the point of care (OECD, 2014). The CISs have enhanced the provision of storage in this hospital with the capabilities in the processing of information. These systems are designed to allow the users to perform various activities, including utilizing, sharing and retrieving information. Clinical and healthcare take part in documenting clinical information by the use of sources, such as lists of medication, clinical history, lab reports, and radiology reports (Dogac, 2012). The hospital also uses the Community Health Information Network (CHIN). The following network links the stakeholders in healthcare in the community, the region or the entire district (Suder and Durucu, 2015). This telecommunication as well as network capabilities that are integrated enhances the facilitation of communication with patients. It also enhances the provision of means of exchanging information that is of clinical significance. The CHIN also promotes the facilitation of the effective flow of information in funds among a wide range of providers, employers and the stakeholders in the system of healthcare and in other areas (Tatar, Mollahalilog˘lu, Sahin, Aydın, Maresso and Hernández-Quevedo, 2011). The hospital also uses the e- Public health information systems. These systems are aimed at supporting the public healthcare system and bringing about improvements in the status of the healthcare. For instance, the assessment of the community involves various aspects, such as collecting, tabulating, analyzing and communicating crucial health statistics (Kohlwes, 2014).
Additionally, the hospital also employs the aspect of telemedicine. Telemedicine is particularly defined as the utilization of the techniques of video conferencing in delivering consultations to the patients that stay far away from the medical facilities. Telemedicine puts into consideration the usage of electronic, information technologies and communication technologies in providing and supporting healthcare in the cases whereby the participants are separated by distance (Simon, 2010). Thus, in the cases whereby the hospital needs to communicate essential information to a wide range of stakeholders while holding meetings, the telemedicine technology comes into use. The hospital has continued to make use of technological developments as well as technological advancements in the enhancing service delivery in the hospital. In addition to telemedicine, this hospital also utilizes mobile health or m-health. It is the current type of ubiquitous computing categorized as the network technologies in mobile in the system of healthcare (Beaumont, 2011). The concept is a representation of the evolution of the ancient e-health systems, such as the desktop platforms, in addition to the wired connections to the utilization of compact devices and the use of the wireless connections in the e-health systems.
Guneypark Hastanesi Hospital also uses the electronic health records in the provision of healthcare services to its patients. There are various types of the electronic health records. They include the Electronic Medical Records (EMR) and Electronic Patient Record (EPR) (Daim, Behkami, Basoglu, Kök and Hogaboam, 2016). These electronic health records have really benefited the hospital in a wide variety of ways. These systems and applications enhance the facilitation of the retrieval and storage processes of a single record of a patient by the utilization of a computer application. It is, however, essential to note that the Electronic Medical Records (EMR) and the Electronic Health Record (EHR) are not similar. There is a difference between the Electronic Medical Records (EMR) and the Electronic Health Record (EHR) (Dogac, 2012). In particular, the Electronic Medical Records (EMR) focuses on longevity in the storage of the organizational records. On the contrary, the Electronic Health Record (EHR) make emphasis on integrity. Therefore, a challenge emerges in the management of the same nature of various electronic records. The EMRs are concerned with the records of the patient and the legal documents associated to a particular event that has taken place in the process of encounter of the patient in the hospital while receiving medical services (Mettler, Rohmer and Baacke, n.d.). Specifically, the Electronic Medical Records are possessed by the hospital. On the other hand, the Electronic Health Records contain the health records of a patient and thus are regarded as an update of the EMRs. The key application areas are below in
Figure 7: E-Health Components (Aer-ameos.net, 2015) – Overview of the applications supported and implemented for sharing and managing medical data.

 
 
 

3.2 Requirements Catalogue

3.2.1 Functional Requirements

 
Table 2: The functional and non-functional requirements for the Guneypark Hastanesi Hospital, to effectively make use of data collection

  Requirement Description Priority
1 Patient registration HIS must provide an interface to the staff for adding new patient to the hospital database, assign ID to patient getting registered and delete patient ID on checkout from 2the beds available database 1
2 Report Generation Generate custom reports on patient data including patient information such as patient ID, name, doctor’s name, and health officer name, hospital bed allotment information such as ward name and bed number if occupied.  
3 Database creation A MySQL database containing details of patients, doctors, health officers, and staff of the hospital has to be created. This data base must be accessible using a web based interface 1
4 User Interface A graphical interface must be provided to the administrator  to creating, viewing and updating details of patients and other hospital related information. 2
5 Hardware Interface Windows operating system must be used with 1TB hard disk, 8MB RAM, and Core i7 processor 1
6 Software Interface Java language, MS SQL Server, Net Beans IDE 1
7 Communication Interface Web based windows interface 3
8 eAppointment module An interface has to be developed through which appointment can be given to a patient based on the availability of doctor which would be obtained from the database 2
9 Pharmacy module Pharmacy module must be able to record the inventory status and update it based on the supplies given to the patients. 4
10 Mobile interface A web based interface must be provided which patients can access from their mobiles to connect with hospital staff for appointment or to check their reports and other details available with the hospital system 3

 

3.2.2 Non-Functional Requirements

  Requirement Description Priority
1 Good system Performance System must respond to queries within one second with patient data
The system should be able to support 2000 users at a time
The user-screen should provide a response within 5 seconds.
The system must confirm to the requirements of Microsoft Accessibility
1
2 Security Patient must be given an identification number, login ID and password for authentication. Any modification in the patient’s data must only be possible by administrator. Front desk staff must only be able to view the information or add details but not modify entered details in any way. 3
3 Software Quality Good quality software that is robust, bug free and contains all functionalities needed must be developed. 2
4 Availability The system downtime must be zero such that it is available at all times 1
5 Maintainability The system must have a capability to take regular backups of the system database. All the errors arising must be stored in the error logs. 2

3.3 Issues of Data Security and Privacy at Guneypark Hastanesi Hospital

There are various issues that surround the aspect of the security, privacy and confidentiality of the patient’s data at Guneypark Hastanesi Hospital. There are various conditions under which the security and confidentiality of the data of the patients are curtailed in this hospital (Kirimlioglu, 2017). The data of the patients can be hacked, face manipulation and destruction by the internal or external users. Some of the security measures that have been put in place in the protection of the integrity of data, such as antivirus software, are tampered with, thus leading to the leaking of patients’ information. Moreover, a breach on the privacy and confidentiality of the data of the patients in this hospital occurs due to the documentation errors. This occurs particularly in the case of the wrong input of data in the information systems (Mahalli, 2015). During the process of the collection and use of data in this organization, the data can be manipulated by some few individuals, thus raising security and privacy concerns over the data of the patients.
The increasing concern in relation to the security of the information on health in this hospital stems particularly from the utilization of the EHRs, the high use of mobile devices, including smartphones, and the increased rate of the exchange of data from various medical practitioners in the hospital (Akbulut, Terekli and Yıldırım, 2012). It is, however, worth noting that this hospital has to promote the security, privacy and confidentiality of the patients’ data at all costs. It has to come up with effective strategies that enhance data protection and privacy. This is because the patients in this hospital are entitled to the privacy and confidentiality of their medical health records and information (Zheng, Zhang and Li, 2014). Information concerning patients’ health should only be released upon their consent or when following a court order.
Security measures have to be put in place in the hospital to protect the integrity of the data of the patients in tandem use of passwords by each member of the hospital. The passwords should be careful designed in a manner that they cannot easily be identified by the unauthorized personnel (Ay and Polat, 2014). Moreover, the stakeholders in this hospital should ensure that the privacy and confidentiality of the data of the patients are maintained in the process of the collection and use of medical health data from the patients. Security measures that prohibit unauthorized users in accessing the information of the patients should also be used in every device in the hospital to protect the privacy and confidentiality of the information of the patients (Zaim, Bayyurt and Zaim, 2010). These include the use of firewalls in the machines and the use of updated antivirus software.

3.4 Recommended System to Improve Hospital Operations and Patient Privacy at Guneypark Hastanesi Hatay Hospital

            It is critical for the hospital to adopt a new and effective hospital system that would make it easier for the admission of new patients while ensuring that their information is well-secured. This will go a long way into avoiding situations where the privacy and confidentiality of patients is tampered with. The system is developed in tandem with the soft systems methodology highlighting all the fundamental stages as below.

3.5 Soft Systems Methodology

The soft systems methodology is a significant part of the organizational model in approach to the challenges of the organization. It plays an instrumental role in ensuring that the problems of the organization are solved in the best ways possible and ensuring that the management also responds to the change that is being put in place (Bakker, Nuijens, & Kaplan, 2015). The Rich picture, which is an aspect of the SSM plays a vital role in the exploration, acknowledgement, and definition of the real situations through diagrams. It primarily helps in the understanding of the real situation of the operations on the ground hence leading to even elaborative discussions surrounding the situation. The systems approach adopts diverse steps that are outlined below.

  • The consideration of the problematic situation
  • Problem expression
  • Formulation of root definitions
  • The construction of conceptual frameworks of the systems
  • Comparison of the models in tandem with the real-world situations
  • Definition of possible changes that are feasible and practical
  • Implementation of an action for problem improvement

Step 1: The consideration of the problematic situation

Figure 8: The Problematic Situation

Step 2: Problem expression

            The following issues are identified in the Rich picture.

  • The doctors complain about the lack of effective updates in the patient information
  • There is no clarity on the protection of the information that is related to patients hence risking the level of confidentiality in regard to their information
  • The follow ups between the doctor and the system tend to have challenges
  • Nurses tend to forget the significance of updating the patient information for the sake of proper utilization on the part of doctors
  • Patients complain of the infringement on their treatment consent
  • There is need for training
  • There seems to be a disconnect between the HIS and medical practitioners including nurses, doctors, and pharmacists
  • There are legal implications associated with the breach of the confidentiality and the privacy of the patients at the hospital

Some of these problems can be avoided while others can be tackled if their needs are considered while designing and implementing the solution. Staff and customers make the primary stakeholders of the software development project and the consideration of their needs can solve problems in following ways:

  • The patient’s database can be updated by any user using a web based interface such that whenever a query is raised to get the information, the patient’s data can be easily retrieved.
  • Protection of confidentiality of patients can be achieved by following professional codes of conduct that must be known to and practiced by all staff members. These codes must define the privacy rights of patients.
  • The follow ups with doctors could be improved with the use direct and automated system that allows a patient to check availability of doctor and accordingly place appointment request or contact the doctor directly through the web based application
  • Nurses can be trained on the needs and processes of information updates and must be encouraged to always keep the information updated.
  • The disconnect between the HIS and medical practitioners including nurses, doctors, and pharmacists can be eliminated with the digitized system that connects them all such that they can communicate with each other and update each other through the web application.

 
Figure 9: Rich picture – Issues arising from implementation

Step 3: Formulation of root definitions

The acronym CATWOE is representative of the root definitions. This is commonly referred to as a mnemonic that is utilized as a checklist for the problems identified and the assurance that effective goals are set within the study. It outlines the activities of individuals in tandem with the Soft Systems Methodology (SSM) (Altin, Bektas, Antep, & Irban, 2012). The root definition effectively utilized to outline the improvement of the HIS at Guneypark Hastanesi Hatay. The PQR answer questions.
P –What
Q – How to do it
R – Why do it
P – Reliable and effective health information systems
Q – Development of impeccable health information systems
R – To ensure that the current health information system at Guneypark Hastanesi Hatay is improved

  • To improve patient privacy
  • To ensure that the lives of patients are secured
  • To improve the effectiveness of service delivery among medical practitioners

CATWOE Analysis
In regard to the study, the researcher utilized CATWOE Analysis and root definition applied to the definition of the activities of individuals within the hospital (Yurt, 2008). In tandem with the CATWOE Analysis, there is the chance for understanding the relevant activities that different individuals undertake operations such as from the doctors to patients.
Basic CATWOE Principles
 
 
Patient/Client
This is the individual who stands to benefit from the improvements in regard to the system (HIS)
Improvement
CATWOE is all about the improvement of the system in line with the tasks articulated for the organizational individuals. Improvements are seen in terms of the transformation that the organization enjoys based on the system.
INPUT—-T—-OUTPUT = IMPROVEMENT (TRANSFORMATION)
CUSTOMER – Patient
ACTOR – Hospital
TRANSFORMATION – Improved health
WORLD VIEW – Lack of efficiency and patient privacy
OWNER – Guneypark Hastanei Hospital
ENVIRONMENT – Guneypark Hastanesi Hospital
Since CATWOE is all about the improvement of ultimate transformation of the situation, it is critical that the organization takes the effective measures with the desirable level of seriousness. This will play a critical role in leading to the realization of the set objectives for the organization, which is an improved HIS and efficiency in attendance to patients.
Step 4: The construction of conceptual frameworks of the systems
The conceptual framework designed is focused on the improvement of the whole system that the hospital is currently utilizing. Nevertheless, the approach utilized is only focused on UML to outline the methodological consistency of the study. However, only case diagrams apply to the situation of Guneypark Hastanesi where the hospital has to work toward ensuring that both of its medical staff and the nurses are realizing the desirable activities in a clearer manner.
 
 
 
Receptionist
Figure10: Receptionist Case Diagram
Receptionist Summary
In the above case diagram;

  • Hospital receptionist will log into the system
  • The receptionist will register new patients
  • The receptionist admits in-patients
  • The receptionist collects consultancy fee
  • Then the receptionist can log out

 
 
 
 
 
 
 
 
 
 
Patient                                                                       
                                                
Figure 11: Patient Case Diagram
In summary

  • The patient logs in
  • The patient views the health report
  • The patient books or cancels the appointment
  • The patient views the billing report
  • The patient can chat with the support for clarification
  • The patient can log out

 
 
 
 
 
 
 
 
 
 
Nurse
Figure 12: Nurse Case Diagram
Summary

  • The nurse logs into the system
  • The Nurse admits the patient into the ward
  • The Nurse views the diagnosis report
  • The Nurse updates the health report
  • The nurse can discharge in-patient
  • The nurse logs out

 
 
 
 
 
 
Doctor
Figure 13: Doctor Case Diagram
Summary

  • The doctor log in
  • The doctor views appointments
  • The doctor updates patient prescription
  • The doctor views the patient report
  • The doctor updates the patient time-table
  • The doctor can log out

The analysis of the cases is anchored on the rich picture analysis and is aimed at ensuring that the systems at the Guneypark Hastanesi work in the best ways possible toward delivering the needed patient goals. In the overall sense, the use of case log-in process for the system will be as below in figure 14.
 
 
Figure 14: User Case Log-in Process
 
 
Figure 15: Overall Hospital Use Case
Activity Diagram
      It is vital for the hospital to follow the activities below for effectiveness in the course of its delivery of better outcomes to patients. The activity diagram is outlined below.
 
Figure 16: Activity Diagram – Process for managing patients and updating patient data
 
 
Figure 17: Admin User Level Security
 
The Sequence Diagrams
Figure 18: Sequence Diagram for Appointment Scheduling by Receptionist
 
The consulting process begins when a patient places a request for appointment with a doctor for consulting over the application. The request would be received by a receptionist who would be administrative user of the system. The receptionist would check the status of availability of respective doctor by forwarding the request. Based the available dates and time of the doctor, an appointment would be registered in the system and would be informed by the receptionist to the patient.
Figure 19: Sequence Diagram for Consulting
 
Once the appointment is fixed, the patient arrives at the hospital and meets staff or the health officer who upon confirming details of patient, sends the patient to the doctor. If the doctor finds the need to admit then the case is forwarded to the health officer who sets up a ward and bed and assigns a nurse to the patient. In case, admission is not needed, doctor prescribes a drug which patient purchases from chemist.
Figure 20: Creating Appointment
The system creates appointment for the patient going through a process of validation such that appointment is created only when the date and time are available and in case they are not, error is reported.
 
 
 
 
Figure 21: Sequence Diagram for doctor allocation
Class Diagram
            The class diagram is instrumental in respect to the identification and description of the corresponding attributes to ensure it fits into the requirement of the database. The class diagram is demonstrated below.
Figure 22: Class Diagram
The class diagram above shows major classes used in the system that include:
Patient Document: Patient documents are stored with this class name which contains patient’s number, name, and prescription given by the doctor in the form of numbers and strings.
Staff: The class Staff contains details like Employee ID, name, username and password assigned for accessing HIS, address, contact number and salary.
Doctor: The Class Doctor contains name of department to which the doctor belongs, specialization, experience, availability status, patient checked, drug requirements, drug prescriptions, connected health office who informed about patient, health reports updated, and schedule for consultation.
Nurse: Nurse class contains details of position of nurse, ward number assigned, doctor assisted, and updated record of patient attended.
Health Officer Record: Health office records would contain position number, patient history, allotted room and ward to the health officer.
Patient: The patient class patient number, name, address, contact number, username and password for accessing reports, and appointment details like request, room allotted, and payment given.
Appointment: Appointment class is created to take care of data related to appointment including number, doctor, gender, date, time, and patient ID.
Transaction: A transaction number is stored along with other values like patient number, amount paid, transaction date, and transaction number.
Ward and Bed: Ward and bed classes contain details of ward number with location and bed number respectively.
Figure 23: State chart diagram
 
 
Figure 24: Entity Relationship model – Links all aspects of the hospital with patient data, implementing ease of management of patient records.
 
Comparison of Real World Problems Appreciated with Conceptual Models
The problems emanating from the rich picture and the tangible solutions to the problems emanating from it.
Table 3: Comparison of Problems and Solutions

Problems Appreciated Solutions in the Designed Conceptual Models
Lack of patient privacy and security The model is designed where the health officers have the capacity to secure the health information systems
Challenges with billing Address accounts functionalities
Ineffective communication between doctors and nurses Ensure that the HIS is strong enough to facilitate communication between the two parties
Challenges with multiple registration The model is designed to ensure that every patient’s records are stored in a manner that is safe and that each of them is only registered once

 
Database model
Staff table create query
create table staff (
empID number(9),
eName char(20),
eaddress char(30),
username varchar(10),
password varchar(20),
contact number (7),
salary number(4),
designation varchar(10),
wardNo number (3),
specialization char(10),
experience number(2),
staffType char(1) check (staffType IN(‘H’, ‘N’, ‘D’)),
CONSTRAINT PK_Artist PRIMARY KEY (empID)
);
 
Patient table create query
create table patient(
pID number(9),
pName char(20),
address char(30),
username varchar(10),
password varchar(20),
contact number (7),
patientType char(1) check (patientType IN(‘H’,’M’)),
CONSTRAINT PK_patient PRIMARY KEY (pID)
);
 
Appointment table create query
create table appointment(
appID number(9),
appDate DATE,
patient number (9),
doctor number (9),
CONSTRAINT PK_app PRIMARY KEY (appID),
CONSTRAINT FK_Doctor FOREIGN KEY (doctor) REFERENCES Staff(empID),
CONSTRAINT FK_Patient FOREIGN KEY (patient) REFERENCES Staff(empID)
);
 
Ward table create query
create table ward(
wardNo number(9),
location varchar(50),
appointment number (9),
CONSTRAINT PK_ward PRIMARY KEY (wardNo)
);
 
Transaction table create query
create table transaction(
tranNo number(9),
tDate DATE,
amount number (3),
patient number (9),
CONSTRAINT PK_Tran_No PRIMARY KEY (tranNo),
CONSTRAINT FK_Tran_Patient FOREIGN KEY (patient) REFERENCES Staff(empID)
 
);
 

3.6 Strategic Analysis

 

3.6.1 SWOT Analysis

The SWOT analysis is purposed at complementing the significance of the soft systems methodology (SSM). This is anchored on the perspective that both models work toward similar objectives that are articulated in the beginning of this study (Bakker, Nuijens, & Kaplan, 2015). The SWOT analysis is significant in terms of the identification of the key threats and weaknesses as well as appreciating the strengths and the opportunities that the proposed system presents to the hospital. The organization’s SWOT analysis is as articulated below.
Strengths

  • The health information system has the ability to offer effective and impeccable services to members of the community (patients) (Sun & Reddy, 2013)
  • The health information system is critical in the storage of large volumes of data related to patients at the hospital
  • There are qualified information technology at the hospital to supervise the functioning of the health information system hence promoting effective implementation
  • The current health information system allows for flexibility in the storage of patient information

Weaknesses

  • There are risks of unqualified staff handling the health information systems at the organization
  • The HIS faces weaknesses in regard to the reporting structure, especially with the hospital operations and the patient’s data.
  • Lack of effective governance regarding the health information systems at the organization
  • There are challenges with the identification of patients for billing purposes
  • There are challenges in regard to effectively securing the privacy of the patients within the hospital environment.
  • There are communication deficiencies in regard to the health information system at the hospital

Opportunities

  • There is the opportunity for the increment in the number of donor donations in regard to the improvement of the health information systems at the organization
  • Public awareness on the hospital’s health information systems is improving hence a chance for confidence in the activities of the hospital
  • There is an opportunity for an increase in the competent members of staff as the hospital focuses on the employment of only qualified medical practitioners
  • With the hospital’s capacity, it has the capacity to collaborate with the government and other international organizations for technological improvement going into the future
  • There is an opportunity for the staff members to gain more experience with regards the technological improvements within the organization hence promoting efficiency in goal attainment.

Threats

  • There is the threat of loss of patient confidence in the health information system because of the lack of the desirable level of confidentiality and privacy
  • The threat of staff withdrawal hence posing a risk to the success of the health information system at the hospital
  • There is a threat of poor staff training in regard to the management of the health information systems hence affecting the quality of patient deliveries
  • There is the risk of medico-legal issues arising from the infringement on the privacy of the patients

 
 
 

3.6.2 GENERAL RISK ASSESSMENT

Even with the SWOT analysis, implementing a new technology in any enterprise is not easy. Poor technologies, bad choices and poor project management are the most dominant causes of project failures. In this regard, a SWOT analysis may be useful in describing all the strengths and weaknesses but it is very crucial for all the stakeholders to look into detail about the risks that will accompany the technology.
The implementation of the technology may be susceptible to the following risks;

  • There is a possibility that the technology employed may be a bad fit to the hospital needs. The components of the technology may have a significant emphasis on certain functions which may be of comparatively lower significance in the operations of the hospital. Therefore, the system design and implementation has to focus on the most demanding aspects of the hospital.
  • A deficient product is a likely risk when it comes to the new technology. Purchasing the various components of the product is not a guarantee that the final product will cover all the needs of the hospital. It is very important to consider that technology is evolving over time and the purchase of an outdated and deficient technology will require routine upgrades. More to this risk is the fact that suppliers and retailers have the reputation of marketing products with various deficiencies.
  • Scalability is the ability of the technology to serve the purpose effectively. The purchase and implementation of any technology has the effect of increasing the work content. Therefore, the technology implementation should ensure that any accompanying works can be effectively handled. The management of the servers, routers, data management systems, power supply options has to be considered during the design phase and proper measures put in place.
  • Finally, there are customer support issues associated with the implementation of the new technology. The design process may lead to the development of bugs within the system which may cause problems during the operation of the technology. Because the technology is to be implemented in a hospital, any bug or problem within the system may have unprecedented consequences. Therefore, the purchase of the various components should be associated with a proper customer support system which will cover any failure during the guaranteed time.

Content analysis
In line with the various risks associated with the implementation of a new technology, it is important for the project manager to focus on the content distribution and effectiveness of the system. However, prior to the actual implementation of the technology, a prototype design and implementation has to be conducted in order to analyze the potential risks associated with the soft systems methodology.
The content analysis of the soft systems methodology may call for the employment of technology experts who in turn analyze the various components and outputs of the system. The purpose of the content analysis is to ensure that the desired requirements are met and the technology satisfies the desires of the various stakeholders. A consultant is one person who may be employed to assess the aforementioned requirements.
Consultancy in execution
Consultants may be mandated with the responsibility of assessing the effectiveness and usefulness of the soft system methodology and some of the ways recommended for this analysis include the following:

  • Gathering content from the different departments and users of the technology such as the doctors, patients, stakeholders etc. It is proven that the users of any new system will be honest towards a third party and therefore may provide genuine description of the system. It may be a measurement of the improvements needed and the deficiencies that may be associated with the technology.
  • Offering guideline to the content improvement and management aspects of the system. The consultants have broad knowledge in the management and the functioning of various systems and may therefore provide useful insights on the new technology. Furthermore, the consultants may provide insights on the usability of the technology and the various risks that need to be considered during the actual implementation.
  • Compiling reports that may be useful during the implementation of various technologies at the hospital. An analysis by a consultant contains his/her opinions which may be useful in any project life. Therefore, the analysis will be used any time there is an error or inefficiency in operations.

 

3.6.3 PESTEL Analysis

The table below presents the PESTEL factors that impact the organization’s HIS. It is vital to understand them as they form a significant part of the external environment.

 
Table 4: PESTEL Analysis

Element Factors
Political
  • The hospital has political goodwill
  • The political environment is stable
Environment
  • The natural environment is supportive of the operations of the company
Social
  • The community is positive about the technological growth in healthcare and the hospital
  • There is positive response to the hospital’s health information systems toward the hospital’s organ transplant operations
Technological
  • The technological growth in Turkey is favoring technological growth at Guneypark Hastanesi
  • Technological advancements in medicine favor Guneypark Hastanesi’s health information technology
Economic
  • The stable economy plays an instrumental role in paving room for the technological development
Legal
  • There are legal challenges in regard to breach of the privacy and confidentiality of patients

3.6.4 Balanced Score Card

Figure 25: Balanced Score Card for Guneypark Hospital – A model implemented to create efficient strategies for managing any problems that may arise within the hospital. Keeping all aspects of the hospital under some form of systematic control, keeping track of and executing activities.
Table 5: The HIS Model

HIS SYSTEM DEVELOPMENT Objectives Measures Targets Initiatives
Customer Protect Patient Privacy and confidentiality Protect customer data from going outside No data leak in communication Intrusion detection systems
Data Protection measures
Learning & growth Improve healthcare services Save paperwork Enhance service provision Bring more clinical coordination
Internal Business Processes Improve communication with stakeholders
Simplify Process flow
Effective stakeholder communication
Effective Process flow
Stakeholder communication improvement
Process improvements
Mobile phones for monitoring communication
Process Integration
Financials Saving on costs Reduce operational costs Cost reduction Technology standardization

 
With the use of the Health Information Systems at Guneypark Hastanesi Hospital, the facility has benefited in a wide range of ways such as:

  • The hospital has improved in the manner in which the information of the patients is channeled in the entire hospital. This plays a significant role in preventing the loss of information in the hospital. Essentially, information concerning the patients is channeled from one department to another by the use of computers (Akbulut, Terekli and Yıldırım, 2012).
  • The efficiency and effectiveness of the stakeholders in the hospital have also been improved. The hospital is able to communicate effectively and efficiently with the other stakeholders, such as suppliers, affiliated to the facility. The communication between the patients and the health professions in the hospital has also been enhanced. The patients can effectively communicate with the professionals of healthcare in the hospital by the use of mobile phones (Moore and Sharma, 2013). Patients receive crucial information concerning their medical prescriptions and doctors’ attendance. The medical professionals are also in the position of monitoring the medical conditions of their patients.
  • The quality of care has also been improved in the hospital (Aksu, Kipapci, Catar and Mumcu, 2015). It has saved on time in terms of saving on too much paper work in the hospital. The use of the Health Information Systems at Guneypark Hastanesi Hospital has also promoted clinical coordination in the hospital, thus facilitating the provision of quality care in the hospital.

It is thus quite evident that the use of the health information systems at Guneypark Hastanesi Hospital has promoted the efficiency of the workforce of this facility. It has also enhanced service provision in the hospital as the patients are in a better position of receiving quality care from the facility (Top, et al., 2015).
 

3.7 Software development life-cycle

The software development would follow Agile framework for software development project management. As the project involves development of the web based Hospital Information System, the project can be divided into five phases including requirements gathering, application design, application development, software testing, and software deployment.
Requirement Gathering: In this stage, project stakeholders were interviewed to understand functional and non-functional requirements of the HIS application based on which the software artefacts are developed.
Software Design: Once the requirements are refined and approved, the software design was developed that included architecture, logical design, database design, and system design.
After the application is designed, the process of actual development of the HIS application begins after the application is developed, it would be tested to identify bugs. If any bugs or errors are found in the software then they would be corrected and the application would be retested till satisfaction and only after that, the application would be deployed in the real environment. Different types of testing that would be performed on the application include structural, functional, usability, interface, compatibility, load, stress, spike and security testing.

3.8  Enterprise Architecture  with the Zachman Framework

Defining an architecture for an enterprise can bring in several benefits for the organization such as cost reduction due to standardization of technologies, creation of strategic differentiation, and process improvements. With enterprise modelling, a single-entry point is created for the system which simplifies the process flow facilitating integration and thus, bring process improvements. All the efforts put into creating an architecture of an enterprise can create new business drivers that bring in change in an enterprise in the real time. The Zachman framework provides a fundamental architecture for defining an enterprise.
Zachman Framework is an ontology which provides a two dimensional classification of schemas (Zheng, Zhang, & Li, 2014). The framework has evolved over the years from traditional architecture defined in 1984 to the current framework of 2011. The current version of the framework is a very descriptive graphic defining the fundamentals of architecture within an enterprise.
As per this framework, for any organization to develop systems, a number of steps have to be considered including strategic planning, analysis of requirements, application of technologies, construction of system, documentation describing system, implementation of system, and monitoring of implemented system. The framework also considers perspectives of different actors in an industry through development of scope, business model, information system model, technology model, system representations, and functioning systems.
The framework records each actor in rows and each perspective in columns using system dimensions that include data, function,  network, people, time, and motivation (Beaumont, 2011).
 
 
Table 6: Artifacts and the Zachman Framework

Guneypark Hospital Management System Modeling with Zachman

Data: This lists down the things that are important for the company in scope and they are further described as per different actors in the framework.  For instance, the semantic model describes data using entity diagrams and system model uses class diagrams.
Function: This describes the process through which mission of an organization is converted into specific objectives to fulfil. First row lists down these objectives and they are further explored by actors using different models like activity diagrams, application architecture, and system and process matrices.
Network: Enterprise activities are listed in the first row of network column and then more detailed communication charts are used for describing them such as hierarchical tree, system architecture, network architecture and communication facilities.
People: List of organizational units are presented in this column with row two presenting organizational chart, row three specifying instructions for people, row four defining the interface, row five showing actual interface and row six covering training given to people before using the new system
Time: Effects of time on the organization are described in this column using identification of business events in row one, business model in row two, data transformations in row three, program triggers and messages described using technology model in row four, information processing responses in row five, and event responses in the last row.
Motivation: Row one of this column lists down business goals, row two identifies rules and constraints, row three describes business rules using information, row four designing program elements based on business rules, row five containing specific programs, and last row enforcing the business rules for real.
Guneypark HMS model based on the Zachman Framework is outlined by use of the 6 by 6 matrix.  The model is represented below using a diagram that has been properly drawn in a table below.
3.8.1 The Scope
Figure 26: Project Scope Diagram – A model that helps organize all the details, explaining what lies beyond the system boundaries e.g. patient admission(s), or relaying any data to authorized personnel when needed. Keeping track of who can access the system.
The scope usually gives way for the establishment of the universe of discourse within a business enterprise that has embraced IT technology. Guneypark Hastanesi Hatay Hospital needs to take an initiative where it will have to change from a system where the organization had a say in everything to a scenario where the patients’ opinions and rights are considered with regard to the clinical information that affects them and their health at the hospital. This will go a long way into enhancing the level of privacy that is attained at the hospital in regard to the details of the patients.  More so, the systems of communication and IT systems should be maintained at the highest levels that will boost the confidentiality of patients at all given times. This will emanate from the protection of the data security in regard to patient information (Ay & Polat, 2014). Laws and guidelines have to be put in place to ensure that the project is strengthened in the best ways possible. These laws are critical in attaining the objectives of data privacy and confidentiality on the part of the hospital.  In tandem with the scope, it is quite clear that the framework will be effective in ensuring that the system works toward the effective storage of patient information. More reinforcement needs to be placed on the transfer of patient information from one department to the next. The digital registration and storage of the patients’ details will need to be as effective as possible.

3.8.2 The Enterprise/Business Model

The utilization of the aspects of the end product will be a demonstration of the need to use descriptive representation in the course of the work. For the Guneypark Hatay Hastanesi Hospital, the reflection framework of the business process (data) will involve the transfer of the patients’ health information to different hospital units, which will also be critical in ensuring that the level of patient privacy and confidentiality through the use of unique identifier codes (Matthews & Kostelis, 2011). A relationship model in the hospital will be built through the sharing of vital patient information. In the overall sense, the working technique of the business entity model should be centred on the effective sharing of clinical information utilizing technology while also accommodating elements of central service system, standardization, and the partnerships among departments as envisaged by Zachman.

3.8.3 System Model

The system model is reflective of the entire hospital and its operations. The overall focus of Guneypark Hastanesi Hatay has always been utilizing logic to assess clinic data, exchange of information, security and privacy of the health information, storage of the information and subsequently how to ensure the information is retrieved (Aksu, Kipapci, Catar, & Mumcu, 2015).  This project aims at ensuring that all these challenges are handled in the best ways possible while making the system user-friendly. For instance, there should be an understanding of the view that the information of patients can only be revealed based on their own consent hence avoiding any incidence of privacy and confidentiality (Beaumont, 2011).  In tandem with this view, the recommended architecture of the hospital makes use of the patient table, doctors table, nurses table, diagnosis and transactional tables that are distributed database.   These tables are a reflection of the storage and management of the data at Guneypark Hastanesi. The advantage of the effective system model is that it will work in protecting the privacy and confidentiality of patients by differentiating the different roles and stages of information sharing (Suder & Durucu, 2015). The architecture of this framework involves patients at the hospital, who can access the health information, health personnel like nurses and physicians and the roles assigned to every individual and how they are characterised.  This implies that the procedures at the hospital should always be clear and transparent. The reinforcement is to put in place proper dimensions that are active and which do not have any barrier to the well-being of the enterprise.
 
 

3.8.4 The Technology

Technology is utilized in the indication of the capacity related to the application of technical aspects that facilitate the development of the business oriented enterprise. The system will have to utilize the PHP 5.6, MySQL (featuring the latest support for Maria DB)-road security for the sake of boosting the level of security and confidentiality of patient information (Locatelli, Restifo, Gastaldi, & Corso, 2011). The use of the private code will be instrumental in facilitating the level of security within the organization.  Technological advancement will be attained through the sharing of messages electronically through different departments, data processing and storage, and the authorization, and usage of this data. It will also go a long into ensuring that there is a reduction in respect to the usage of paper work in the organization. The costs will also be reduced with the continued application of this technological information while also securing the information of patients in a better manner.
PHP Modules and extensions required include;

  • PHP MyCrypt
  • PHP Mbstring
  • PHP Memcached
  • Mod_Rewrite

3.8.5 Detailed Representation

The representation of the Guneypark HMS enterprise is availed in depth through use of shared services passed across through sending of messages that carry health information and allow people to have their own rights in use of knowledge in technology. The reinforcement is to make the work easier for everybody while ensuring that the information related to patients is secured.

3.8.6 Functioning Enterprise

Guneypark Hastanesi Hatay Hospital will be in a better position to give a better representation of the disseminated services where information is passed across using text messages of health information and patients enjoy their rights of using IT. This is done while maintaining the highest levels of confidentiality in keeping of the patients health information. The motivation is to ensure ease of work, use of correct health records and enhance embracing of modern technology in the running of activities at the hospital.

3.8.7 Conclusion

The Zachman framework is ideal for the best description of a business enterprise and creation of the same entity. It outlines how a structure of business enterprise and lays a foundation for communication, analysis of data and description. Guneypark Hastanesi Hospital Management Modelling picked on the best framework that is ideal for the running and monitoring of healthcare records, data and services. The framework was efficient since the use of technology was applied thus making the services easier and faster for both the patients, healthcare personnel and the hospital personnel. The framework is applicable in IT industry, healthcare personnel and ordinary people thus essential for policy making in businesses.

3.9 Stakeholder Responses

Stakeholder needs were to be understood for which a questionnaire was prepared for all key stakeholder groups including staff, patients, and doctors. A total of 10 questionnaires that were open-ended in nature were administered and only 6 of them were completed and returned. This represents 60% of the sample population and it was critical in the assurance of better data collection to apply to the development of the improved system for the organization. The responses were vital in the generation of the desirable details for discussion in this project.
All the participants agreed to the view that the management of data in the healthcare system is essential as it helps in keeping confidential information in regard to the medical history of the patients. This thus calls for mechanisms to be put in place so as to assure patients of confidentiality (Turan and Palvia, 2014 and Grain, Martin-Sanchez and Schaper, 2014 ). At Guneypark Hastanesi Hospital, the management of data and provision of privacy of data is handled using the Information Communication Technologies (ICT) and the Hospital Information Systems (HIS), but this has not been extremely effective in preventing the potential data leaks that tend to negate privacy and confidentiality of the participants. The data kept in these storage systems include age and address of patients, the nature of medication given to the patients, the sickness they are suffering from, in addition to the kind of care that should be given to each patient (Bakker, Nuijens and Kaplan, 2015). Privacy of data is a bit at risk in this hospital despite the emergence of mobile phones that has prompted even better handling of the data related to the patients.
From the findings, it was also established that data management at Guneypark Hastanesi Hospital is essential since the hospital handles many people. Due to this high population in the hospital surrounding, the hospital has devoted itself to using the Electronic Health Records (EHR) in the management of its data. The records (EHR) are examples of data management systems at Guneypark Hastanesi Hospital. The storage of such information in the EHRs saves on time since it is easier to retrieve especially since the facility personnel works in shifts (Gözlü and Kaya, 2016). The EHRs are able to store information of a patient from the time the patient sees a doctor, visiting the laboratory, treatment given and the kind of medication that is provided to this patient.  However, the risk that remains to be solved is that of having a full proof system that is both user-friendly and with the capacity of protecting the patient’s information. 80% of the participants agreed that there is still a long way to go in terms of attaining the full-proof system that not only stores large amounts of data, but also has the capacity to protect the information of the patients.

3.10 Design Models as per Zachman Framework

The business enterprise system models can be developed as per the Zachman architecture.
Table 7: Guneypark Hospital Management System Modeling with Zachman

  Data
(What)
Function
(How)
Network
(Where)
People
(Who)
Time
(When)
Motivation
(Why)
Scope Data of patients
Finance
ICT systems
Laws
Rules
The Whole Hospital Government
Insurance Companies
People affected
Urgency of when they are called upon Health Information Exchange (HIE)
Business Model Disseminated health information
ER diagram
Transferred communication through ICT
Activity diagram
Sequence diagram
E-service database Legalized people Used urgently
Need based
 Faster and easier working
System Model Installation of security details on who should access the health information.
Confidentiality
Storage
Retrieval
Class diagram
Consent
Authentication
Encryption
HIS
EHRs
 Professionals in health among the citizens
(attending relationship)
Work Deliverables always present
State chart diagram
Functioning system that has no barrier
Technology Model Text messages
 
Processing and Integration DBMS
MYSQL
PHP 5.6
Unique identifier codes Work deliverables (audit) Validations
Detailed Representation Disseminated services Messaging
Exchanging of data
Rights of users
Observation
Overseeing
Electronic Health Records People (ID card, mobile ID, Heath Insurance ID) Need based relationship Working is easier
Functioning Enterprise HIS Data ID Cards Picture Archiving and Communication system (PACS)
EHRS
Residents
Health Professionals
Work A robust system of storage, communication and usage

 
 
 
Essentially, the management of health data is the major focus at Guneypark Hastanesi Hospital. It is undeniable from the findings of the participants that the data available at available at the facility helps to prove communication among the medical personnel and the patients. Better managed data has been seen in the recent past to determine the trends in the nature of treatment given to a particular patient (Tatar, Mollahalilog˘lu, Sahin, Aydın, Maresso and Hernández-Quevedo, 2011). It is also essential in determining the quality of healthcare required by each patient at the facility. The running of this facility has been made easier by use of technology in the management of its data. In this regard, it is easier when there is a transition from one physician to another. Better data management in Guneypark Hastanesi Hospital has enhanced better outcomes of physicians’ treatment since it is easy to follow the patient’s history.
The manner in which healthcare data is managed helps in running the activities of the healthcare center, the type of care that should be given to each patient, in addition to determination of the costs for each treatment. Better managed data in the healthcare facilities has helped in reducing the number of deaths since the stored data for treatment of patients for a longer time can assist in predicting the results of the treatment (Suder and Durucu, 2015). The EHRs also help in early diagnosis of diseases and thus earlier prevention. Electronic monitoring of the patients helps the healthcare providers since there is installation of monitors to such patients. The electronic monitors are vital as they alert the physicians in cases where patients are in danger or are in dire need of urgent healthcare (Hegarty, Amoore, Blackett, McCarthy, Scott, 2017).  The electronic monitors that store patients’ data help in detecting asthma in children or patients with heart defects, especially in home care centers (Simon, 2010). There are also sensors at Guneypark Hastanesi Hospital that that give the nurses opportunities to have better and improved interactions with their patients.
The participants also revealed that despite the challenges, the data management at Guneypark Hastanesi Hospital has been emphasized since it determines the future of the facility. There is proper coordination among stakeholders, medical practitioners, subordinate staff and patients of the hospital. The EPRs assist in preparing the costs that the patients owe the hospital (Top, et al., 2015). This data is essential in this facility since the data kept for each patient helps to avoid losses. The data that is better managed and up to date helps the hospital in claiming its money from the health insurers. Additionally, compensations from health insurances can easily be done based on the manner in which the hospital data is managed (Dogac, 2012). The payment of the personnel at Gunneypark Hastanesi Hospital is also based on the data stored by the facility.
The EHRs have helped curb corruption, mismanagement of resources, and abuse of offices. The records enhance transparency since the data for the care that each patient has received is clearly recorded. The provision of such data that is up to date will avoid corrupt cases that may arise when billing (Marcus, 2014). Additionally, the hospital personnel will also be unable to solicit money from patients for their own selfish gains. The data at the hospital helps in the procurement of different resources needed at the facility. These resources include the equipment, drugs, personnel, materials needed to facilitate various treatments, cleaning items, and so on. This will be essential in the avoidance of wastage at the facility. The physicians will also be unable to abuse patients by giving them inadequate or wrong care since there is sufficient information concerning the entire patient and the kind of care that they need in the HIS of the hospital (Sridhar, 2013).
The privacy and confidentiality of the data stored in the HISs should be enhanced as patients in the healthcare center are entitled to it. It is the right of the patient to keep his or her information confidential. The confidentiality of the patients’ information enables the patients to have confidence in the services provided by the facility (Beaumont, 2011). Assurance reduces stress, depression and trauma that the patients are likely to experience in cases where the information about their sickness is revealed without their consent. The use of the EHRs has emerged to be the best method aimed at enhancing privacy and confidentiality of patients’ data. This is facilitated by the use of passwords so that there are restrictions on who should access the information about patients.
The emergence of electronic mobile data storage facilities, such as mobile phones, has raised the questions whether it is possible to enhance the confidentiality and privacy of patients’ details. This is because there is uncontrollable exchange of large volumes of information from one medical physician to another (Zheng, Zhang and Li, 2014). However, healthcare centers have ensured that their patients are accorded this right by emphasizing on the medical practitioners to observe the medical ethics. IT knowledge is essential in the enhancement of data privacy and confidentiality (Zaim, Bayyurt and Zaim, 2010). The use of EHRs enhances the confidentiality of patients’ details as compares to the application of paper work, which can lack places for storage and thus be exposed to the public.
Some patients at the healthcare centers suffer from diseases that they are unwilling to be exposed to the public. This mostly depends on how one can contract the disease. For instance, most patients suffering from HIV/AIDS, STDs and those who have been raped do not want to disclose their status in public (Bolin and Kaestner, 2012). The consequence of the revelation of the nature of the patients’ health conditions to the public is likely to depress them and some can easily opt for suicide. Additionally, the patients will lack trust in the healthcare facility and thus opt to seek medical care from other healthcare centers.
The information concerning patients should only be revealed to unfamiliar people with the consent given the patients. Healthcare centers have also come up with various measures of putting their patients with different diseases in the same wards as long as the diseases are not infectious, depending on the care that each patient requires from the facility (Dogac, 2012). Consequently, the privacy and confidentiality of the patients’ information, especially those that suffer from diseases that came about due to the kind of social life those patients lead. For instance, pathologists are entitled to enhance the privacy of their laboratory reports. The information is transferred electronically, and there should be the use of passwords on the HISs to assure their clients of security of their details.
Another way of enhancing data security, privacy and confidentiality in healthcare centers is by ensuring that the health data for the patients is only transferred to the required places, for instance, to the National Ministry of Health (MoH). Such ways of transferring of data will help the national government to plan for its health budget. This is also essential for the government to ascertain the populations at risk of contracting certain diseases and the health trends of its citizens (Aydogdu, n.d.). To add on, the data for patients should only be revealed in fair manners and also for accomplishment of the intended health purposes. This should be enhanced by all healthcare centers so as to create the confidence of the patients in the services offered as well as ensure that the medical practitioners work as per their code of conduct and their work ethics (Top M. , et al., 2015).
The management of data goes hand in hand with data privacy. This insinuates that the type of health data storage that the facilities will determine to ensure the security of the data. The use of EHRs, EMRs and EPRs is essential as electronic data storage facilities enhance data security by the use of passwords on the HISs (Sun and Reddy, n.d.). The health IT systems should be protected from the hackers who are likely to interfere with the security and privacy of the health information. Hacking health data does not only come about with the interference of patients’ confidentiality and privacy but also with financial implications and accountability of the consequences of hacking committed.
All healthcare centers globally should ensure they put into consideration all possible mechanisms to ensure that there is proper storage of data. Exposure of the health data for the patients and the medical practitioners is likely to bring insecurity problems (Gözlü and Kaya, 2016). This is due to the fact that both physicians and patients’ data, such age, address, income data telephone and identification numbers, and other records could be accessed by different unauthorized parties. Consequently, this will interfere with the operations of the healthcare centers since the health data could be corrupted, thus leading to mixing of the patients’ information (Turan and Palvia, 2014). This will hinder the provision of better treatment and care that should be given to each patient.
Patients’ health data should be kept according to the will of the patients. All possible and available mechanisms should be put in place to ensure that there are only specific people who can access healthcare data systems. The protection of data involves the efforts of the healthcare facility and people from outside the health facility (Aydogdu, n.d.). As such, exposure of such information can caused by both people from within the healthcare facility or from outside. Preventing such incidences is of great importance as it will not only protect the health facility from incurring losses buy will also have financial implications on the health insurance companies.
The Electronic Health Records (EHRs) have been successfully implemented by Guneypark Hastenesi Hospital. The initiatives for the implementation of the EHRs in this hospital are enhanced through the integration and availability of the data of the patients (Dikmen, Karataş, Arslan and Ak, 2016). Moreover, the initiatives in the implementation of the EHRs are also fueled by the need of improving efficiency as well as cost-effectiveness by enhancing the relationship among the doctors and the patients in the hospital. Data implementation by the use of EHRs in this hospital is also driven by the requirement of dealing with an increasingly changing environment that is characterized by complexity (Günes, Gürlek and Sönmez, 2016). There is a wide variety of the HER systems that are used in the implementation of data in this hospital. The implementation of data with the use of the EHR systems is a matter that is very complex as it involves various organizational and technical factors. These factors include the structure of the organization, human skills, the resources in finance, the culture in the organization, coordination and technical infrastructure present in the organization (Gözlü and Kaya, 2016). From a general perspective, the implementation of the information systems (ISs) in the healthcare environment has become increasingly challenging as compared to the other industries in the world as a result of medical data complexity, the problems in the entry of data, security concerns when it comes to data, confidentiality concerns in relation to data and the lack of knowledge and awareness of the significance of the implementation of Information Technology (IT) in the healthcare industry (Layman and Watzlaf, 2009).
The implementation of data in this hospital is challenging because of various reasons. Firstly, Guneypark Hastenesi Hospital has a wide range of objectives, including treatment, the provision of care to patients, and the provision of education to new physicians (Marcus, 2014). Secondly, the work of Guneypark Hastenesi Hospital is very complicated based on the fact that the hospital comprises structures that are highly varied and health processes that are also highly complicated. Thirdly, Guneypark Hastenesi Hospital has a wide range of workforce, such as medical professionals with the possession of expertise, power, as well as autonomy. These forenamed distinct characteristics provide a justification of the reasons as to why there is the need to have a deeper analysis of the implementation of data at Guneypark Hastenesi Hospital, while putting into consideration the Health Information System and the Electronic Health Records.
Guneypark Hastenesi Hospital ensures that it enhances the security and confidentiality of the data provided by its patients. Thus, the hospital has made efforts in coming up with various strategies that could best enhance the security and confidentiality of the data of the patients in the hospital. This is an essential element in the environment of healthcare as there is specific patients’ information that that has to be kept private by the healthcare professionals (Günes, Gürlek and Sönmez, 2016). Data implementation at Guneypark Hastenesi Hospital also follows a serious of stages. First of all, all the employees have to be provided with education on the need of promoting data management in the hospital. They are also provided education concerning the manner in which they can put into practice the best strategies aimed at promoting data management in the hospital. Apart from the above-indicated measures, they are provided with education on a wide range of technological tools that could be used in the promotion of data implementation in the hospital (Street, 2017). Thus, these employees gain adequate knowledge on the technological tools that are used in data implementation in the hospital. Data implementation has particularly enhanced the provision of quality services in this hospital. It has also enhanced the efficiency and effectiveness of the healthcare professionals in the hospital (Kose, et al., n.d.). The provision of care is thus enhanced in the hospital as there is the presence of the required technological resources in the provision of healthcare in the hospital. Data implementation in this hospital is characterized by the provision of training the personnel with the objective of enhancing the provision of quality services by the facility. Training is provided over a specified period of time in order to enhance the skills of the employees in this hospital.
           
CHAPTER FIVE: CONCLUSION AND RECOMMENDATIONS

5.1 Conclusion

            The advanced Health Information Systems (HIS) were introduced with the objective of enhancing the provision of healthcare, thus promoting quality in healthcare provision. The deployment of ICT in the environment of healthcare has aided the professionals in the healthcare industry to improve and enhance the effectiveness and efficiency of the services provided in the healthcare setting. The healthcare information systems (HIS) play a critical role in recording and locating significant information in a quick manner, thus becoming a standard practice in a wide range of healthcare organizations all over the world. However, the use of the HISs in the environment of healthcare comes with various challenges, such as those of the privacy and confidentiality of the data concerning the patients. Every healthcare organization has to ensure that it provides quality services to its patients. This is because the healthcare industry can be compared to an ideal business entity. The provision of quality services promotes the retention and attraction of more customers. On the contrary, the provision of poor services pushes customers away from the business entities. Technological advancements have opened the way for the promotion of effectiveness and efficiency in the healthcare system. There is a wide range of the information health systems that are used in the healthcare industry. These information health systems include the Clinical Information systems (CISs), which enhance the provision storage with the capabilities in the processing of information, the Community Health Information network (CHINs), which can be viewed as the networks that play the role of linking the stakeholders in healthcare in the community, the region or the entire district, and the e- Public health information systems that are aimed at supporting the healthcare of the public and bringing about different improvements in the status of the healthcare.
Thus, the implementation of the health information systems in the healthcare industry is characterized by the use of a wide range of technological tools that enhance the delivery of medical care services to the patients. These technological tools include the
Electronic Medical Records (EMRs) and the Electronic Patient Record (EPRs). These systems and applications enhance the facilitation of the retrieval and storage processes of a single record of a patient by the utilization of a computer application. The issue of data protection emerges with the use of the health information systems. The security of data is one of the significant aspects required by a database system. The safety of the data prevents the access of data by the third parties that are not authorized. In this regard, security is required in avoiding any form of damage to the data related to the patients as this can result in negative implications on the hospital, as well as the patient. As provided by the law, the information concerning the patients ought to be kept private and confidential. Essentially, the Data Protection Act has various provisions in relation to the protection of data. According to the Act, the data ought to be used lawfully and in a fair manner, as well as for its stated purpose. Safety and security should be promoted in the use of data. Each piece of data should not be transferred in the places that are outside the economic area of Europe with the lack of adequate protection.
Guneypark Hastanesi Hospital is one of the hospitals that have benefited with the use of health information systems, despite having challenges in relation to the aspect of data privacy and confidentiality. In particular, the hospital has benefited in terms of the enhancement of the delivery of services and the promotion of effective and efficient communication among various stakeholders in the hospital. The suggested health information systems will go a long way into ensuring that the aspects of loss of the information of the patients as the health information systems provide enhanced storage capacities and features. The vital aspect of this is that the whole aspect of patient information privacy and confidentiality is preserved going into the future. A stronger system will be instrumental in leading to a more efficient operational level at the organization.

5.2 Recommendations

With a view of enhancing the security of the information of patients through the promotion of the privacy and confidentiality of the data, Guneypark Hastanesi Hospital will have to put into consideration various recommendations. Firstly, the hospital should ensure that it acts in compliance with the Data Protection Act in tandem with the new system.  This hospital should ensure that it adheres to all the requirements that are needed in promoting data security in organizations. The hospital should appoint a trained officer in the field of data protection, thus helping in improving data privacy as well as managing data. By acting in compliance with the Data Protection Act, the hospital should also ensure that it enhances various measures in the facility. Moreover, the hospital should ensure that data is used for its stated purpose in the hospital. It should thus be relevant for its area of use and not be excessive. To add on, the hospital ought to enhance the safety and security should be promoted in the use of data.
Secondly, the hospital should also conduct an analysis of the information estate in lieu of the new system that will be set up. The analysis of data, besides analyzing the applications of data that plays the role of storing data in the hospital, provides the hospital to have an overview of the kind of information that is accessed in the entire hospital, the individuals that use the data in the hospital and making a conclusion of personal data in tandem to the patients in the hospital. It is essential to know the manner in which the accessed data in the hospital is used and the individuals that access the data in hospital. This is significant in determining the credibility of the information and ensuring that the information is not hampered or altered in any way or deleted by some individuals with unknown intentions.
Thirdly, also it is imperative to conduct a performance on the gap analysis of the security in the hospital based on the system that has been recommended.  A gap analysis enhances the provision of a benchmark, besides determining where the needs in the security of data ought to be improved. An analysis of the gap in security in the hospital is also essential in the provision of advice to the processes of security and security control in the hospital. This ranges from encouraging the employees in the hospital to observe the most appropriate policies of security, in addition to introducing technical measures, such as securing access and authentication, in the hospital. The security of data is not only concerned with bits and bytes. Therefore, the gap analysis ought to include such aspects a as physical securities, including the places that provide services in the hospitals. The hospital should thus ensure that its employees are vetted and trained in the protection of data and security policies are put in place in the entire hospital.
Fourthly, the hospital ought to enhance the strategies of data protection in the hospital. These strategies include the use of strong passwords and firewalls. Various aspects ought to be put into consideration in the formulation of passwords. That is, strong passwords that cannot be guessed by any individual ought to be used in the hospital. The formulated passwords should be provided only to the individuals that work in the hospital and have the right to access the patients’ data in the hospital.
Fifthly, the hospital should conduct data landscaping. This plays the role of cataloguing the data used by the hospital and seeking to determine the value of the data in the cases of its loss or in the cases whereby the data is compromised in any way. The impact of the release of the data to the individuals that are not authorized should also be analyzed. The impacts of the alteration and misinterpretation of the data should also be analyzed. In cases when a breach of data can take place, the hospital ought to ensure that it has put in place various strategies that ensure that the privacy and confidentiality of patients’ data is promoted at all costs. In other words, the hospital should be prepared to handle such situations as the loss of the information concerning the patients.
Last but not the least; the hospital should also invest in systems for the management of information to boost the longevity of the suggested system. This will provide effective and sufficient structures for the handling of data. It provides an opportunity for the creation, collection, filtering and distribution of data by the use of the set patterns. As a consequence, it becomes easy in proving that the regulations of compliance are strictly adhered to by the hospital. When these recommendations were put in place, the privacy and confidentiality of the data of the patients in the hospital will be promoted. These recommendations will also ensure that incident recovery measures are well implemented in the hospital in the cases of the loss of data or the altering of the data. Thus, various aspects in the hospital will be enhanced, such as the provision of quality services to the patients. This is because the medical professionals in the hospital will make use of the right and relevant information that is provided by the patients for medical purposes. The satisfaction of the patients will also be improved when they are assured that the privacy and confidentiality of their data are provided by the hospital. That is, they will be sure that their medical information is not lost or altered in any particular way.
 
 
 
 
 
 
 

Appendices

User interfaces
Figure 27: Patient registration – User-interface model for registering patients, taking into consideration the required fields, to keep patient data up-to date.
Figure 28: Patient Appointment – User-interface for creating patient appointments.
Figure 29: Patient Management – Keeping track of patient information and doctors they are allocated to.
Figure 30: Appointment Management – Keeping track of appointment times, dates, doctors and departments involved.
 
 
Java code implementation
Patient – create appointment
public class patient {
private int patientID;
private String pName;
private String address;
private int contactNo;
private String username;
private String password;
private char patientType;
public int createAppointment(int patientID, date appDate);
}
 
public class appointment {
private int appID;
private date appDate;
private int doctor;
private int patient;
public int createAppointment(int patientID, date appDate);
}
 
public class controller {
public boolean validateApp(int appointment)
}

INFORMATION SHEET

The questionnaire will be administered to the technological operators of Guneypark Hastanesi Hatay Hospital software. The information will be critical in ensuring that the current system is analyzed for weaknesses and strengths for effective recommendations to be made.
Your participation in the study will be on voluntary basis and you can withdraw from it any particular time. More so, every information you give will be treated with the highest level of confidentiality and privacy.
The research outcomes will be used for the Health Information Management course and will be later upon approval be published as a journal.

INFORMED CONSENT FORM

I hereby consent to complete the questionnaire that will be administered to me. I have read all that pertains to the questionnaire and I am taking part in this study on a voluntary.
Name of Participant:…………
Signature:……….
Date…………
 
Name of Researcher……….
Date……….
 
Witness……….
Date………
 
 

QUESTIONNAIRE

The questionnaire below is prepared in tandem with the Health Information Management Course. The sample questionnaire and the responses is outlined below.

  1. What kind of patient information do you particularly deal with?
  • Patient name
  • Patient age and gender
  • Condition of the patient
  • Any other that concerns the wellbeing of the patient such as the family status of the patient.
  1. Do you seek patient consent to get all these pieces of information?
  • Yes
  1. What aspect in your health records causes so much problems to the organization?
  • Preserving the privacy of the patient is a big problem at times. This is because the system is susceptible to attacks. The tendency of individuals accessing information also presents this challenges for us
  1. What elements of the system need to be upgraded to improve the current situation?
  • All
  1. Is there collaboration in the health information systems across your departments?
  • No, in most cases, there is lack of coordination between the Doctor’s departments and the nurse departments. The problem could be emanating from the reception.
  1. Looking forward to the future, do you think the health information systems at Guneypark should be improved?
  • Yes, I believe any potential and feasible recommendations will be taken in by the management. We need to up privacy and confidentiality at the hospital.

Bibliography

 
Aer-ameos.net. (2015). E-health. [online] Available at: http://aer-www.ameos.net/en/knowledge-centre/thematic-expertise-thematic-issues/health/e-health.html [Accessed 6 August. 2017].
Akbulut, Y., Terekli, G. and Yıldırım, G. T., 2012. Outsourcing in Turkish hospitals: A systematic review. Ankara Saglik Hizmetleri Dergisi. Available at: http://dergiler.ankara.edu.tr/dergiler/28/1751/18603.pdf [Accessed 6 August 2017].
Aksu, P. K., Kipapci, N. S., Catar, O. R. and Mumcu, L., 2015. An evaluation of information security from the users’ perspective in Turkey. Journal of Health Informatics in Developing Countries, 9(2), pp. 55-67.
Altin, U., Bektas, G., Antep, Z. and Irban, A., 2012. The international patient’s portfolio and marketing of Turkish health tourism. Procedia – Social and Behavioral Sciences , 58, pp. 1004 – 1007.
Ay, F. and Polat, Ş., 2014. The belief and opinions of nurses on the electronic patient record system. International Journal of Caring Sciences, 7(1), pp. 258-268.
Aydogdu, C., n.d.. Telemedicine in Turkey: Potential, initiatives and obstacles. Available at: http://web.iyte.edu.tr/~cananaydogdu/MedETel2011.pdf [Accessed 6 August 2017].
Bakker, E., Nuijens, R. and Kaplan, D., 2015. Identifying opportunities to exchange knowledge and products between the Netherlands and Turkey. The Turkish Life Science and Health Sector, pp. 1-34. Available at http://www.internationaalondernemen.nl/sites/internationaalondernemen.nl/files/marktrapport/Report%20Turkish%20Life%20Sciences%20and%20Health%20Sector%20March%202015.pdf
Beaumont, R., 2011. Types of health information systems (IS). Available at: http://www.floppybunny.org/robin/web/virtualclassroom/chap12/s2/systems1.pdf [Accessed 6 August 2017].
Bolin, K. and Kaestner, R., 2012. The economics of medical technology. New York: Emerald Group Publishing.
Cinaroglu, S. and Baser, O., 2017. Spatial distribution of total number of medical devices in Turkey: A classification analysis. Int J Med. Public Health , 7(2), pp. 102-106.
Cruz-Cunha, M. and Miranda, M. and Goncalves, P., 2013. Handbook of research on ICTs and management systems for improving efficiency in healthcare and social care. New York: IGI Global.
Daim, T. U., Behkami, N., Basoglu, N., Kök, O. M. and Hogaboam, L., 2016. Healthcare technology Innovation adoption: Electronic health records and other emerging health information technology innovations. Chicago: Springer.
Dikmen, Y., Karataş, H., Arslan, G. G. and Ak, B., 2016. The level of professionalism of nurses working in a hospital in Turkey. Journal of Caring Sciences, 5(2), pp. 95-102.
Dogac, A., 2012. Interoperability in eHealth systems. Proceedings of the VLDB Endowment, 5(12), pp. 2026-2027.
Farrimond, H., 2012. Doing ethical research. Basingstoke: Macmillan Education.
Gözlü, K. and Kaya, S., 2016. Patient safety culture as perceived by nurses in a Joint Commission International Accredited Hospital in Turkey and its comparison with Agency for Healthcare Research and Quality Data. Patient Safety & Quality Improvement Journal , 4(4), pp. 441-449.
Grain, H., Martin-Sanchez, F. and Schaper, L., 2014. Investing in e-health: People, knowledge and technology for a healthy future: Selected papers from the 22nd Australian National Health Informatics Conference (HIC 2014). New York: IOS Press.
Groves, P., Kayyali, B., Knott, D. and Kuiken, S. V., 2013. The ‘big data’ revolution in healthcare: Accelerating value and innovation. New York: McKinsey & Company.
Günes, Ü. Y., Gürlek, Ö. and Sönmez, M., 2016. A survey of the patient safety culture of hospital nurses in Turkey. Collegian, 23, pp. 225-232.
Hegarty, F., Amoore, J., Blackett, P., McCarthy, J., Scott, R., 2017.  Healthcare technology management. Chicago: CRC Press.
Jung, I., Jang, G. and Kang, S. (2014). Secure eHealth-Care Service on Self-Organizing Software Platform. Mathematical Problems in Engineering, 2014, pp.1-9.
Kasapoglu, O. A., 2016. Selection of the forecasting model in healthcare. Journal of Hospital & Medical Management, 2(2), p. 13.
Kardas, G. and Tunali, E. (2006). Design and implementation of a smart card based healthcare information system. Computer Methods and Programs in Biomedicine, 81(1), pp.66-78.
Kirimlioglu, N., 2017. “The right to privacy” and the patient views in the context of the personal data protection in the field of health. Biomedical Research , 28(4), pp. 1464-1471.
Kohlwes, S., 2014. Governing HealthL Transformations in the Turkish healthcare system. Available at: https://edoc.hu-berlin.de/bitstream/handle/18452/3740/8.pdf?sequence=1&isAllowed=y [Accessed 5 August 2017].
Kose, I., Akpinar, N., Gurel, M., Arslan, Y., Yurt, H. N., Kabak, Y., et al., n.d.. Turkey’s national health information system (NHIS). Available at: http://www.srdc.com.tr/share/publications/2008/9.pdf [Accessed 5 August 2017].
Layman, E. and Watzlaf, V. 2009. Health informatics research methods: Principles and practice. Chicago, IL: American Health Information Management Association.
Locatelli, P., Restifo, N., Gastaldi, L. and Corso, M., n.d. Healthcare information systems: Architectural models and governance. Available at: https://pdfs.semanticscholar.org/9641/13c85560f9a0e08d6fa2723794c980b198f2.pdf [Accessed 5 August 2017].
Lu, D.-F., Street, N. W., Currim, F., Hylock, R. and Delaney, C., 2009. A data modeling process for decomposing healthcare patient data sets. OJNI Online Journal of Nursing Informatics, 13(1), pp. 1-26.
Mahalli, A. E., 2015. Adoption and barriers to adoption of electronic health records by nurses in three governmental hospitals in Eastern Province, Saudi Arabia. Perspect Health Inf Manag, 12, p. 1f.
Mantas, J. and Hasman, A., 2013. Informatics, management and technology in healthcare. New York: IOS Press.
Marcus, A., 2014. Design, user experience, and usability: User experience design practice: Third International Conference, DUXU 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014, Proceedings, Part 4. New York: Springer.
Matthews, T. D. and Kostelis, K. T., 2011. Designing and conducting research in health and human performance. Chicago, IL: Jossey-Bass.
Mettler, T., Rohner, P. and Baacke, L., n.d. Improving data quality of health information systems – A holistic design-oriented approach. Avaiable at: https://www.alexandria.unisg.ch/214560/1/20080305_ECIS.pdf [Accessed 5 August 2017].
Miller-Cochran, S. K. and Rodrigo, R. L., 2013. The wadsworth guide to research. London: Cengage Learning.
Moore, P. T. and Sharma, M., 2013. Enhanced patient management in a hospital setting. IT CoNvergence PRActice (INPRA), 1(3), pp. 1-21.
Nafukho, F. M., 2015. Handbook of research on innovative technology integration in higher education. Hershey, PA: IGI Global.
OECD, 2014. OECD reviews of healthcare quality: Turkey 2014. Available at: http://www.oecd.org/publications/oecd-reviews-of-health-care-quality-turkey-2013-9789264202054-en.htm [Accessed 5 August 2017].
Okem, G. Z., 2011. Innovation in the health sector in Turkey on its way to European Union membership. Available at: http://aei.pitt.edu/30040/1/Executive_Summary_(Eng)-1.pdf [Accessed 5 August 2017].
Olcay, E., 2013. Medical technologies market in Turkey. Available at: http://www.scherago.com/labtechmed/pdf/us-cs-turkey-report-2013.pdf [Accessed 5 August 2017].
Ozturk, H., Bahcecik, N. and Ozcelik, K.S., 2014. The development of the patient privacy scale in nursing. Nursing Ethics, 21(7), pp. 812-28.
Pope, C. and Mays, N., 2006. Qualitative research in healthcare. London: BMJ Books.
Russell, L., 1979. Technology in hospitals: Medical advances and their diffusion. London: Brookings Institution Press.
Sampietro-Colom, L. and Martin, J., 2016. Hospital-based health technology assessment: The next frontier for health technology assessment. London: Springer.
Simon, P., 2010. The next wave of technologies: Opportunities in chaos. New York: John Wiley & Sons.
Sridhar, D. S., 2013. Impact of healthcare informatics on quality of patient care and health services. New York: Productivity Press.
Street, L. J., 2017. Introduction to biomedical engineering technology. Chicago, IL: CRC Press.
Suder, A. and Durucu, M., 2015. Chapter 5: ICT in healthcare management, developments, and applications in Turkish health sector. Available at: https://pdfs.semanticscholar.org/fa8c/e73c9385cbc4aaf94fa82bdfe54153aeee5b.pdf [Accessed 5 August 2017].
Sun, J. and Reddy, C. K., n.d.. Big data analytics for healthcare. Available at: http://dmkd.cs.vt.edu/TUTORIAL/Healthcare/part2.pdf. [Accessed 5 August 2017].
Tatar, M., Mollahalilog˘lu, S., Sahin, B., Aydın, S., Maresso, A. and Hernández-Quevedo, C., 2011. Turkey: Health system review. Health Systems in Transition, 13(6), pp. 1-186.
Thomas, H. and Piccolo, F. L., 2009. Ethics and planning research. London: Ashgate Publishing.
Top, M., Yilmaz, A. and Gider, S. Ö., 2013. Electronic medical records (EMR) and nurses in Turkish hospitals. Systemic Practice and Action Research, 26(3), pp. 281-297.
Top, M., Yilmaz, A., Karabulut, E., Otieno, O. G., Saylam, M., Bakır, S. and Top, S., 2015. Validation of a nurses’ views on electronic medical record systems (EMR) questionnaire in Turkish health system. Journal of Medical Systems, 39(6), p. 67.
Turan, A. H. and Palvia, P. C., 2014. Critical information technology issues in Turkish healthcare. Information & Management, 51(1), pp. 57-68.
Wang, V. C., 2014. Handbook of research on education and technology in a changing society. London: IGI Global.
Whiteman, N., 2012. Undoing ethics: Rethinking practice in online research. London: Springer Science & Business Media.
Yurt, N., 2008. Turkey’s e-health activities: A country case study. Available at:  http://ehealth-connection.org/files/resources/Turkey%27s%20eHealth%20Activities-%20A%20Country%20Case%20Study.pdf [Accessed 5 August 2017].
Zaim, H., Bayyurt, N. and Zaim, S., 2010. Service quality and determinants of customer satisfaction in hospitals: Turkish experience. International Business & Economics Research Journal , 9(5), pp. 51-58.
Zheng, G., Zhang, C. and Li, L., 2014. Bringing business intelligence to health information technology curriculum. Journal of Information Systems Education, 25(4), pp. 317-326.