While recognized that global actors influence health information system design, studies of health informatics have largely focused on micro politics of technology design and implementation. Here a problematic patient care information system (PCIS) is discussed in relation to federal and provincial policies and corporate strategies to demonstrate that our understanding of health informatics can be enhanced by linking micro studies of health informatics to larger macro contexts.
Interviews and document study.
Although the extent to which federal initiatives influenced (or failed to influence) provincial and hospital initiatives remains debateable, events initiated at one level (the hospital's decision to implement software, initiated at the organizational level) are influenced (perhaps indirectly) by developments in other contexts (federal/macro changes gave an initiative more weight; provincial initiatives such as the Labour Accord altered the industrial relations environment in which system development occurred).
Micro-studies of work practice, invaluable in addressing interactions between technologies, users and work practices, often fail to account for the historic reach of global actors, although it is often these historic circumstances that contribute to present-day interactions between user, information system and organization, and that find expression - often indirectly - in daily work practices.
In health care, it is mandatory to maintain the privacy and confidentiality of medical data. To achieve this, a fine-grained access control and an access log for accessing medical images are two important aspects that need to be considered in health care systems. Fine-grained access control provides access to medical data only to authorized persons based on priority, location, and content. A log captures each attempt to access medical data. This article describes an overall middleware infrastructure required for secure access to Digital Imaging and Communication in Medicine (DICOM) images, with an emphasis on access control and log maintenance. We introduce a hybrid access control model that combines the properties of two existing models. A trust relationship between hospitals is used to make the hybrid access control model scalable across hospitals. We also discuss events that have to be logged and where the log has to be maintained. A prototype of security middleware infrastructure is implemented.