Enhancing Information Privacy and Data Sharing in a
advertisement
Enhancing Information Privacy and Data Sharing Case Enhancing Information Privacy and Data Sharing in a Healthcare IT Firm: The Case of Ricerro Communications Wingyan Chung, School of Business & Economics, Fayetteville State University, USA, wchung@uncfsu.edu Lewis Hershey, School of Business & Economics, Fayetteville State University, USA lhershey@uncfsu.edu ABSTRACT Information privacy and data sharing are two conflicting but important data management concerns. As more data are shared among stakeholders, the design of information systems (IS) often emphasizes on data sharing at the expense of information privacy. Unfortunately, existing IS research on designing tools to enhance information privacy is isolated from actual use of the tools. In this research, we examined the design of a data sharing system in a real-world company. The company, Ricerro Communications, Inc., produces and markets wearable communications devices used mainly in healthcare organizations. Poor data sharing in Ricerro’s multiple systems resulted in loss of information privacy and security and inefficiency, seriously affecting customer relationship management. A consulting team has analyzed Ricerro’s needs, gathered stakeholder requirements, and developed a privacy-enhancing data integration solution, which consists of database schema integration and data migration from various sources to a Web-based transaction processing system. Through this industry case, we illustrate how our developed principles and guidelines for designing IT artifacts incorporate the benefits of information privacy and data sharing. KEY WORDS Information Privacy, Data Sharing, Data Integration, Healthcare IT, CRM, Design-Science Research, Business Intelligence. PROLOGUE Ricerro’s1 CFO, Daniel Morgan, and IT Director, Carl Silver, were meeting in one of the company’s conference rooms. 1 While all organizations, people, and details mentioned in the case study are real, their names are fictitious due to a non-disclosure agreement. A list of abbreviations used in this research is shown in Appendix 1. 55 Enhancing Information Privacy and Data Sharing Case “Ricerro is growing quickly,” Daniel said, “but I am getting complaints from sales and administration about data privacy problems causing big headaches.” “What headaches are you talking about?” Carl asked. “I heard that customer data on software licenses and maintenance are not protected properly. Data privacy is lost and inaccuracy occurs in the process. They tell me stories about multiple versions of customer private data are available in Excel sheet, database, and paper format, some of which are accessible by unauthorized users in the company. They are even having trouble determining which information is correct, and they have to manually transfer this data between databases. What IT is doing with the budget they are given??” Daniel replied. Carl felt that he might not have enough time to tackle this problem and said, “Ok, I know people at Mission Consulting Group (MCG) that may be able to help us come up with a solution. Would the company be willing to support MCG as they work with us?” “Sure, I am looking forward to seeing accurate data being made available in a timely and secure manner.” Daniel replied. INTRODUCTION Information privacy and data sharing are two conflicting but important data management concerns. Data sharing aims at providing convenient, ubiquitous access and use of data. A major reason for the existence of information technology (IT) is to facilitate sharing of data and information. Database technologies, data integration software, and business intelligence tools are developed to support this important task. Customers can use shared data to track the orders they placed. Managers can use accurate and timely data to make the right decisions. Suppliers access these shared data to ensure their procurement and delivery are on-time and correct. Despite the benefits of sharing data, adoption of IT for healthcare application is not without its problems. For one, information privacy can be compromised in data sharing. As more data are shared among stakeholders, information privacy increasingly becomes a concern. Information privacy is the desire of individuals to have influence or control over data about themselves (Belanger, Hiller, & Smith, 2002). Bady (2011) traced back the history of privacy law since 1890 and found that modern technology development has consistently removed protection for information privacy. As contemporary information technologies continue to suppress information privacy, Bady concluded that new countervailing technologies are needed to enable privacy to survive. In this research, we examine through a real-world company case the design of information systems (IS) that could simultaneously enhance both data sharing and information privacy. We conducted a literature review to examine usual security and 56 Enhancing Information Privacy and Data Sharing Case privacy issues in healthcare IT firms and design of privacy-enhancing data integration solutions. We present a case study about a healthcare IT firm and describe the solution developed to address data sharing and information privacy. Case studies involving a single organization are not new (Zafar, 2011; Yin, 2008). We provide technical details in the design process and distill the systems design principles and guidelines. The results should contribute to the design science academic community and the IT development practice, especially concerning data sharing and information privacy. LITERATURE REVIEW In this section, we review security and privacy issues in healthcare data sharing that is served by the firm described in our case. We also review prior works on the design of privacy-enhancing information systems that relate to our research goals. Security and Privacy Issues in Healthcare Data Sharing Concerns about maintaining patient privacy when adopting IT solutions for healthcare systems involve several key areas such as organizational-level issues, individual-level issues, authentication, and privacy protection. Regarding organizational and protection issues, Winker et al. (2000) note the difficulty of developing and enforcing uniform standards for Web-based information that both enhances the physician-patient relationship and protects patient privacy. Regarding such enhancement, Tang, Ash, Bates, Overhage, & Sands (2006) report that the integration of personal health records (PHR) with electronic health records (EHR) systems allows patients to become active participants in improving their own healthcare outcomes. Despite the advantages of such integration, the authors note that the very act of combining such systems exposes the patient’s records to possible compromise of private information. As such, the need for authentication for access becomes paramount. Echoing concern for authentication issues, Vest & Gamm (2010) survey two decades of efforts to create comprehensive health information exchanges (HIE) to improve communication across fragmented patient records across medical specialties and identify concerns about security as a continuing issue. Yet advances in IT design and implementation are showing inroads into authentication concerns. For example, Ge, Ahn, Unde, Gage, & Carr (2013) address privacy concerns in the sharing of medical imagery by use of Patient Controlled Access-key REgistry (PCARE), whereby the patient provides digital access to identified providers who then can access the imagery data directly via electronic delivery. Furthermore, the issue of privacy itself may be of less concern for some patient groups than others or than for providers. For example, Hassol et al. (2004) report little concern among patients about breach of confidentiality in the use of electronic communications (email and web-based texting) in a survey of 4,282 registered patients. However, potential healthcare delivery outcomes may arise due to differences between patient preferences for mode of communication (email and 57 Enhancing Information Privacy and Data Sharing Case texting) and those of physicians (telephone). These differences are exacerbated by the fact that the preferred mode of communication for each group is the least preferred mode of the other. Table 1 summarizes the main findings. Table 1. Ongoing Security and Privacy Issues Regarding Healthcare Data Sharing Issue Research Winker, et al. (2000) Tang, et al. (2006); Vest & Gamm (2010) Seto & Friedman (2012) Finding Lack of industry-wide standards Personal records necessarily uniquely identifiable Organizational Level Issues Fragmentation across medical specialties Increased efficiencies and effectiveness Payne et al. (2012) possible Patient-physician differences in Hassol, et al. (2004) preferences for modes of communication Individual Level Issues Useful integration across IT creates risk Tang, et al. (2006) for privacy compromise Authentication Ge, et al. (2013) Use of patient controlled access keys Use of patient controlled access keys Ge, et al. (2013) Privacy Malin, Emam, & O'Keefe, Informatics innovations improve data Protection (2013); Ohno-Macado (2013) sharing while enhance privacy protection While risks to patient privacy are an on-going concern, adoption of the state of the art information technologies in the healthcare industry is critically important for at least two reasons: costs savings and improved healthcare delivery. Regarding cost savings, Hillestad et al. (2005) note the inefficiency of the U.S. Healthcare System and estimate that adoption and implementation of modern IT infrastructure could save $81 billion per year. Similarly, Payne, et al. (2012) identify substantial cost savings in the use of healthcare IT, not only in increased efficiencies for current treatments, but also in the support for developing new models of healthcare delivery systems. Along these lines, Woolhandler, Campbell, & Himmelstein (2003) compare discrepancies in cost structure between U.S. and Canadian healthcare administration systems and advocate savings for U.S. healthcare by adopting the Canadian model. Regarding health safety issues, Schnipper et al. (2012) studied the use of electronic personal health record (PHR) linked medications for accuracy and safety against traditional record keeping control groups and found improvements in both administration of the correct dosage and a decrease in potentially harmful effects from unexplained discrepancies between prescription and actual medication given. Similarly, Apparil, Carian, Johnson, & Anthony (2012) studied the use of computerized physician order entry (CPOE) and electronic medication administration records (eMAR) for monitoring medication order delivery effectiveness and found the use of eMAR alone or in combination with CPOE to improve adherence to guidelines. However, despite improvements in health delivery safety, adoption of IT for health 58 Enhancing Information Privacy and Data Sharing Case systems is not without its problems. For example, while Seto & Friedman (2012) recognize the value of sharing electronic health records (EHRs) across computerbased platforms, they note the difficulty implementing file sharing standards across differing medical specialties. Design of Privacy-Enhancing Data Integration Solutions Information privacy is an active research area within the information systems and computer science research communities. Privacy and trust issues are important yet frequently ignored concerns among systems designers and researchers. While many companies might have an explicit company privacy policy, few do so at the design level (Lahlou, Langheinrich, & Röcker, 2005). This is a significant issue, especially in the early stages of technological development, as design decisions have far-reaching consequences for the future costs of privacy protection within the system. According to Lahlou, et al. (2005), the design of adequate solutions will succeed only if privacyrelated problems are methodically approached from the initial stages of development. In the “Disappearing Computing” initiative, nine guidelines for information systems design were developed (Lahlou & Jegou, 2004): “think before doing,” “revisit classic solutions,” “openness,” “privacy razor,” “third-party guarantee,” “make risky operations expensive,” “avoid surprise,” consider time” and “good privacy is not enough.” Although privacy is a key design issue, the advocated guidelines are too general to be applicable to companies that have complex data sharing requirements; such as in healthcare IT firms. The Journal of the American Medical Informatics Association recently published a special issue on public sharing of medical informatics data while protecting individual privacy (Malin, Emam, & O'Keefe, 2013; Ohno-Macado, 2013). The issue contains papers grouped into socio-legal track and technical track, each offering examples of sharing public healthcare data in a privacy-preserving manner (through deidentification, e.g., as in the PopData project (Hertzman, Meagher, & McGrail, 2013)) and providing technical solutions to protecting patients’ privacy when sharing data (e.g., deriving a secure fingerprint from genomic data (Cassa, Miller, & Mandl, 2013)). Despite the cutting edge informatics research, none of the published papers describes their outcomes in the context of healthcare IT firms that have complicated data sharing requirements. In addition, the technical solutions described in some of the papers are applicable mainly in cryptographic applications but provide limited guidance for systems design of healthcare IT firms’ data sharing. After reviewing over 500 articles in information privacy research in information systems and having coded 142 journal articles and 102 conference proceedings papers, Belanger and Crossler found few studies in journal articles focusing on design and action contributions, which could potentially bring a larger impact to real-world businesses than USA-centric, student-based studies on which existing research relies heavily (Belanger & Crossler, 2011). Much of research on information privacy tools and technologies was conducted in isolation from actual future users of the tools. 59 Enhancing Information Privacy and Data Sharing Case Therefore, Belanger and Crossler recommended that researchers should conduct more design and action research, with an eye towards actual implementation. Major contributions expected from such research are tools and technologies developed from a design science perspective (Hevner, March, Park, & Ram, 2004). However, the design of these IT artifacts often emphasizes on data sharing at the expense of information privacy. RESEARCH DESIGN Considering the lack of design-science research on privacy-enhancing data integration solutions for healthcare IT firms, we conducted a case study research to examine the principles and guidelines of designing privacy-enhancing data sharing systems applicable to healthcare IT firms. The case study research method is defined as an empirical inquiry that investigates a contemporary phenomenon within its real-life context (Yin, 2008). Case study research brings an understanding of a complex issue or object and can extend experience or enrich the literature (Soy, 1997). The case study research method allows researchers to retain the holistic and meaningful characteristics of real-life events such as the lengthy process of designing and implementing a complicated data sharing solution in a healthcare IT firm (Yin, 2008). In this study, we address the following research questions: 1. How can an IT artifact that promotes both data sharing and information privacy be designed for a healthcare IT company? 2. What stakeholder concerns should be incorporated in the design and development of a privacy-enhancing data sharing system? 3. What are the principles and guidelines for designing IT artifacts that incorporate the benefits of information privacy and data sharing? To answer these questions, we followed an iterative process of describing experience, describing meaning, and identifying focus of the analysis in our research (Zucker, 2009). We present below the case about the healthcare IT company and describe the concerns in data sharing and information privacy. We provide technical details in the design process and distill the systems design principles to answer the research questions. RICERRO COMMUNICATIONS, INC. Located in California’s Silicon Valley, Ricerro Communications, Inc. specializes in wearable communications devices used mainly in healthcare settings. The company is young but is growing rapidly, expanding office space, acquiring complementary businesses, adding product lines, and expanding its IT infrastructure. Ricerro offers a system designed to streamline communications within organizations. The core system consists of voice-controllable wireless badges that serve as the primary communications interface for users, and a software suite that supports system 60 Enhancing Information Privacy and Data Sharing Case operations, integrates the system with other infrastructure, and provides a configuration interface for administrators. Additionally, the firm offers software products that enable third-party devices (such as Blackberry and iPhone) to work with their system. The system employs voice recognition, wireless networking, and voice over IP technologies to facilitate communications among mobile users in a work environment. For instance, users can call or locate other users by activating their wearable badges, speaking the desired command (e.g., “call”), and then speaking the target user’s name. This ability frees users from having to memorize or look up phone numbers and can shorten the time needed to locate a colleague, which leads to increases in efficiency. The system also enables broadcast communications to groups of users based on characteristics like job function. This capability reduces the need for overhead paging via loudspeakers. The system can improve communications for organizations in a variety of industries, but the majority of customers are health care providers for which employing handsfree devices and intelligent communications routing can yield improvements in workflow, collaboration, and ultimately patient safety (Runyon, Lovelock, Rishel, Edwards, & Shaffer, 2009). Ricerro has a CEO/Chairperson, a VP Sales, a VP Services, and a CFO at the executive level. All technology support and IT staff report to the VP Services, while all order administrators and finance related staff report to the CFO (see Figure 1 for key project stakeholders and Appendix 1 for full names of all abbreviations used in this case). While there are plenty of meetings that bring Ricerro employees together, there are some problems communicating information across the organization. After meetings, everyone goes back to whatever problem they were working on. Information Technology Ricerro sells the hardware and software components of its communications devices as well as contracts for maintenance and technical support. Additionally, the company provides technical support services to its customers. The following section describes the systems used by Ricerro order administration, technical support, and sales personnel to support these operations. 61 Enhancing Information Privacy and Data Sharing Case Key project stakeholders are highlighted in blue. Chairman and CEO VP, Sales Sales Admin. Managing Dir., UK Outside Sales VP, Services Service Admin. Sr. Dir., Tech. Support Tech. Support Sr. Service Coord. Service Admin. Mgr., IT IT Lead Mgmt. Specialist Marketing CFO G&A Controller G&A Executive Asst. G&A Sr. Mgr., Sales Operations Sales Admin. FP&A Mgr. G&A Sr. Order Admin./Sales Support Sales Admin. Inside Account Mgr. Inside Sales Figure 1. Key Project Stakeholders Order Processing and Financial Accounting Order administration personnel track information that supports customer order processing and financial accounting activities in a database, an enterprise resource planning system, as well as a spreadsheet that tracks customer software license keys. These keys, which are required to activate customers’ systems, are generated via a custom-built License Maker application. Ricerro also uses two software products: one is a dashboard application that enables the database to track and report on net changes in customer purchase orders, and the other simplifies the consolidation of financial data between Ricerro’s domestic and international operations. Customer Relations Management Inside sales and technical support staffs primarily use a separate sales database to track information that underpins sales generation, customer maintenance, and technical support activities. Project stakeholders have requested extension of this system to store more information about customers' license growth and software maintenance contract details. Additionally, Ricerro’s account managers and technical support staff rely on a monthly spreadsheet-based report to obtain information about customers’ current 62 Enhancing Information Privacy and Data Sharing Case system configurations and the terms of their software maintenance contracts. This information is used to determine when customers should be contacted to initiate maintenance contract renewals and to identify up-sell opportunities. Integrative Technologies At present, much of data sharing between Ricerro’s systems of record is done manually. However, Ricerro has purchased and started to implement a data integration tool to help synchronize information between the two systems, with the intention of providing a more complete view of the customer for customer-facing groups like sales and technical support. Data Sharing and Information Privacy Concerns A general phenomenon challenging the data management is manual data import and transfer resulting in slow (or lack of) sharing. This can cause businesses to lose revenue as employees lack the information that was supposed to be communicated to them. Ricerro faced these problems stemming from manually tracking data in multiple information sources (license key and software support data were stored in spreadsheet documents and distributed manually). First, software maintenance term (SWMT) data was transferred manually between a database and a web-based transaction processing systems (WTPS), again increasing the potential for errors and data communication delay issues. Secondly, the processes used to manage customer license keys (LKs) was not scalable or secure (as it was also tracked manually on spreadsheets). Thirdly, administration, technical support, and sales users lack ready access to a consolidated view of customers' system profile (customer accounts, contract, support, and enabled products) and relevant purchase history (i.e., soon to expire licenses). A customer profile and relevant purchase history did not include a display of license key (a license key contains information needed to determine enabled products) or software maintenance support considerations (the software is what runs these communications systems used for instance in a hospital). Stakeholders have indicated that the users and maintainers of LK and SWMT information would benefit from more automated data transfer and maintenance processes, more flexible data storage methods, and an interface that consolidates and presents these data as part of a simple display. In addition, information privacy should be preserved in the sharing process, possibly by means of password-protected accounts and secure data dissemination. DATA INTEGRATION SOFTWARE AND SOLUTIONS Alternatives MCG Considered Alternatives considered were moving data directly from the GP and License Key databases to the Web-based Transaction Processing System (WTPS), sending the License Key data via email to the WTPS and moving the software maintenance term 63 Enhancing Information Privacy and Data Sharing Case (SWMT) data directly to the WTPS, or sending the License Key data via email to the WTPS and moving the SWMT data from the financial dataset to the WTPS. Systems Analysis Processes In the analysis phase, MCG mapped out the existing systems and stakeholder processes that were relevant to the user licenses and software purchases. Later MCG looked at the gathered requirements and “eliminated any redundancies” (Hoffer, 2008). Stakeholder Requirements Elicitation MCG interviewed and surveyed company representatives from the different stakeholder groups individually. From these interviews, MCG developed a set of requirements and business process models (a set of requirements relating to Service Contract Purchase/Modification Cases and License Key (LK) Use Cases). MCG analyzed business processes that involve customer LK and SWMT data, gathered system requirements from users and other stakeholders, developed and refined alternative system concepts, and incorporated stakeholder preferences into a final design concept. Following the selected design concept and requirements, MCG developed specifications for a solution to automate the transfer of customer LK data and SWMT data from the new License Database (License DB) system and the company’s financial database (GP), respectively, to the company’s WTPS instance. The WTPS is a system used to manage customer purchase details and history to company sales and support. MCG also developed specifications for the requisite data storage, workflow, and interface elements in the WTPS system. A Single View of Customer Profile is Needed Accessible only by Authenticated Users The information systems did not support ready access to a consolidated view of information about their customers' system profile and purchase history. A customer’s current system profile is critical to inside account managers (IAMs) and order administrators (OAs) because it informs future order processing for that customer. IAMs use this system profile to provide customers with quotes and OAs use it to process purchase orders as they are handed off by sales. Additionally, technical support staff uses system profile information to determine the proper support level for a given customer. Because this information was distributed among several sources (i.e., the license tracking spreadsheet and the maintenance tracking spreadsheet) that are updated manually, users had to check several sources often to find and verify a customer’s system configuration, which is time consuming. Information about past customer purchases is valuable to sales teams, which can use it to more effectively identify opportunities in existing accounts. To access this information, sales people used a spreadsheet report that was updated monthly using 64 Enhancing Information Privacy and Data Sharing Case data from another database system. OAs also rely on recent purchase history data to verify customers’ current system profiles and they may reference other databases directly, look at the aforementioned maintenance report, or both. While easy to interpret, the maintenance spreadsheet only represents a monthly snapshot of customer purchase activity and thus does not contain the most up-to-date information. The database system does contain the most current information, but the information is more difficult to find and requires some interpretation. Overall, personnel in the inside sales, technical support, and sales administration groups were losing time because customer information often must be parsed manually or verified among multiple sources. Management of Software License Key Process Needs to be Scalable and Secure Software license key (LK) management is a core process. A customer must be issued a valid LK before invoicing and each key represents information that is critical to future order processing as well as technical support activities for that customer. The processes employed to generate and manage LKs involved several manual steps, which increase the possibility of data entry errors as well as sequencing errors that complicate order processing. Additionally, LKs were tracked using a spreadsheet system that lacks referential integrity controls and access controls, putting crucial information at risk of corruption. Finally, the manual decoding process of each LK is onerous for those who are not familiar with the LK format and can cause confusion when the key structure is changed to incorporate new elements. Software Maintenance Reporting Needs to be Automatic Data about customer technical support contracts enter the company’s IT systems as sales transactions and are logged in a Microsoft Dynamics accounting database system named Great Plains (GP). Each day, the Senior Service Coordinator (SSC) selected and exported relevant information from GP and then transferred it to an Excel spreadsheet file, which holds details about the associated customer (such as the report server configuration they are using) in addition to storing the terms of their support agreement (e.g., the maintenance expiration date and the number of seats covered). Once the spreadsheet has been updated, the SSC manually transfers information from this spreadsheet to the WTPS system, where sales teams can use the information to identify opportunities. This process draws too much of the SSC’s time and delays the availability of information that the sales teams and the customer support teams rely on. Consequently, increases in activity would have likely challenged the current system and further compound these issues. 65 Enhancing Information Privacy and Data Sharing Case New or updated maintenance contracts were also extracted from GP each month and the data was consolidated into a spreadsheet. This spreadsheet contains information on all customer licenses and also a history of upgrades or downgrades. This spreadsheet was used by IAM as well as field sales to achieve a holistic view of the customer’s current standing. Table 2. Features and Functions Related to LK Integration and SWMT Integration Ft. # 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 Description Automatically transfer LK data from the License DB to WTPS Automatically update existing LK records in WTPS Enable users to manually associate LK records with one to many WTPS accounts Track and present historical LK records Support separation of duties (present LK information differently based on WTPS user profile) Provide a standard and component view of LK data in WTPS Automatically identify LK to customer account matches in WTPS Notify users of upcoming temporary LK expirations Enable reporting on individual license key fields Automatically transfer SWMT data from the financial database to WTPS Automatically update SWMT data in WTPS Automatically match SWMT data to customer accounts in WTPS Provide an itemized view of SWMT contract purchases in WTPS Notify users when there are changes to LK and SWMT information in WTPS (e.g., data inserts and updates) Use the same identifying field for both project data integrations Stakeholder Priority Must Have Must Have Must Have Must Have Must Have Must Have Must Have Nice to Have Nice to Have Must Have Must Have Must Have Must Have Nice to Have Nice to Have Additionally, GP data is replicated to a database for accounting and reporting purposes. The service coordinator sends an email monthly to field sales representatives. This email informs the representatives about their customers’ latest upgrade or downgrade and includes other important customer license data. This report helps the sales rep to confirm that a purchase order has been processed and to verify that the customer received what they ordered, but waiting on this monthly report does not give the company representatives the information in a timely manner. 66 Enhancing Information Privacy and Data Sharing Case Identified Requirements Table 2 identifies requirements developed through iterative consultations with company stakeholders. Assumptions In order for MCG to proceed, it had to make some assumptions that Ricerro confirmed. The License database, a MySQL database, will become the system of record for LK data and will serve as the source of the LK data transferred to the WTPS. Implementation of the License database application is a major dependency for deployment of the LK data to the WTPS, and Ricerro’s System Test Engineer will work with MCG to make sure that LK data can be reliably transmitted from here. Ricerro will use an already purchased integration tool to copy SWMT data from the financial system of record to the WTPS. The structure of the financial database will be finalized before integration is configured to copy SWMT data to the WTPS. All customer accounts in the GP system will have representative account records in the WTPS. SOFTWARE LICENSING DATA INTEGRATION AT RICERRO Solution Developed by MCG Following the selected design concept and requirements, MCG developed specifications for a solution to automate the transfer of customer LK data and SWMT data from the new License Database (License DB) system and the company’s financial database, respectively, to the company’s WTPS instance. The WTPS is a system used to manage customer purchase details and history of company sales and support. MCG also developed specifications for the requisite data storage, workflow, and interface elements in the WTPS system. As shown in Figure 2, the solution involves importing software maintenance term data and license key data into the WTPS. The web-based transaction processing system was chosen because the data needs to be frequently updated to include recent customer purchases. Automatic secure data import is necessary to replace the convoluted process of manual tracking with multiple spreadsheets, a time consuming delay inducing method for sharing data. Having an automatic secure import resolves the problem of slow data sharing and enhances information privacy, and this allows users access to secure vital data when they need it. The WTPS is then configured to provide display and user generated reports on both customer software maintenance 67 Enhancing Information Privacy and Data Sharing Case terms and license keys. In this alternative, users would only have to consult one interface—the WTPS. It was important to users that they be able to easily view and analyze customer data in one system, which reduces the waiting time or checking of multiple data repositories. Clearly indicating current contracts and displaying the license key components (which refers to customer details such as how many users are entitled on that particular license) is something built into the WTPS. In the system tests this project reduced the time users spend accessing and validating key customer data by improving data sharing. Another product of the project is the protection of key information against human midstream errors by automating data management processes. The system design rested on some key factors. Figure 2. Solution Overview 68 Enhancing Information Privacy and Data Sharing Case Systems Design Rationale Automatic transferring of license key (LK) and software maintenance term (SWMT) data into the web-based transaction processing system (WTPS) while preserving customers’ information privacy may solve the manual data transfer problem. The web-based transaction processing system was chosen because the data needs to be frequently updated to include recent customer purchases. Automatic data import is necessary to replace the convoluted process of manual tracking with multiple spreadsheets, a time consuming delay inducing method for sharing data. Having an automatic import resolves the problem of slow data sharing, and this allows users access to vital data when they need it. The WTPS is configured to provide display and user generated reports on both customer software maintenance terms and license keys. Further, users would only have to consult one interface—the WTPS. It was important that users are able to easily view and analyze customer data in one secure system, which saves them the time and aggravation of having to wait or check multiple data repositories. Information privacy must be preserved through secure user account and proper authority management. Clearly indicating current contracts (SWMT derived information) and displaying the license key components (which reference customer details such as how many users are entitled on that particular license) is something the WTPS needs to handle. System Architecture The system architecture incorporates early design decisions that affect all subsequent software engineering work, directly controlling the ultimate success of the system as an operational entity (Pressman, 2010). Based on the high-level design described above, MCG developed the LK data sharing system architecture that depicts relationships between a license key and the relevant stakeholders (shown in Figure 3). This relationship mapping is the same for the software maintenance terms (SWMT) data sharing system. 69 Enhancing Information Privacy and Data Sharing Case Figure 3. License Key Related Data Relationships As elaborated in system requirements 1.0-7.0, the first main function of this system will be to copy License Keys from the new License DB to WTPS. The system should integrate the License DB and WTPS in the following ways: Automate copy of new License Keys (LKs) from the License DB to a custom License WTPS object. Update existing LK data in WTPS when there are changes in the License DB. Use customer EU ID in the Licenses object to associate to Account Number in the Account object to relate the objects. The SWMT terms are transferred over to the WTPS using similar relationships except that rather than having license data fields and objects, there is software maintenances term data and related objects in the WTPS. Once the License Key and Software Maintenance Term data is imported to the WTPS (Figure 4), the information is displayed to WTPS users in simplified lists which the users can click on if they want to expand (if they want to see full data presentations). Preparing these systems was an iterative process, but laying out (and documenting) a clear vision for stakeholder needs was very helpful. Future steps are following up with their use of the system, and also thinking about other ways they may want to leverage these systems to move additional data or generate analytical reports. 70 Enhancing Information Privacy and Data Sharing Case Figure 4. License Key Related Structures in the License Database and WTPS Systems Implementation Implementation was done in phases. In the first phase, MCG implemented the License Key functionality. The WTPS objects to store the License Key information were tested, followed by testing of the License Key database to ensure data accuracy. After the data email handling for the License Key data integration was checked for automatic and accurate information transport, the License Key integration solution went active (live). In the second phase, MCG implemented the Service Contract (Software Maintenance Terms) functionality. The WTPS objects to store the software related purchases and create the associated service contracts were tested in conjunction with test data being run through a test system. After the integration was checked for automatic and accurate information transport, the software purchase integration solution went active (live). 71 Enhancing Information Privacy and Data Sharing Case Testing and Results In testing the data integration, the results of the varied tests showed that data was being accurately transferred to the WTPS. Next, the process of checking was done to make sure that data was easily manageable inside the WTPS. Various stakeholders had relationships to this data integration process. For sales, which needed to see up to date information, a simple view of this data (and some optional descriptions) satisfied them. For support, MCG created an automatic service contract for active maintenance contract holders. On this contract (displayed on an electronic customer page), users can see relevant purchases and can click on them if they want more details. For administrators, they are able to assign additional accounts and customer support contacts. Additionally, they are able to edit data though they shouldn’t ever have to. LESSONS LEARNED In the design of the solution, several principles and guidelines were developed and practiced to ensure that information privacy is preserved. First, while most stakeholders’ concerns were about sharing data, information privacy is always as important as data sharing. All data attributes and content that have implication on information privacy were carefully protected. Second, security is built into the design of all the interfaces of the components, e.g., between the database system and web interface, between the software license database and other data sources. Encryption and secure accounts that have different levels of authority are used throughout the system. Third, all stakeholders, especially the day-to-day users and managers, are educated on information privacy issues. Training and ongoing reminders are provided to them. Fourth, documentations of system design and development are stored and organized so that stakeholders can access and trace the design process and issues. This requirement can help ensure that information privacy continues to be built into future versions of the system. EPILOGUE IT Director, Carl Silver, was attending a meeting in the office of CFO, Daniel Morgan. “How is the MCG team doing on the IT integration project we talked about a while ago?” Daniel said. Carl replied, “Great, I’m glad you asked something. Since the License Key data project went live, I have heard that it has been a great time saver and confidence booster to have that data automatically available to authorized persons needing current product licensing information. Now we have the benefits of both data sharing and information privacy. In fact, I just heard from someone who thinks the secure, automatic counter of licensed users is just the coolest thing with this available data. As for the software support information, tech support finds it so useful because they can 72 Enhancing Information Privacy and Data Sharing Case easily see in a secure environment whether a customer has an active contract. I’ve heard sales persons also like it because they can easily target expiring customers without having to wait a month for a report. Excuse me, I’ve just been paged. Let’s talk later.” “Glad to hear that MCG and your team’s integration worked, we have got a lot more business we are absorbing. Thanks for stopping by.” Carl replied as he immersed himself into another stack of documents. ACKNOWLEDGMENTS This paper is based upon work supported in part by the National Science Foundation (through award DUE-1141209) and by the Knowledge Systems Laboratory (http://ksl.uncfsu.edu/). Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of NSF. We thank the students and company stakeholders who participated in this project. We thank the reviewers and editor for their work and valuable comments. REFERENCES Apparil, A., Carian, E., Johnson, E., & Anthony, D. (2012). Medication Administration Quality and Health Information Technology: A National Study of US Hospitals. Journal of the American Medical Informatics Association, 19(3), 360-367. Bady, A. (2011). World Without Walls. Technology Review, 114(6), 66-71. Belanger, F., & Crossler, R. E. (2011). Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Quarterly, 35(4), 1017-1042. Belanger, F., Hiller, J. S., & Smith, W. J. (2002). Trustworthiness in Electronic Commerce: The Role of Privacy, Security, and Site Attributes. Journal of Strategic Information Systems, 11(3-4), 245-270. Cassa, C. A., Miller, R. A., & Mandl, K. D. (2013). A Novel, Privacy-preserving Cryptographic Approach for Sharing Sequencing Data. Journal of the American Medical Informatics Association, 20(1), 69-76. Ge, Y., Ahn, D., Unde, B., Gage, D., & Carr, J. (2013). Patient-controlled Sharing of Medical Imaging Data Across Unaffiliated Healthcare Organizations. Journal of the American Medical Informatics Association, 20(1), 157-163. 73 Enhancing Information Privacy and Data Sharing Case Hassol, A., Walker, J., Kidder, D., Rokita, K., Young, D., Pierdon, S., Deitz,D., Kuck, S and Ortiz, E. (2004). Patient Experiences and Attitudes about Access to a Patient Electronic Health Care Record and Linked Web Messaging. Journal of the American Medical Informatics Association, 11(6), 505-513 Hertzman, C. P., Meagher, N., & McGrail, K. M. (2013). Privacy by Design at Population Data BC: A Case Study Describing the Technical, Administrative, and Physical Controls for Privacy-sensitive Secondary Use of Personal Information for Research in the Public Interest. Journal of the American Medical Informatics Association, 20(1), 25-28. Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. Management Information Systems Quarterly, 28(1), 75-105. Hillestad, R., Bigelow, J., Bower, A., Girosi, F., Meili, R., Scoville, R., & Taylor, R. (2005). Can Electronic Medical Record Systems Transform Health Care? Potential Health Benefits, Savings, And Costs. Health Affairs, 24(5), 1103-1117. Hoffer, J. (2008). Systems Analysis and Design. Upper Saddle River, NJ: Prentice Hall. Lahlou, S., & Jegou, F. (2004). European Disappearing Computer Privacy Design Guidelines, Version 1.1. Retrieved from http://eprints.lse.ac.uk/33125/ Lahlou, S., Langheinrich, M., & Röcker, C. (2005). Privacy and Trust Issues with Invisible Computers. Communications of the ACM, 48(3), 59-60. Malin, B. A., Emam, K. E., & O'Keefe, C. M. (2013). Biomedical Data Privacy: Problems, Perspectives, and Recent Advances. Journal of the American Medical Informatics Association , 20(1), 2-6. Ohno-Macado, L. (2013). Sharing Data for the Public Good and Protecting Individual Privacy: Informatics Solutions to Combine Different Goals. Journal of the American Medical Informatics Association, 20(1), 1. Payne, T., Bates, D. W., Berner, E. S., Bernstam, E. V., Covvey, H. D., Frisse, M. E., Graf T, Greenes RA, Hoffer EP, Kuperman G, Lehmann HP, Liang L, Middleton B, Omenn GS and Ozbolt, J. (2012). Healthcare Information Technology and Economics. Journal of the American Medical Informatics Association , In Press. Pressman, R. (2010). Software Engineering: A Practitioner’s Approach. New York, NY: McGraw-Hill. 74 Enhancing Information Privacy and Data Sharing Case Runyon, B., Lovelock, J.-D., Rishel, W., Edwards, J., & Shaffer, V. (2009). Hype Cycle for Healthcare Provider Technologies and Standards Gartner Industry Research. Schnipper, J., Gandi, T., Wald, J., Grant, R., Poon, E., Volk, L., Businger A, Williams DH, Siteman E, Buckel L and Middelton, B. (2012). Effects of an Online Personal Health Record on Medication Accuracy and Safety: A Clusterrandomized Trial. Journal of the American Medical Informatics Association, 19(5), 728-734. Seto, B., & Friedman, C. (2012). Moving Toward Multimedia Electronic Health Records: How Do We Get There? Journal of the American Medical Informatics Association , 19(4), 503-505. Soy, S. (1997). The Case Study as a Research Method. Retrieved from http://www.gslis.utexas.edu/~ssoy/usesusers/l391d1b.htm, University of Texas at Austin Tang, P., Ash, J., Bates, D., Overhage, M., & Sands, D. (2006). Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption. Journal of the American Medical Informatics Association, 13(2), 121126. Vest, J., & Gamm, L. (2010). Health Information Exchange: Persistent Challenges and New Strategies. Journal of the American Medical Informatics Association, 17(3), 288-294. Winker MA, Flanagin A, Chi-Lum B, White J, Andrews K, Kennett RL, DeAngelis CD, Musacchio RA. (2000). Guidelines for Medical and Health Information Sites on the Internet: Principles Governing AMA Web Sites. The Journal of the American Medical Association, 283(12), 1600-1606. Woolhandler, S., Campbell, T., & Himmelstein, D. (2003). Costs of Health Care Administration in the United States and Canada. New England Journal of Medicine, 349(August), 768-775. Yin, R. K. (2008). Case Study Research: Design and Methods (4th edition): Sage Publications, Inc. Zafar, H. (2011). Security Risk Management at a Fortune 500 Firm: A Case Study, Journal of Information Privacy and Security, 7(4), 23-53. Zucker, D. M. (2009). How to Do Case Study Research. School of Nursing Faculty Publication Series. Amherst, MA: University of Massachusetts - Amherst. 75 Enhancing Information Privacy and Data Sharing Case APPENDIX 1 Abbreviation CEO CFO CRM DB Dir. ERP EU ID GP IAM IT LK MCG Mgr. OA PK Sr. SSC SWMT VP WTPS Full Name Chief Executive Officer Chief Financial Officer Customer Relationship Management Database Director Enterprise Resource Planning End-User Identification Number Great Plains – Microsoft Dynamics accounting and financial package Inside Account Manager Information Technology License Key Mission Consulting Group Manager Order Administrator Primary Key Senior Senior Service Coordinator Software maintenance term Vice President Web-based Transaction Processing System AUTHOR BIOGRAPHY Wingyan Chung is Associate Professor of MIS in the School of Business and Economics at UNC Fayetteville State University, where he is also the Founder and Director of Knowledge Systems Laboratory (http://ksl.uncfsu.edu/). He received his Ph.D. in MIS from The University of Arizona, and an MS and BBA from The Chinese University of Hong Kong. Dr. Chung’s scholarly interests and expertise include business intelligence, data/text/Web mining, knowledge management, security and health informatics, information visualization, and human-computer interaction. Lewis Hershey is Professor of Marketing in the School of Business and Economics at UNC Fayetteville State University. He received his Ph.D. from Louisiana State University, and MA and BA in Communications from UNC Chapel Hill. Dr. Hershey’s scholarly interests include marketing, management and leadership, information-processing and communications theory, narrative and literary criticism, intercultural communication, and classical rhetoric. 76
