Posted: May 1st, 2025

Need Nursing Expert to Complete Discussion (WALDEN)

Discussion WK4 NURS 8210

HIT Projects and Decision MakersA nurse leader sought to implement greater security in the children’s wing of the hospital by installing a new alarm and monitoring system. Due to budget constraints, the CNO rejected the proposal, stating that current security methods were sufficient. Shortly after this failed proposal, an individual did in fact breach the children’s wing security and abducted a young child. Thankfully, the child was found and returned to her parents; and the CNO quickly found the money to install the new security system.Not all HIT projects have such high-profile stakes. The main takeaway from this example is the importance of getting key stakeholders and decision makers on board when planning a new HIT project.To prepare:

• Bring to mind a HIT project implemented in your organization. Which leaders identified the project? Which stakeholders and decision makers helped moved the project forward?
• Consider methods that were used to garner the support of stakeholders and decision makers to move the project forward.

By Day 3 post a cohesive response that addresses the following:

• Describe an example of a HIT project implemented at your organization and analyze how that project was identified and moved forward.
• Evaluate the impact of key decision makers on moving the HIT project forward

Editorial
© Schattauer 2011
The Role of Modeling in Clinical
Information System Development
Life Cycle
M. Peleg
Department of Information Systems, University of Haifa, Haifa, Israel
A model is an abstraction of some “thing”
(e.g., object, system, process, phenomenon) in our world that we create in order
to understand it better. Models can be
physical (e.g., an architectural model of a
building, a prototype of a user interface),
mathematical (e.g., a model for predicting
the weather, for estimating population
growth), or conceptual (e.g., a clinical algorithm, the logical relationships between
data items in an electronic medical record
(EMR)). Models can be used to describe an
existing complex real-world object or phenomenon, or they can be used as a vehicle
to design a man-made object or system.
While conceptual models can also be specified in narrative, in this discussion we address conceptual models that have a symbolic representation with a diagrammatic
notation. Thus, conceptual models specify
objects or processes, their properties, and
their relationships.
A conceptual model of a proposed process or system has several important benefits, two of which are of great importance.
First, the process of creating a conceptual
model of a system helps its designer to
study the problem domain better, to understand the system’s components and their
relationships, the system’s desired functionality and behavior, and its interaction
with users and other systems. Second, a
conceptual model can facilitate the communication between different stakeholders
of the process (or system), including, for
example, customers, end-users, (medical)
Methods Inf Med 2011; 50: 7–10
Correspondence to:
Mor Peleg, PhD
Department of Information Systems
University of Haifa
Haifa, 31905
Israel
E-mail: morpeleg@mis.hevra.haifa.ac.il
domain experts, system analysts, and software developers; all stakeholders have different expectations from the system. Using
a conceptual model is one of the ways by
which we can narrow the design-reality
gaps [1] between the conceptions of the
system by its different stakeholders.
Conceptual modeling can play important roles in the development life cycle of
health information systems (HIS, e.g.,
EMR systems, computerized physician
order-entry systems (CPOE), and clinical
decision support systems (CDSS)). Organizations find it useful to use a systems development methodology to support the process of developing and maintaining their
information systems [2]. Most system development methodologies identify several
stages in the development of an information system: system conception and planning, identification and analysis of requirements, system design, implementation,
and, finally, use and maintenance. During
the entire system development process,
feedback from users (and other stakeholders) is received, generating new or revising existing requirements. If these requirements are identified early in the development life cycle then it is easier and more
cost-effective to support them than if they
are identified in late stages, especially after
the system is already in use. The system can
be maintained and updated for some time
until so many new requirements are collected that a decision is reached to start a
new cycle of system development.
According to Boehm [3], around 80% of
all errors found in the final software system
can be traced back to the requirements
analysis and design phases. In other words,
many of the errors are in fact due to
requirements that were not elicited, were
not thoroughly developed, or were misunderstood. To address this issue, several
approaches have been developed to support the system development cycle, while
Methods Inf Med 1/2011
Downloaded from www.methods-online.com on 2012-06-25 | IP: 38.102.29.165
For personal or educational use only. No other uses without permission. All rights reserved.
7
8
Editorial
addressing the need for getting the requirements right. Here, we list just these approaches that relate to the papers in this
collection. The reader is referred to [2] for a
review of other approaches. One of the
approaches is the traditional waterfall
approach, which advocates going through
the system’s life-cycle stages in sequence,
spending much effort on the requirement
analysis and system design phases by using
conceptual modeling. This approach is
similar to the one proposed by Osheroff
and colleagues [4], where they developed a
workbook that implementers of a CDSS
can use to work through the process of
identifying stakeholders, determining the
goals and objectives of the CDSS, cataloging the host information system’s capabilities, and selecting, deploying, and monitoring specific CDS interventions. A second
approach, Rapid Application Development
(RAD), decreases the time needed to design and implement an information system
by extensive user involvement, integrated
computer-aided software engineering
(CASE) tools that assist in updating the different conceptual models and migrate the
design specifications into code, and the use
of prototyping. A prototype is developed
after a shorter analysis and design phase.
Users can then try the prototype and provide feedback on the evolving system. A
third approach is adopted by agile methodologies, which follow an iterative development cycle of system versions that have
only a subset of features. The system is released to users who provide feedback. This
process embraces change in the requirements during system development. A
fourth approach is that of the Unified
Process (UP) development methodology,
whose most well-known refinement is
Rational UP (RUP). UP uses objectoriented modeling methods in an iterative
and incremental (i.e., done in portions)
agile design cycle. The cycle includes inception (identification of use cases and risks),
elaboration (analysis and design), construction (coding and possible revision of
analysis and design), and transition into
the next phase, which includes correcting
problems and system testing with users.
Conceptual models used for system
analysis and design are used in all of the
above-mentioned systems development
methodologies. Different models have different focuses. Some focus on data modeling (e.g., Entity-Relationship Diagrams
(ERD) [5], used in [6]), others on process
modeling (e.g., Business Process Modeling
Notation (BPMN) [7], used in [8]), or object-oriented models, which combine data
and process together into objects. The most
famous of the object-oriented models is the
Unified Modeling Language (UML [9],
used in [10]), which has a collection of
many different models, each focusing on a
different perspective of the system: usecase scenarios, static system elements, system interaction with users and external
components, states and activities, and implementation.
The benefits of conceptual modeling
outlined above make conceptual models
natural choices for supporting the requirements analysis and system design phases,
but they could also be used in validation of
the implementation of the system and in
evaluation of its usage, as demonstrated by
one of the papers in this collection [8].
The three articles in this collection,
while focusing on different stages of the
HIS development cycle, all use conceptual
modeling methods. In the paper “A Business Rules Design Framework for a Pharmaceutical Validation and Alert System”
[10], Boussadi and colleagues suggest an
agile and business-oriented design methodology for the implementation and maintenance of business rule-based decision
support systems. They describe their experience in the adaptation of the UP systems development methodology for the
creation and maintenance of business rules
for the validation of drug prescriptions and
the generation of alerts. This adaptation,
called business rule design framework
(BRDF), introduces two new activities into
UP: business rule specification (e.g., medication-associated laboratory testing decision rules) and business rule instantiation.
Business rule specification involves generating semantic templates, domain vocabularies (for the pharmaceutical domain),
and business rules via the Semantics of
Business Vocabulary and Business Rules
(SBVR) formalism, which was developed
by the Object Management Group (OMG),
who also developed UML, which is used
for system modeling in UP. SBVR business
rules are written with a business object
model – a conceptual model which is based
on the UML class diagram, but at the same
time they are expressed in a form very close
to natural language, which makes it easier
for domain experts (pharmacists in this
case) to understand them and be involved
in specification and instantiation of the
business rules. The instantiation of rules
corresponding to the business object
model requires the identification and
naming of relevant relationships between
classes.
While the paper summarized above addressed the entire system development life
cycle, the two other papers in the collection
address its beginning and end phases. The
paper entitled “Options for Diabetes Management in Sub-Saharan Africa (SSA) with
an Electronic Medical Record System” [6]
by Kouematchoua Tchuitcheu and Rienhoff focuses on the early phases of system
conception and analysis. The authors used
a systematic process for performing an
analysis of the requirements for an EMR
system for diabetes management in SubSaharan Africa, where resources are poor,
and evaluating the appropriateness of a
potential EMR system. The methodology
began with a literature analysis about information and communication options for
diabetes care in SSA, followed by a need assessment field survey, which helped them
identify critical issues and needs for improvement of diabetes management. These
issues were used to conceive scenarios involving patient continuity-of-care issues.
Process-oriented analysis of these scenarios led to the specification of functional
requirements for the EMR system. A conceptual model was developed to address a
solution for different cases of patient continuity of care among diabetes care providers. The conceptual model was then
used to analyze the potential impact on the
requirements elicited for diabetes management. A potential EMR system (an opensource EMR system that was used for AIDS
and multi-drug-resistant tubercolsis management in Latin America) was analyzed to
see whether it could support the needed
functionalities inferred from the conceptual model. The needed enhancements to
the ERM system were designed using an
entity-relationship diagram that considers
Methods Inf Med 1/2011
© Schattauer 2011
Downloaded from www.methods-online.com on 2012-06-25 | IP: 38.102.29.165
For personal or educational use only. No other uses without permission. All rights reserved.
Editorial
the conceptual model of continuity of care.
A prototype of the EMR system was created. Validation of the prototype by experts
and users obtained favorable results, demonstrating that it is possible to find IT
solutions for diabetes care in SSA.
The paper “Objectifying User Critique –
A Means of Continuous Quality Assurance
for Physician Discharge Letter Composition” [8] by Oschem, Mahler, and Prokosch
considers the last phase of the system development life cycle: system use and maintenance. The setting for this paper concerns a
new system for composing discharge letters
that was implemented at the University
Hospital Erlangen in Germany. Users complained that the new system was too slow
but these complaints were too vague and
did not allow enough direction into what
needs to be changed in the system. The authors suggest a process-based approach to
objectify user critique. The process starts
by interviewing users to identify a research
question for in-depth evaluation. Then, a
workflow model of the system to be evaluated is created using the BPMN process
modeling notation. A formal hypothesis
and indicators are defined, which map the
user critique to the workflow steps. Indicators are measured and the results are analyzed and hypotheses are tested. Based on
the results, the system is then improved
(optimized).
The three papers demonstrate how
quality assurance (QA) of safe, effective,
and efficient HISs can be achieved and
maintained using systematic processes that
are tightly tied to conceptual models of the
system’s static elements and/or its processes. In [10], different UML diagrams
were used to formulate requirements and
design the pharmaceutical CDSS such that
it meets the requirements of users and
other stakeholders. In the activities that the
authors added to UP, class diagrams that
specify the business object models of the
pharmaceutical CDSS were used to formulate the semantic templates of medicationassociated laboratory testing rules and instantiate them. In [6], functional requirements for the EMR system were derived
based on a process-oriented analysis and
conceptual modeling. The conceptual
model of continuity-of-care processes
helped analyze the different use cases for
the system and determine their relationship to patient data and the required data
transfer between different healthcare institutions. After checking which requirements
were met by the candidate EMR solution,
ERD was used to design extensions to the
EMR that would support the missing
requirements; lastly, in [8], the process
model (workflow) of the discharge summary system was instrumental in defining
indices for evaluating the performance of
different activities supported by the system.
Evaluating these indices values helped in
identifying objectively which activities of
the system should be optimized. Hence,
the process models were part of a method
for continuously assessing the effectiveness
and efficiency of the HIS.
The conceptual models used in the three
papers exhibited the two benefits described
at the beginning of this editorial; they supported understanding, analysis, and design
of the problem (requirements) and solution domains and facilitated communication between stakeholders. The conceptual models helped in organizing the
cognitive thinking processes involved in
structuring a process in terms of its components activities, the data and resources
needed for them, the organizational roles
taking part in them, and the interaction
among system components and users. Such
modeling enabled identifying differences
between the processes supported by different HISs [8] as well as defining needed
extensions to systems to supported needed
requirements [6].
It is interesting to note that conceptual
modeling was beneficial even when the
conceptual models used were not standard
models that have gained experience and
have been shown to be effective for many
system analysis and design projects; while
UML models and the BPMN model are
well-established models, the conceptual
model in [6], which was helpful in analyzing and describing the data needs of different cases of patient continuity of care
among diabetes care providers, was not
expressed in a known formalism. Interestingly, this non-standard model bears some
resemblance to several UML models [9].
Similar to use-case diagrams, it shows how
actors (patient, researcher, health ministry)
are related to different use cases of the EMR
system. Similar to collaboration diagrams,
it shows the relationships and some of the
messages flowing between objects collaborating to perform a particular task (e.g., care
providers from the district hospital can use
a secured connection to access patients’
data stored in the EMR via a server). The
use of standard models with their rich constructs and available user manuals and
guides could help in conceptualizing and
understanding the structure and communication of the system to a greater detail. Use of CASE tools could establish consistency of the specification and, if desired,
could help migrate the specification into
implementation code.
While developing the pharmaceutical
validation and alert CDSS [10], Boussadi
and colleagues realized that the standard
UP system development method that uses
standard UML diagrams was not enough to
support all modeling activities needed to
develop decision rules. Instead of using adhoc methods for that task, or focusing on
the decision rule modeling method without its relationship to the other steps involved in the system development life cycle,
the authors decided to adapt and extend the
standard UP method to their needs. In this
way, the modeling of the clinical logic is
done via a model that is integrated with
other system modeling methods within the
development methodology.
Using standard (or augmented) systems
development methodologies and modeling
methods has its benefits, but the drawback
is that they are not particularly tailored to
the domain of healthcare. Several research
groups have developed modeling languages
and development process for clinical
guideline-based DSS. Examples of such
modeling languages include Asbru, EON,
GLIF3, Guide, and PROforma [11]. These
modeling languages use conceptual models
that allow modelers to specify clinical
guidelines as task networks. Using such
models helps in conceptualizing clinical
guidelines as networks of clinical actions
and decisions that unfold over time, can
express clinical concepts, abstractions, and
relationships, and include patient information models that aid in linking the specified
guideline to EMR data. In addition, the
specifications of clinical guidelines in those
modeling languages are formal enough to
© Schattauer 2011
Methods Inf Med 1/2011
Downloaded from www.methods-online.com on 2012-06-25 | IP: 38.102.29.165
For personal or educational use only. No other uses without permission. All rights reserved.
9
10
Editorial
enable them to be computer-interpretable,
allowing their execution using guideline
execution engines that in some cases can
also link to EMRs to retrieve patient data.
Based on experience in modeling using
guideline modeling languages, several
groups have suggested methodologies for
developing the computer-interpretable
guideline specifications [12, 13]. However,
these methodologies, while focusing on the
guideline logic, do not cover the process of
eliciting the requirements and designing the
front-end of a CDSS, which interacts with
users and delivers advice based on the computer-interpretable guideline specification;
these steps that are essential for developing
CDDS are best supported by existing standard system development methodologies
and modeling methods [14].
References
1. Heeks R. Health information systems: Failure, success and improvisation. Int J Med Inform 2006; 75:
125–137.
2. Hoffer JA, George JF, Valacich JS. Modern Systems
Analysis and Design. 4th edition. Addison-Wesley;
2005.
3. Boehm B. Software Engineering Economics. Englewood Cliffs, NJ: Prentice-Hall; 1981.
4. Osheroff JA, Pifer EA, Sittig DF, Jenders RA, Teich
JM. Clinical Decision Support Implementers’
Workbook. Chicago: Healthcare Information and
Management Systems Society; 2004.
5. Chen P. The Entity Relationship Model: Toward a
Unified View of Data. ACM Transactions on Database Systems 1976; 1: 9–36.
6. Kouematchoua Tchuitcheu G, Rienhoff O. Options
for Diabetes Management in Sub-Saharan Africa
with an Electronic Medical Record System. Methods Inf Med 2011; 50 (1): 11– 22.
7. Initiative BPM. Business Process Modeling Notation (BPMN) Version 1.0. 2004. http://www.
bpmi.org/downloads/BPMN-V1.0.pdf
8. Oschem M, Mahler V, Prokosch HU. Objectifying
User Critique – A Means of Continuous Quality
Assurance for Physician Discharge Letter Composition. Methods Inf Med 2011; 50 (1): 23 –35.
9. Booch G, Rumbaugh J, Jacobson I. The Unified
Modeling Language User Guide. Addison-Wesley
Longman, Inc.; 1998.
10. Boussadi A, Bousquet C, Sabatier B, Caruba T,
Durieux P, Degoulet P. A Business Rules Design Framework for a Pharmaceutical vVlidation
and Alert System. Methods Inf Med 2011; 50 (1):
36–50.
11. Peleg M, Tu SW, Bury J, Ciccarese P, Fox J, Greenes
RA, et al. Comparing Computer-Interpretable
Guideline Models: A Case-Study Approach. J Am
Med Inform Assoc 2003; 10 (1): 52–68.
12. Shalom E, Shahar Y, Lunenfeld E, Taieb-Maimon M,
Young O, Goren-Bar D, et al. The Importance of
Creating an Ontology-Specific Consensus Before a
Markup-Based Specification of Clinical Guidelines.
In: Proceedings of the biennial European Conference on Artificial Intelligence (ECAI). Riva del
Garda, Italy; 2006.
13. Peleg M, Wang D, Fodor A, Keren S, Karnieli E.
Lessons learned from adapting a generic narrative
diabetic-foot guideline to an institutional decisionsupport system. In: ten Teije A, Miksch S, Lucas P,
editors. Computer-based Medical Guidelines and
Protocols: A Primer and Current Trends. Stud
Health Technol Inform 2008; 139: 243–252.
14. Peleg M, Shachak A, Wang D, Karnieli E. Using
multi-perspective methodologies to study user interactions with the front-end of a guideline-based
decision-support system for diabetic-foot care. Int J
Med Inform 2009; 78 (7): 482–493.
Methods Inf Med 1/2011
© Schattauer 2011
Downloaded from www.methods-online.com on 2012-06-25 | IP: 38.102.29.165
For personal or educational use only. No other uses without permission. All rights reserved.
INFORMATION SYSTEMS
Ransomware in Hospitals: What Providers
Will Inevitably Face When Attacked
Bruno Kelpsas* and Adam Nelson†
The healthcare industry is the #1 industry targeted by attackers. It is imperative
for organizations to reevaluate the way they approach cybersecurity, rather than
resting on their laurels in what is currently seen as the “new normal” security
mindset. Currently, the industry is responding to compromises on a reactive
basis, much like the way in which the financial services industry simply replaces
consumers’ credit cards after a retail breach, such as the recent attacks on Target
and Home Depot. This security mindset is predicated on a lack of enforcement,
the absence of appropriate penalties, and a culture of risk mitigation. Due to this
attitude of acceptance, patients are consistently at risk of having their personally
identifiable information compromised. To reset how healthcare organizations
think about cybersecurity, measures must be taken proactively to protect businesses against impending attacks. Otherwise, breaches are likely to continue
until stricter enforcements and penalties are put in place for healthcare companies and stakeholders.
*Director of Cloud Healthcare for NTT
DATA. †Vice President of HealthCare
and Life Sciences for NTT DATA.
Copyright © 2016 by
Greenbranch Publishing LLC.
KEY WORDS: Cybersecurity; ransomware; healthcare; CryptoLocker; CryptoWall;
healthcare cybersecurity.
O
ne Friday, Sally, a member of a local hospital’s
finance team, received an overdue billing statement from a Salesforce.com e-mail. Because
it is the end of the month, she considered this
e-mail a routine part of billing and reporting. Sally opened
the e-mail, as well as the attached contract in Word format.
Suddenly, the screen of Sally’s monitor turned to a red
warning screen..
Sally froze. She had heard about cyber threats in training, but in a Salesforce.com billing statement? Who would
be as sophisticated as that? Sally immediately picked up
the phone and called the IT department.
Too late.
Sally had just experienced a highly advanced cybersecurity breach known as ransomware—this one specifically
referred to as CryptoWall (CW). In the following moments,
Sally, IT, hospital executives, nurses, doctors, and patients
would discover that valuable database files had been
locked. Because of the threat to hospital operations and the
emergency department, patients were moved to another
physical facility for care.
Typically, the only way for the hospital to regain access
to its information is to pay the hacking agent a requested
fee using Bitcoin. Directors of the hospital Board are now
faced with the decision: Pay or don’t pay?
According to the regular cyber threat reporting of NTT
Group, a global solutions company that provides next-generation managed security services, ransomware recently accounted for 30% of malware activity. The ransomware Sally
encountered, CW, accounted for nearly half of the reported
ransomware attacks from June to November 2015.1 During
January 2016, Solutionary has already observed nearly 3,100
possible CW infections, all sourcing from the United States.2
Such CW emails come in the disguised form of Salesforce.
com or even official IRS e-mails during tax periods.
Healthcare providers are
discovering they are a soft
target for highly sophisticated
cybercriminals.
Healthcare providers are discovering they are a soft
target for highly sophisticated cybercriminals. It is nearly
impossible for ransomware victims to crack a hacker’s
www.greenbranch.com | 800-933-3711
67
68   Medical Practice Management
| July/August 2016
crypto keys. The FBI is even on record advising ransomware victims to just pay.
A very similar case to Sally’s situation occurred recently,
on February 5, 2016, at Hollywood Presbyterian Hospital.
An original ransom of $3.4 million was whittled down to
$17,000.3 This is not unusual. Typically, the ransom team
wants a quick payday. They will even provide customer
service by offering the crypto keys to a couple of locked files
to show goodwill. One estimate quoted by the head of the
Federal Trade Commission (FTC) indicated more than $27
million was paid in the first two months after CryptoLocker
ransomware was released, with many of the individual payments ultimately being less than $1000.4
The most recent ransomware attack took place on
March 28, 2016, with MedStar Health, a Washington,
DC–based hospital chain. Prior to this attack, three other
hospitals—Methodist Hospital in Henderson, Kentucky,
Chino Valley Medical Center and Desert Valley Hospital in
California—were held by ransomware around March 23.5
YOU’VE BECOME A VICTIM OF
RANSOMWARE: WHAT’S NEXT?
Now, back to Sally and her hospital’s Board of Directors.
All board members have gathered in a large conference
room, and the burning question they face now is: Should
they pay? Does the Board have options? Simply put: Yes.
If the hospital has been
preemptive in its security
planning, it can refuse to pay.
As long as the hospital has been preemptive in its security planning, it can refuse to pay. Has the IT team created
appropriate backups of databases and storage? Is there
already a business continuity plan in place in case of such
situations? A robust disaster recovery plan would include
several alternatives. Are other security controls, especially
monitoring, threat intelligence, and incident response,
hardened to ensure the current ransomware risk is isolated? If encryption has been applied to network drives,
shares, and removable media, the hospital has increased
confidence that any outgoing data cannot be opened. Further, if the IT team has composed end-user privileges using
a segregation-of-duty model, that also will assist in isolating the threat. Furthermore, if the hospital does pay, it will
likely be added to a ransomware “payers list,” potentially
making this the first of many more incidents.
On the other hand, the hospital should pay if it has
a questionable backup and no business continuity. If
security controls are lacking, the hospital may be vulnerable in other IT domains. Basic security hygiene (e.g., application patches and updates) is another open door the
ransomware could already be violating or inviting other
hackers to join. Board members in the room are reminded
security controls should also include hardware. For example, recent Cisco, Juniper, and Fortinet updates and notices
around security vulnerabilities have been communicated
to customers. Does the hospital have physical devices from
any of these vendors? Of even greater concern are not just
IT devices but the “keep current” status of MRI scanners
and IV pumps. Those, too, can be used as backdoors for
hackers. Speaking of vendors, how current are the business associate agreements with third parties? The impact
on business costs can also be mitigated if the hospital has
appropriate cybersecurity insurance.
An organization’s Chief Information Officer (CIO)
and Chief Information Security Officer (CISO) must be
equipped to respond to these questions in case of an attack. This information will ultimately determine the final
decision.
GOVERNMENT ORGANIZATIONS
WILL TAKE NOTICE
Either way, the hospital needs to take swift action. A “war
room” should be created. Those attending should include
the obvious actors: CEO, CIO, CISO, IT Directors (Application, Data, Network), and the HIPAA lead for both federal
and state regulations. In addition, the hospital’s legal representative should be present, as well as a public relations
officer. A representative from the hospital’s insurance company should also be available, for two coverage reasons:
property and personal [patient] liability, and cybersecurity
insurance coverage. Another individual who should also be
considered for the war room is a representative from law
enforcement, such as the FBI.
As the operational key players in the war room weigh
their options, the Board of Directors must concern themselves with their governance mandate. They will have to
update their quarterly and annual reports with details
about the security incident and steps taken. Board members are not only fretting about HIPAA—there are now even
more well-funded Federal players overseeing the security
landscape: the Security and Exchange Commission (SEC)
and the FTC. Both are heavily staffed with legal teams,
budgets and legal authority. In contrast, their HIPAA counterpart, the Office for Civil Rights, has hardly even begun to
conduct audits.
A healthcare provider previously would not have considered the SEC a concern for security oversight. However,
the SEC is now requiring companies to disclose cyber risks
and material breaches. This agency is now providing guidance on how companies accurately report their security
disposition. Ignorance is no longer an excuse.
The FTC is also playing a more active role in protecting
consumers. In August 2015, the FTC’s case at the Third
www.greenbranch.com | 800-933-3711
Kelpsas and Nelson | Ransomware   69
Figure 1. Four pillars and three layers of cybersecurity preparedness. IR, incident response; IRP, incident
response plan; PHI, protected health information; SDLC, systems development life cycle; SLA, service level
agreement; SOPs, standard operating procedures.
Court of Appeals against Wyndham Worldwide Corporation proved Wyndham failed to uphold promised security
with a lack of firewalls and basic protections (United States
Court of Appeals for the Third Circuit, No. 14-3514; Federal
Trade Commission v. Wyndham Worldwide Corporation).
The FTC also plays a dominant role in federal government
action against cyber threats. Its Computer Crime and Intellectual Property Section (CCIPS) has 270 prosecutors
focused on high-tech crimes and espionage. Their involvement with last summer’s takedown of the global CryptoLocker ransomware scheme, known as Gameover ZeuS,
shows their ability to enforce policy.
Returning back to the war room: members have become
numb to the HIPAA “Wall of Shame.” What will now make
them sit up in their chairs is the possibility of the SEC and
FTC walking through the door. The SEC now expects full
transparency in reporting out to shareholders. Past disclosures will need to be examined by the Board. Regarding a
Form of Disclosure for the hospital’s ransomware incident,
a supplemental disclosure should be immediately crafted.
At minimum, the annual obligation is to disclose in the
SEC 10-K annual report material information about special
risks, followed by updates on previous disclosures. If the
hospital Board identifies the recent ransomware breach as
a major breach, an SEC 8-K special report should be filed
immediately to notify investors of specified events.
The FTC expects not only consumer protection, but also
some reporting of breaches to the CCIPS. The Caremark
claims litigation case provides a landmark legal precedent
in enforcing board governance of corporate controls (In
re Caremark International Inc. Derivative Litigation, 698
A.2d 959 (Del. Ch. 1996)). It stated the Board of Directors’
“duty of care” was negligent with internal controls, allowing employees to commit criminal offences. The Caremark
decision thus asserted that a Board of Directors has a duty
to ensure appropriate information and reporting systems
are in place to provide the Board and top management with
timely and accurate information.
HOW DO WE MOVE FORWARD?
As Board members craft a governance response, they will
also reevaluate their cybersecurity insurance. Yes, they can
foresee not only that their premiums will increase, but also
www.greenbranch.com | 800-933-3711
70   Medical Practice Management
| July/August 2016
that their ceiling of coverage will be lowered. They can now
only hope to prove to their insurance carrier they are taking
appropriate action to not be at risk again.
When Sally returns to work on Monday, she will most
likely come back to end-user security training, for herself
and the entire staff. She (and they) will have to keep up
with a global threat. RaaS (Ransomware-as-a-Service) is
as established as any private sector industry. Hackers can
sign up to a RaaS on the Dark Web. They are then provided
access to an affiliate console. There they can walk through
the process of receiving their ransomware exploit kit. They
will configure settings and campaigns of which targets they
would like to attack. There are even metrics on success
rates, installations, and how much ransom to demand.
Poor Sally. She is up against a global movement. There
is hope, though. By implementing a preemptive security
model, Sally’s hospital can harden its security surface area.
Sally’s training will also be critical. This is where leadership
from the Board of Directors becomes critical.
All organizations need a proactive and comprehensive
cybersecurity plan. However, although many operations
have the “right” plan and necessary hardware, software,
and processes in place, the reality is that many do not have
the time and resources to implement their response plan
and fulfill the necessary documentation requirements for
HIPAA, the SEC, and State regulations, in addition to ensuring business continuity. Therefore, to get started, healthcare
organizations must focus on the four pillars of security:
77 Governance risk and compliance;
77 Security monitoring and management;
77 Threat intelligence; and
77 Incident response.
Furthermore, organizations must layer their efforts
from basic responsiveness to advanced responsiveness,
and, finally, become preemptive. A variety of capabilities
exist within the four pillars and the three layers that should
be prioritized and preferably automated (Figure 1). It is
essential to enlist the right outside talent to conduct this
effort immediately. Finally, once this strategy is developed
and implemented, companies must conduct an internal
review and gauge where teams will align with internal
security: be out of the security business, own some of it, or
close the gaps. Ensure there is balance between managing
the unexpected and current resources.
In Sally’s case, after following this advice, the future of
the hospital’s security, brand and revenue is in the hands
of the Board of Directors. All has been laid out for them to
do. But will they do it?
Will decision-makers just respond to the breach and
return to business as usual? Will the Board commit the
appropriate funding and resources? Will Sally receive improved training?
The hackers downloading the next exploit kit off the
Dark Web are expecting that the hospital will not do any of
those things. ​Y
REFERENCES
1. Microsoft Malware Protection Center. Figure 2. [Crowti]. https://www.
microsoft.com/security/portal/mmpc/shared/ransomware.aspx.
2. Solutionary Security Threat Report-2016. https://www.solutionary.
com/threat-intelligence/threat-reports/monthly-threat-reports/
2016/01/security-threat-report-january-2016/.
3. Ragan S. Ransomware takes Hollywood hospital offline, $3.6M
demanded by attackers. CSO Magazine. February 14, 2016; http://
www.csoonline.com/article/3033160/security/ransomware-takeshollywood-hospital-offline-36m-demanded-by-attackers.html.
4. Assistant Attorney General Leslie R. Caldwell. Remarks at the Georgetown Cybersecurity Law Institute, Washington, DC. May 20, 2015;
https://www.justice.gov/opa/speech/assistant-attorney-generalleslie-r-caldwell-delivers-remarks-georgetown-cybersecurity.
5. Mannion C. Three U.S. Hospitals Hit in string of ransomware attacks.
NBC News. March 23, 2016; www.nbcnews.com/tech/security/
three-u-s-hospitals-hit-string-ransomware-attacks-n544366.
NEW!
A Field Guide to Physician Coding
THIRD EDITION
Order your copy today at
www.greenbranch.com or call (800) 933-3711
www.greenbranch.com | 800-933-3711
Reproduced with permission of the copyright owner. Further reproduction prohibited without
permission.
Perspectives From Nurse Leaders
and Chief Information Officers
on Health Information Technology
Implementation
STEVEN SZYDLOWSKI and CHRISTINA SMITH
Abstract. To enhance the limited empirical evidence in the
literature, the authors developed new knowledge and information on the basis of implementation experiences (e.g.,
strategic planning, goals, outcomes, barriers, mistakes) of
hospital executives with actual health information technology
(HIT). The authors asked why hospital leaders implement
HIT and how they do so, and then applied the answers to
the theoretical framework of change management and leadership. The authors accomplished this through a qualitative
research study design. Various employees from different levels
of the organizational chart provide their perspectives, allowing the authors to examine internal trends related to HIT.
The authors examined external trends through a comparative
analysis of healthcare markets.
may seem minimal. However, the term medical
mistake implies that the death could have been
prevented. It is clear that 44,000–98,000 preventable deaths is an unacceptable number. At present, a solution advocated by the IOM to decrease
preventable medical errors is to increase the use of
HIT(IOM 1999).
Importance of Research
Healthcare technology and information systems are
defined as technology “used within a healthcare
organization to facilitate communication, integrate information, document healthcare interventions, perform record keeping, or otherwise support the functions of the organization” (Shortliffe
and Perreault 2001, 774). This technology has had
a positive impact on the delivery of healthcare in
a number of ways. Overall, HITs provide clinical
support services, aid in medical decision making,
increase an organization’s quality of patient care,
and reduce medical errors. Specifically, technology
such as a physician order-entry system also can
increase timeliness and efficiency by providing a
faster turnaround for tests and medication orders
(Weir et al. 2000) and can enhance patient safety
through built-in alarms and warnings. Furthermore, patient electronic medical records (EMR)
can increase communication and interoperability
Keywords: change leadership, change management, health
information technology, implementation
I
n 1999, the Institute of Medicine (IOM) published the report “To Err Is Human” in which
IOM examined ways to decrease medical errors
and enhance patient safety. That report initiated a
period of increased attention to patient safety and
health information technology (HIT). To prepare
this influential report, the IOM conducted studies in 1997 that indicated that of the 33.6 million
people admitted to hospitals in the United States,
44,000–98,000 people died as a result of medical
mistakes (IOM 1999, 26). In comparison with
the number of admissions, 44,000–98,000 deaths
Steven Szydlowski, DHA, is an assistant professor in the Department of Health Administration and Human Resources at the
University of Scranton. He serves as program director for the graduate human resource management program and researches
integrative medicine and leadership. Christina Smith is a graduate student in the master of health administration program at the
University of Scranton and researches leadership impact on achieving strategic hospital goals.
Copyright © 2008 Heldref Publications
3
4
Vol. 87, no. 1 Winter 2009
among medical facilities, expand consumers’ knowledge and responsibility for their own
healthcare needs, and establish standardization
within the healthcare industry.
According to Travers and Downs (2000), HIT
systems improve “the way information is collected,
stored, retrieved and processed by clinicians” (1).
Even the federal government of the United States
has noticed the issue of HIT, thus stressing its
importance. President G. W. Bush mandated a
push toward the automation of the healthcare
industry within the next 10 years. As a result, the
president recently established the Office of the
National Coordinator for Health Information
Technology, which falls under the Department
of Health and Human Services, to facilitate this
change (Travers and Downs).
Literature Review and Theoretical Perspective
Some people may ask, “What is the trick to
obtaining the benefits of HIT?” In response, we
state that individuals must primarily recognize that
the benefits of HIT depend on successful systematic implementation. It is not uncommon to see
an organization spend large amounts of money on
HIT systems and fail to implement them because
of poor change leadership. Thus, numerous theorists and researchers have devised theories and
processes on how to best manage HIT implementation in a healthcare organization.
Kotter (1998) stated, “all institutions need effective leadership, but nowhere is the need greater
than in the organization seeking to transform itself ”
(5–6). From this premise, Kotter formulated an
eight-stage change process, which he found to be
effective when applied to the implementation of
technology in a healthcare setting. The steps in this
change process are to (1) establish a sense of urgency, (2) form a powerful guiding coalition, (3) create
a vision, (4) communicate the vision, (5) empower
others to act on the vision, (6) plan for and create
short-term wins, (7) consolidate improvements and
produce still more change, and (8) institutionalize
new approaches (Kotter 1998, 6).
Kotter wrote, “no organization today—large or
small, local or global—is immune to change”
(1998, 1). This statement is true particularly in
society today, when technology advances daily. Relative to his eight-stage change process, Kotter identified common mistakes that managers make during
implementation. “Producing change is about 80
percent leadership—establishing direction, aligning,
motivating, and inspiring people—and about 20
percent management—planning, budgeting, organizing, and problem solving” (1998, 7).
Other researchers have reported theories with
ideas similar to those of Kotter. In the article “Four
Fs Equal A+,” Blair (2005) interviewed Brian
Dieter, vice president and chief financial officer
(CFO) at Mary Greeley Medical Center (MGMC)
in Ames, Iowa. Dieter provided tips on the basis
of the implementation experiences in his hospital.
Among this list of tips, he included the following
advice: (1) purchase from a single-source vendor to
ensure that every piece of equipment in the hospital coincides, (2) hire an in-house consultant, (3)
participate in demos, and (4) acquire the support
of the hospital’s staff. Still, the two most essential
points of Dieter’s advice are to (1) conduct site visits to other facilities that use the same equipment
and (2) engage in extensive training (Blair 2005).
Conducting site visits is crucial because implementing technology should not be a leap of faith.
Information systems are too expensive to be used
blindly. Therefore, hospital administrators should
do their research to see how products are used.
Then, the final purchase should be the result of an
educated decision. With regard to training, Blair
quoted Dieter as saying, “there is no such thing as
too much training” (Blair 2005, 3). He was absolutely correct. The installation of new technology
systems within a hospital is a change that affects
many and sometimes all departments. Thus, training must be a comprehensive effort.
Blair (2005) reported on Dieter’s model, called
the Four Fs Systems. Hospital administrators use
this model to support HIT purchase decisions.
The Four Fs—functionality, fit, future, and
finance—must all be used when deciding to purchase information technology (IT) systems. Making a purchase decision and implementation are
long processes, taking extensive time and effort.
However, if reasoned and well prepared, purchasing and implementing HIT pay off in the end. In
the conclusion of his interview, Dieter said,
Getting it right isn’t a matter of luck or timing.
There are numerous ways that IT-related transformations can go wrong, and maybe a dozen
ways that they can succeed. Mary Greeley Medical
Center secured its present and positioned itself
for the future with an intense focus on its Four
Fs approach, supported by planning, unceasing
concern for patients’ well-being and a zeal for
employee participation. May the fruits of their
labor be sweet. (Blair 2005, 3)
5
HOSPITAL TOPICS: Research and Perspectives on Healthcare
Krizner (2004) provided another theoretical
perspective by identifying four crucial steps that
are necessary for successful HIT implementation.
These four steps are to (1) develop a vision to
which the entire organization can be committed,
(2) monitor the change process and review the
strategic plan, (3) empower employees, and (4)
instill communication and feedback. In accord
with the aforementioned theories, hospital administrators must take all four steps to achieve successful implementation (Krizner).
Glaser (2005) believed that HIT implementation failure is often the result of the “actions and
inactions of senior leadership” (1). Glaser focused
on five factors that lead to HIT implementation
failure. These factors are (1) failure to respect
uncertainty, (2) undernourished initiatives, (3)
failure to anticipate short-term disruptions, (4)
invisible progress, and (5) disregard for the stability and maturity of the technology (Glaser).
Glaser also included a list of recommendations to
help healthcare organizations reduce the risk of
failure. Some of these recommendations include
ensuring that IT initiatives have clear objectives, communicating regularly, publicly demonstrating your conviction, showing determination
through tough decisions, creating or changing
the reward system to provide a participation
incentive for implementation success, accepting
and welcoming debate, not discouraging bad
news, understanding that people make mistakes,
realizing that you do not know everything about
organizational change, using the best resources
and staff, and limiting the duration and depth of
short-term disruption.
The theories outlined previously provide a solid
foundation for the beginning stages of HIT implementation. They present ideal implementation
methods, tips on how to successfully manage
change in a healthcare organization, ways to
reduce the risk of implementation failure, and
so forth. However, with the increased use of IT
in the healthcare sector, extensive empirical data
pertaining specifically to real-life implementation
methods, change management tactics, and systematic effects on the organization are increasingly
beneficial. As the health industry becomes more
competitive, and the need for operational efficiencies is critical for success in times of continued
reimbursement cuts and costs increases, hospital
executives are assessing and using HIT as an
instrument to achieve these goals. The successful
implementation of HIT systems is complex. Theoretical information, such as the information in the
present literature review, is available regarding the
topic of change leadership in the implementation
of HIT. Given the knowledge of implementation
theories, processes, and models that are readily
available, we try to help the field by expanding its
knowledge of HIT implementation.
Method
In this study, our purpose was to examine the
trends of healthcare leadership and management
with regard to implementation and management of
IT in the hospital setting. In this article, to enhance
the limited empirical evidence in the literature,
we develop new knowledge and information on
the basis of hospital executives’ actual HIT implementation experiences (e.g., strategic planning,
goals, outcomes, barriers, mistakes). We addressed
research questions in the theoretical framework of
change management, leadership, and management.
We accomplished this investigation through a qualitative research study design and examined internal
trends through the perspectives of various employees from different levels of the organizational chart.
We analyzed external trends through a comparative
analysis of healthcare markets.
We designed this research study to answer the
following two questions by achieving the outlined
objectives for each question.
Hypothesis 1 (H1): Why do hospitals use HIT?
Objective a: Explain barriers and opportunities
with the use of HIT.
Objective b: Describe the case study interviews
of the hospital chief information officers (CIOs)
and nurse managers.
Objective c: Describe the perspectives of CIOs
versus nurse managers.
Objective d: Explain why some hospitals are
more integrated with HIT.
Objective e: Evaluate implications for stakeholders.
H2: How do health executives manage and lead
the integration of HIT to improve health system
efficiency?
Objective a: Identify barriers to HIT implementation.
Objective b: Analyze practical strategies to overcome barriers.
Objective c: Apply those strategies at other hospitals.
We met these objectives by interviewing CIOs
and nurse managers from local hospitals. This
6
Vol. 87, no. 1 Winter 2009
study used a convenience sample of general acute
care community hospitals in Lackawanna and
Luzerne Counties serving the Northeastern Pennsylvania region. We anticipated that 10 hospitals
would participate (hospitals A–J, respectively);
however, only 6 hospitals participated because
of organizational restructuring, a merger, or a
hospital acquisition. Therefore, we conducted 12
qualitative interviews in total. The participating
hospitals ranged in size from 40 licensed beds to
317 licensed beds. A brief summary of the demographics of Lackawanna and Luzerne Counties is
in Table 1 (PA Department of Health, Bureau of
Health Statistics and Research 2005a, 2005b). We
took the following steps to conduct this research:
11. Mailed findings to interviewees and had interviewees review them for accuracy of report.
12. Made minor modifications.
13. Submitted findings for publication by both
researchers.
1. Obtained volunteer commitment by hospital
CIO or equivalent and nurse managers.
2. Prepared informed consent and statement of
privacy forms.
3. Prepared standard scripted questions for interview.
4. Submitted a proposal to the University of
Scranton Departmental Review Board and
Institutional Review Board for approval.
5. Conducted individual phone interviews with
nurse manager and CIO, using one interviewer, with each interview being 1–1.5 hr long
(and tape-recorded for qualitative reliability
and validity).
6. Conducted debriefing sessions between interviewers and kept notes and transcripts in a
secure area.
7. Examined hospital documents, organizational
chart, and other materials.
8. Organized case study database.
9. Recorded summative findings in report format.
10. Compared and related sample with national
characteristics.
Participating hospitals used HIT for a variety
of reasons, as we show in Appendix A. In an
industry with constant change and increasing
emphasis on external forecasting for anticipated
change, the margin for internal inefficiencies has
become slim. As a result, administrative and clinical leaders have become more dependent on HIT
to achieve operational efficiencies. CIOs or their
equivalents have suggested that successful HIT
implementation allows them to focus more on
external adaptation. Although the results of this
study did not support this concept as a common
thought of nurse leaders, both CIOs and nurse
leaders believed that data integration could lead
to better clinical performance and decision making. Among the nurse leaders, data integration was
commonly defined as a timelier, accurate way to
access patient information, which can be used in
clinical decision making. The definition was also
common among CIOs. However, CIOs added to
this definition by suggesting that data integration
includes both clinical and financial data that can
be used in hospital decision making.
Results
We conducted this study on the basis of two primary research questions—described in the Method section—each of which provided noteworthy
results. The significant findings are organized
according to these two primary research issues and
are outlined in the Appendixes.
Use of IT Systems
TABLE 1. Study Demographic Data
Variable
Population (2003)
Male
Female
Median age of population (2003)
% population age 65 and over (2003)
% population with income below poverty line (2001)
Per capita personal income ($; 2003)
% labor force unemployed (2004)
% population eligible for medical assistance (2004)
Lackawanna County
Luzerne County
210,458
99,347
111,111
40.6
18.8
10.2
28,986
6.0
13.9
313,528
151,675
161,853
41.4
19.0
10.3
28,026
6.8
14.5
7
HOSPITAL TOPICS: Research and Perspectives on Healthcare
Although CIOs prioritized HIT use for improved
clinical performance, they also recognized the
value of successful HIT implementation as a longterm return on investment. The initial cost of HIT
equipment, software, training, and system integration is substantial and burdensome. But CIOs
recognized the future cost savings from efficiencies, revenue enhancement from more aligned coding of medical information with billing, reduced
claims denials, more accessible and timely clinical
data that reduces medical errors, and more accurate understanding of service line profitability.
CIOs suggested that if implementation achieves
its predicted integration timeline in the hospital
and is effective, the benefits far outweigh the initial
cost. However, we identify some barriers that can
increase initial cost.
CIOs suggested that the higher level of HIT
implementation could lead to a competitive advantage. Higher levels of HIT implementation produce more timely and comprehensive clinical and
financial reports for decision making, the ability to
more rapidly benchmark clinical performance and
improve protocols for better patient outcomes, and
improved overall quality of care. The nurse leaders
also supported the belief that effective HIT implementation can lead to improved patient outcomes
and quality of care that improve patient satisfaction. Both CIOs and nurse leaders suggested that
higher levels of HIT implementation and use in a
hospital could attract a superior pool of physicians
and specialists admitting patients into the hospital.
The hospital could obtain a competitive advantage
by satisfying patients and attracting high-quality
physicians who refer patients to the hospital. However, hospital executives need to make sure that
referring physicians are familiar and comfortable
with higher levels of HIT, as several of the CIO
interviewees noted.
A few of the CIOs identified the value of HIT
in merger processes. Recent talks on hospital
mergers in the Northeastern Pennsylvania service
area had CIOs assess the ability for cross integration of diverse HIT systems and data sets. HIT
systems can help with the due-diligence process by
obtaining clinical and financial reports for boards
of directors, consultants, legal advisors, and other
key stakeholders in a merger. However, CIO interviewees perceived varying hardware and software
systems with differing organizational policies and
processes regarding HIT use as a real challenge.
Health Executives and HIT Implementation
Appendix B outlines common themes mentioned by participants about how health executives manage and lead integration of HIT to
improve system efficiency. We note that of the
seven common themes of how health executives
integrate HIT to improve hospital efficiency, six
were considered as manager roles, and only one
was identified as a leader role. Both CIOs and
nurse leaders thought that chief executive officer
(CEO) leadership and support of the HIT process
increase the probability of efficient and effective
HIT implementation. Also, both CIOs and nurse
leaders thought that the remaining six themes are
functions of a manager and activities that are more
transactional than transformational.
Barriers to HIT Implementation
From the significant findings, we recognized a
number of barriers to HIT implementation. Both
CIOs and nurse managers identified barriers, all of
which correlated and some of which overlapped.
These barriers are represented in Table 2.
Discussion and Research Implications
We can infer several conclusions and possible
implications on the basis of the study’s findings.
For HIT implementation to be a success, the following factors must be changed or addressed in
the hospital: (1) interdepartmental collaboration
TABLE 2. Perceived Barriers to Health Information Technology (HIT)
Barriers perceived by the
chief information officer
Barriers perceived by the
nurse managers
Not properly managing expectations of HIT
Not enough basic information technology (IT) education
Time demands of training on the end users
Staff literacy with basic software packages
Resource shortages
Poor communication and leadership
Not enough basic IT education
Time demands of training on the end users
Staff literacy with basic software packages
Staff shortages
8
Vol. 87, no. 1 Winter 2009
for HIT implementation, (2) changes in HIT
implementation, (3) balancing clinical time with
HIT training, (4) engaging employees in personal
HIT interest, (5) having a shared vision of HIT
impact on future health, and (6) communication
techniques in HIT implementation.
The research findings from this study support
the need for the management functions of planning, organizing, controlling, evaluating, and staffing. Hospital executives in this study were able to
implement HIT by addressing factors and issues
that are transactional and more associated with
functions of the manager. They have also faced
barriers to successful HIT integration because
of an inability to assess true training needs and
provide the appropriate training, and because of
resource and staffing constraints.
However, further investigation of the underestimated role of transformational leadership may lead
to true buy-in throughout all levels of the hospitals. Leaders can and should impact the enabling
or disenabling managers to perform their functions
in the task of HIT implementation. We hypothesize that major HIT implementation requires
consistent, persistent leadership involvement from
start to full integration. Our research reinforces
the importance of communication for managers
and leaders. Expected HIT end-users, physicians,
and all employees need to be fully informed on
the purpose, process, timeline, and benefits of
the HIT implementation and the process’s buyin from start to finish. Consistent feedback by
employees and administration is necessary through
basic management functions with overarching true
support by senior executives.
This research also suggests that hospitals often
invest in HIT but have not appropriately assessed
the basic computer and software skill set necessary
for nurses and HIT users. We suggest that further
research is needed to identify potential cost savings
by ensuring that necessary computer skills sets and
training are provided for HIT users prior to full
training by vendors on the new HIT system. Both
CIOs and nurse leaders recognized the need for
improved staff computer literacy and basic HIT
education prior to investment in high-cost training
by vendors.
Future researchers could also better answer questions about the preparation, resources, and time
necessary to successfully implement HIT. Both
interviewee groups identified resource shortages as
a barrier to successful implementation. In specific,
nurse managers identified HIT implementation
as extra work on top of an already overbearing
workload on the hospital floors dealing with direct
patient care, medical documentation, and other
nursing-related duties. Further research is needed
to look at the intensity of CEO commitment to
HIT implementation as it impacts availability of
resources necessary for success.
In this article, we depicted a sound understanding of HIT implementation issues and the challenges faced by both CIOs and nurse managers in
Northeastern Pennsylvania. However, we recognize
that the sample of participating hospitals was narrow. Therefore, we suggest that it would benefit the
healthcare industry if future researchers conducted
a similar study with a broader, national sample, by
which they could examine a more comprehensive
picture of implementation trends and issues.
Conclusion
In sum, change theory can lead to more efficient
and effective HIT implementation. If managers
implement HIT on hospital floors without (1)
establishing a sense of urgency; (2) a computerliterate end-user coalition; (3) a communicated
vision of the rewards of HIT implementation,
buy-in throughout the hospital, and stories about
the short-term success of consolidation, and (4 )
institutionalized HIT approaches to obtaining
clinical and business information for decision
making, the leaders are setting up their management team and clinical end-users for a long,
energy-absorbing, inefficient process that can lead
to loss of employee commitment and decreased
return on investment. Therefore, to experience all
of the benefits that HIT can provide, we recommend that hospital managers use change theory
processes when implementing IT.
REFERENCES
Blair, R. 2005. Four Fs equal A+. Health Management Technology 26 (3): 34–35.
Glaser, J. 2005. More on management’s role in IT project failures. Healthcare Financial Management 59 (1): 82–84.
Institute of Medicine (IOM). 1999. To err is human: Building a
safer health system. Washington, DC: National Academy Press.
Kotter, J. P. 1998. Winning at change. Leader to Leader 10
(Fall): 27–33.
Krizner, K. 2004. Clinical transformation initiative starts with a
total vision. Managed Healthcare Executive 14 (10): 54–55.
PA Department of Health, Bureau of Health Statistics
and Research. (2005a). Lackawanna County health profile
2005. Harrisburg, PA: Author. http://www.dsf.health.state.
pa.us/health/lib/health/countyprofiles/2005/lackawanna
.pdf (accessed March 15, 2006).
9
HOSPITAL TOPICS: Research and Perspectives on Healthcare
———. (2005b). Luzerne County health profile 2005. Harrisburg, PA: Author. http://www.dsf.health.state.pa.us/health/
lib/health/countyprofiles/2005/luzerne.pdf (accessed
March 15, 2006).
Shortliffe, E. H., and L. E. Perreault, eds. 2001. Medical informatics: Computer applications in health care and biomedicine.
New York: Springer.
Travers, D. A., and S. M. Downs. 2000. Comparing user
acceptance of a computer system in two pediatric offices:
A qualitative study. Paper presented at the American Medical Informatics Association 2000 Annual Symposium, San
Diego, CA. http://medicine.ucsd.edu/F2000/E001400.
htm (accessed March 19, 2005).
Weir, C. R., R. Crockett, S. Gohlinghorst, and C. McCarthy.
2000. Assessing the implementation process.Paper presented
at the American Medical Informatics Association 2000
Annual Symposium, San Diego, CA. http://medicine.ucsd
.edu/F2000/E001400.htm (accessed March 19, 2005).
APPENDIX A
Question 1
APPENDIX B
Question 2
Why do hospitals use health information technology
(HIT)?
• Need to achieve operational efficiencies
• Data integration
• Long-term return on investment
• Business purposes more than clinical purposes
• Competitive advantage
• Mergers
• Quality of care
• Cost efficiency
How do health executives manage and lead integration
of health information technology (HIT) to improve
health system efficiency?
• CEO leadership
• Capital allocation as a percentage of total operations
budget
• Vendor support and education
• Steering committees
• Internal HIT training
• Information technology (IT) implementation
• IT evaluation
� ��� � ���� � ��� ��� �� � �
� ��� �� � � ��� �� � � �� � �� � �
�������������������������������������������������������������������������������������������������������
�������������������������������������������������������������������������������������������������
����������������������������������������������������������������������������������������������������
�������������������������������������������������������������������������������������������
��������������������������������������������������������������������������������������������������
�������������������������������������������������������������������������������������������������
�������������������������������������������������������������������������
�������������������������
����������������������������������
��������������������������������������������������
������������������������������������������������������������������������
������������������������������������
������ ������� � ������
��� � ��� ������
� �� ��������� ��� ����������
��� ������������� � � ��� ������������
�������������� ����������������
���������������
�����������������
��������������������
������������������������������������������������
NURS 8210: Transforming Nursing and Healthcare
Through Technology
Week 4: System Development Life Cycle
“He who fails to plan, plans to fail.” — Proverb
Whether you are building a house, buying a new software
program, or going on vacation, a carefully considered plan
may encourage a positive outcome. In health care,
planning for the adoption and integration of health
information technology systems requires research,
analysis, communication, and collaboration. During the
planning phase, those leading a health information
technology system project must evaluate potential
problems related to patient needs, staff workloads, and
costs, among other things. Planning frameworks can
assist leaders with this task.
This week, you examine a popular planning framework—
the Systems Development Life Cycle (SDLC)—as you
begin your Major Assessment for this course: investigating
a health information technology system or health
information application. You also explore how leaders
facilitate the implementation of HIT projects and consider
strategies for garnering support from key stakeholders and
decision makers.
Learning Objectives
Students will:
•
Analyze how HIT projects are identified and moved
forward within an organization
•
•
Evaluate the impact of leaders and key decision makers
on implementing HIT projects within an organization
Critically analyze the development and implementation
of a health information technology system or application /li>
Learning Resources
Note: To access this week’s required library resources, please
click on the link to the Course Readings List, found in
the Course Materials section of your Syllabus.
Required Readings
Course Text: Ball, M. J., Douglas, J. V., Hinton Walker, P.,
DuLong, D., Gugerty, B., Hannah, K. J., . . . Troseth, M. R. (Eds.)
(2011). Nursing informatics: Where technology and caring
meet (4th ed.). London, England: Springer-Verlag.
• Chapter 17, “Disruptive Innovation: Point of Care”
This chapter uses real-world integration examples to
illustrate the visions and challenges that characterize Smart
Point of Care systems.
Course Text: American Nurses Association. (2008). Nursing
informatics: Scope and standards of practice. Silver Spring,
MD: Author.
• “Standards of Nursing Informatics Practice” (pp. 67-79)
This excerpt presents the specific measurement criteria
found within each nursing informatics standard.
Madsen, M. (2010). Knowledge and information
modeling. Studies in Health Technology & Informatics, 151,
84-103.
Within this article, the overall design models of
information systems are linked to the
metastructures, data, information, knowledge,
and wisdom.
Peleg, M. (2011). The role of modeling in clinical information
system development life cycle. Methods of Information in
Medicine, 50(1), 7-10.
The author of this article discusses the role of conceptual
modeling in health information technology systems and how
it has been an effective component of system development.
Philip, A., Afolabi, B., Adeniran, O., Oluwatolani, O., & Ishaya,
G. (2010). Towards an efficient information systems
development process and management: A review of
challenges and proposed strategies. Journal of Software
Engineering & Applications, 3, 983-989.
This article examines the phases and
methodologies found within the Systems
Development Life Cycle (SDLC), and proposes a
framework for establishing the crucial roles that
participants must play during the SDLC.
Szydlowski, S., & Smith, C. (2009). Perspectives from nurse
leaders and chief information officers on health information
technology implementation. Hospital Topics, 87(1), 3-9.
Required Media
Laureate Education, Inc. (Executive Producer). (2011).
Transforming nursing and healthcare through technology:
Systems analysis. Baltimore, MD: Author.
Note: The approximate length of this media piece is 11
minutes.
The presenters in this week’s media presentation outline the
stages involved when implementing a new technology
system..
Accessible player
Optional Resources
Burgess, L., & Sargent, J. (2007). Enhancing user acceptance
of mandated mobile health information systems: The ePOC
(electronic Point-Of-Care Project) experience. Studies in
Health Technology and Informatics, 129(Pt 2), 1088-1092.
Discussion: Welcome to the Week 4
Discussion area!
Post your responses to the Discussion based on the course
requirements.
Your Discussion postings should be written in standard
edited English and follow APA guidelines as closely as
possible given the constraints of the online platform. Be sure
to support your work with specific citations from this week’s
Learning Resources and additional scholarly sources as
appropriate. Refer to the Essential Guide to APA Style for
Walden Students to ensure your in-text citations and
reference list are correct. Initial postings must be 250–350
words (not including references).
Submission and Grading Information
Grading Criteria
To access your rubric:
Week 4 Discussion Rubric
Post by Day 3 and Respond by Day 6
To participate in this Discussion:
Week 4 Discussion
Week 9 Assignment: Health Information
Technology Project [Major Assessment 5]
In previous Discussions and Applications, you have explored
various aspects of health information technology systems:
the historic development of HIT, how data flows across HIT
systems, and standards and interoperability requirements
including specific terminologies used in your practice
setting. In this Application Assignment, you will have the
opportunity to further develop your analysis skills by closely
examining the implementation of a health information
technology system. As a doctorally prepared nurse, you may
find yourself in the position of leading a HIT project team; to
be an effective leader and move health information
technology projects forward in your organization, you must
be able to logically and critically analyze the many aspects
•
o
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
and challenges of implementing such a system and then
present your insights in a succinct and professional manner.
This exercise provides an opportunity to hone those skills.
Carefully review the project requirements below and plan
your time accordingly. Be sure to refer to the standards of
nursing informatics practice as you develop this Application,
which serves as your Major Assessment for this course.
To prepare:
Investigate a health information technology system or
health information technology application in your area of
interest. The health information technology
system/application may be in any setting where health care
information is developed or managed. You may choose your
system or application from any organization or virtual
environment.
Examples of health information technology
systems or health information technology applications that
are acceptable include but are not limited to:
Consumer health applications
Clinical information systems
Electronic medical record (EMR) systems in
hospitals or provider offices
Home health care applications
School health applications
Patient portal/personal health record
Public health information systems
Telehealth (i.e., from facility to home)
Simulation laboratories
Health care informatics research and
development centers
•
•
•
•
Discuss your proposed health information technology
system/application with your Instructor before proceeding
with your final selection. You may visit a health care
organization in person or virtually in order to make your
final choice about the health information technology system
or health information technology application of interest.
Choose the best strategy to gain information about your
selected information technology system/application. Some
ways to gather information include virtual visits; vendor
demonstrations; on-site visits; interviews via face-to-face,
phone, or teleconference. You must conduct at least one
interview for this project.
Complete a literature search to gather information
about your selected information technology system. You
may also need to review related scholarly articles to help
answer the questions presented below.
NOTE: In your submitted report, do not share proprietary
information, personal names, or organization names without
permission.
To complete:
Your deliverable is a 12- to 15-page scholarly report, not
counting the title page or references. A successful report
should leave the reader with confidence in understanding
the answers to all the questions listed below. Graphics may
be used to illustrate key points.
Organization Information
Briefly describe the health information technology
system/application and the organization type (hospital,
clinic, public health agency, health care software company,
•
•
•
•
•
•
•
government health information website, private virtual
health information site, etc.).
Is the health information technology
system/application clinical, administrative, educational, or
research related?
What were the key reasons for the development of this
health information technology system/application, i.e., what
made the organization believe this system/application was
needed? How did this organization determine those needs?
Did the organization use specific tools to conduct needs
assessments, staff opinions, or workflows?
How did the organization determine that this specific
system/application could fulfill its predetermined needs?
Who manages this health information technology
system/application and where are they located within the
organization’s administrative structure?
Information System Application Design and
Development
Many health care systems have multiple independent
entities that work together toward the common goal of
providing high-quality care. How did—and do—the various
stakeholders make decisions related to this health
information technology system/application? Were the end
users involved in the development of this health information
technology system/application?
How are individuals trained to use the health
information technology system/application?
How are security issues addressed? How does this
health information technology system/application support a
legally sound health care record?
•
•
•
•
•
•
•
•
•
•
Where did initial funds for this health information
technology system/application come from?
Who manages the budget for this health information
technology system/application?
Have organizational or political issues impacted the
ongoing funding for this health information technology
system/application?
What are the arrangements for planned or unplanned
downtime?
How are health information technology
system/application upgrades scheduled or planned?
How has the health information technology
system/application changed in response to health care
reform and related legislation?
What suggestions could you make regarding changes
needed to support health care reform and related
legislation?
Innovative Aspects of the System
How does the health information technology
system/application utilize technology innovations?
What technology innovations would you recommend
for this organization? What innovations presented in this
course, or found through your own research, could this
organization benefit from?
What innovations could further promote evidencebased practice and efficiency within this organization?
End Product
Your report is a scholarly paper and needs to include a
minimum of 10 citations from peer-reviewed journals. Every
statement made in a scholarly report must be supported by a
reference. Be very cautious when stating your opinion, or
using terms suggesting absolute facts, or values, as these
must be supported by references. Note that textbooks,
including the course texts, are composed of information
cited from other sources (see the reference section in the
course textbooks). With this in mind, there should be an
adequate number of appropriate references (a minimum of
10). Please note that primary sources are to be used. Peerreviewed journal articles should make up the bulk of your
references (90%). If referring to a book, be sure to include
all information in APA style, including specific page numbers
when necessary. Note that an article referred to in a book is
a secondary source. More on this topic is available in
the APA Publication Manual and in the Walden Writing
Center. See also “Policies on Academic Honesty” listed at the
Walden website.
A superior paper demonstrates breadth and depth of
knowledge, and critical thinking appropriate for doctoral
level scholarship. The report must follow APA Publication
Manual guidelines (6th edition) and be free of typographical,
spelling, and grammatical errors. This Application is the
Major Assessment for this course. You will submit this
document by Day 7 of Week 9.
By Day 7 of Week 9
Final Report: 12- to 15-page scholarly report is to be
submitted.
Grading Criteria
Document: Week 9 Major Assessment 5 Rubric (Word
document)
Week in Review
This week you analyzed the development and
implementation of a health information technology
system/application and how HIT projects are identified and
moved forward within an organization. You also evaluated
the impact leaders and key decision makers have on the
implementation of HIT projects. Next week you will
examine the need for constant diligence when working with
patient information and the ethical codes and laws that
govern today’s use of health information technologies.
To go to the next week:
Week 5
Learning Objectives
Students will:
•
•
•
Analyze how HIT projects are identified and moved
forward within an organization
Evaluate the impact of leaders and key decision makers
on implementing HIT projects within an organization
Critically analyze the development and implementation
of a health information technology system or application /li>
Learning Resources
Note: To access this week’s required library resources, please
click on the link to the Course Readings List, found in
the Course Materials section of your Syllabus.
Required Readings
Course Text: Ball, M. J., Douglas, J. V., Hinton Walker, P.,
DuLong, D., Gugerty, B., Hannah, K. J., . . . Troseth, M. R. (Eds.)
(2011). Nursing informatics: Where technology and caring
meet (4th ed.). London, England: Springer-Verlag.
• Chapter 17, “Disruptive Innovation: Point of Care”
This chapter uses real-world integration examples to
illustrate the visions and challenges that characterize Smart
Point of Care systems.
Course Text: American Nurses Association. (2008). Nursing
informatics: Scope and standards of practice. Silver Spring,
MD: Author.
• “Standards of Nursing Informatics Practice” (pp. 67-79)
This excerpt presents the specific measurement criteria
found within each nursing informatics standard.
Madsen, M. (2010). Knowledge and information
modeling. Studies in Health Technology & Informatics, 151,
84-103.
Within this article, the overall design models of
information systems are linked to the
metastructures, data, information, knowledge,
and wisdom.
Peleg, M. (2011). The role of modeling in clinical information
system development life cycle. Methods of Information in
Medicine, 50(1), 7-10.
The author of this article discusses the role of conceptual
modeling in health information technology systems and how
it has been an effective component of system development.
Philip, A., Afolabi, B., Adeniran, O., Oluwatolani, O., & Ishaya,
G. (2010). Towards an efficient information systems
development process and management: A review of
challenges and proposed strategies. Journal of Software
Engineering & Applications, 3, 983-989.
This article examines the phases and
methodologies found within the Systems
Development Life Cycle (SDLC), and proposes a
framework for establishing the crucial roles that
participants must play during the SDLC.
Szydlowski, S., & Smith, C. (2009). Perspectives from nurse
leaders and chief information officers on health information
technology implementation. Hospital Topics, 87(1), 3-9.
Required Media
Laureate Education, Inc. (Executive Producer). (2011).
Transforming nursing and healthcare through technology:
Systems analysis. Baltimore, MD: Author.
Note: The approximate length of this media piece is 11
minutes.
The presenters in this week’s media presentation outline the
stages involved when implementing a new technology
system..
Accessible player
Optional Resources
Burgess, L., & Sargent, J. (2007). Enhancing user acceptance
of mandated mobile health information systems: The ePOC
(electronic Point-Of-Care Project) experience. Studies in
Health Technology and Informatics, 129(Pt 2), 1088-1092.
Discussion: Welcome to the Week 4
Discussion area!
Post your responses to the Discussion based on the course
requirements.
Your Discussion postings should be written in standard
edited English and follow APA guidelines as closely as
possible given the constraints of the online platform. Be sure
to support your work with specific citations from this week’s
Learning Resources and additional scholarly sources as
appropriate. Refer to the Essential Guide to APA Style for
Walden Students to ensure your in-text citations and
reference list are correct. Initial postings must be 250–350
words (not including references).
Submission and Grading Information
Grading Criteria
To access your rubric:
Week 4 Discussion Rubric
Post by Day 3 and Respond by Day 6
To participate in this Discussion:
Week 4 Discussion
Week 9 Assignment: Health Information
Technology Project [Major Assessment 5]
In previous Discussions and Applications, you have explored
various aspects of health information technology systems:
the historic development of HIT, how data flows across HIT
systems, and standards and interoperability requirements
including specific terminologies used in your practice
setting. In this Application Assignment, you will have the
opportunity to further develop your analysis skills by closely
examining the implementation of a health information
technology system. As a doctorally prepared nurse, you may
find yourself in the position of leading a HIT project team; to
be an effective leader and move health information
technology projects forward in your organization, you must
be able to logically and critically analyze the many aspects
and challenges of implementing such a system and then
present your insights in a succinct and professional manner.
This exercise provides an opportunity to hone those skills.
Carefully review the project requirements below and plan
your time accordingly. Be sure to refer to the standards of
nursing informatics practice as you develop this Application,
which serves as your Major Assessment for this course.
To prepare:
•
o
▪
▪
▪
▪
▪
▪
▪
▪
▪
▪
•
•
Investigate a health information technology system or
health information technology application in your area of
interest. The health information technology
system/application may be in any setting where health care
information is developed or managed. You may choose your
system or application from any organization or virtual
environment.
Examples of health information technology
systems or health information technology applications that
are acceptable include but are not limited to:
Consumer health applications
Clinical information systems
Electronic medical record (EMR) systems in
hospitals or provider offices
Home health care applications
School health applications
Patient portal/personal health record
Public health information systems
Telehealth (i.e., from facility to home)
Simulation laboratories
Health care informatics research and
development centers
Discuss your proposed health information technology
system/application with your Instructor before proceeding
with your final selection. You may visit a health care
organization in person or virtually in order to make your
final choice about the health information technology system
or health information technology application of interest.
Choose the best strategy to gain information about your
selected information technology system/application. Some
•
•
•
•
ways to gather information include virtual visits; vendor
demonstrations; on-site visits; interviews via face-to-face,
phone, or teleconference. You must conduct at least one
interview for this project.
Complete a literature search to gather information
about your selected information technology system. You
may also need to review related scholarly articles to help
answer the questions presented below.
NOTE: In your submitted report, do not share proprietary
information, personal names, or organization names without
permission.
To complete:
Your deliverable is a 12- to 15-page scholarly report, not
counting the title page or references. A successful report
should leave the reader with confidence in understanding
the answers to all the questions listed below. Graphics may
be used to illustrate key points.
Organization Information
Briefly describe the health information technology
system/application and the organization type (hospital,
clinic, public health agency, health care software company,
government health information website, private virtual
health information site, etc.).
Is the health information technology
system/application clinical, administrative, educational, or
research related?
What were the key reasons for the development of this
health information technology system/application, i.e., what
made the organization believe this system/application was
needed? How did this organization determine those needs?
•
•
•
•
•
•
•
•
•
Did the organization use specific tools to conduct needs
assessments, staff opinions, or workflows?
How did the organization determine that this specific
system/application could fulfill its predetermined needs?
Who manages this health information technology
system/application and where are they located within the
organization’s administrative structure?
Information System Application Design and
Development
Many health care systems have multiple independent
entities that work together toward the common goal of
providing high-quality care. How did—and do—the various
stakeholders make decisions related to this health
information technology system/application? Were the end
users involved in the development of this health information
technology system/application?
How are individuals trained to use the health
information technology system/application?
How are security issues addressed? How does this
health information technology system/application support a
legally sound health care record?
Where did initial funds for this health information
technology system/application come from?
Who manages the budget for this health information
technology system/application?
Have organizational or political issues impacted the
ongoing funding for this health information technology
system/application?
What are the arrangements for planned or unplanned
downtime?
•
•
•
•
•
•
How are health information technology
system/application upgrades scheduled or planned?
How has the health information technology
system/application changed in response to health care
reform and related legislation?
What suggestions could you make regarding changes
needed to support health care reform and related
legislation?
Innovative Aspects of the System
How does the health information technology
system/application utilize technology innovations?
What technology innovations would you recommend
for this organization? What innovations presented in this
course, or found through your own research, could this
organization benefit from?
What innovations could further promote evidencebased practice and efficiency within this organization?
End Product
Your report is a scholarly paper and needs to include a
minimum of 10 citations from peer-reviewed journals. Every
statement made in a scholarly report must be supported by a
reference. Be very cautious when stating your opinion, or
using terms suggesting absolute facts, or values, as these
must be supported by references. Note that textbooks,
including the course texts, are composed of information
cited from other sources (see the reference section in the
course textbooks). With this in mind, there should be an
adequate number of appropriate references (a minimum of
10). Please note that primary sources are to be used. Peerreviewed journal articles should make up the bulk of your
references (90%). If referring to a book, be sure to include
all information in APA style, including specific page numbers
when necessary. Note that an article referred to in a book is
a secondary source. More on this topic is available in
the APA Publication Manual and in the Walden Writing
Center. See also “Policies on Academic Honesty” listed at the
Walden website.
A superior paper demonstrates breadth and depth of
knowledge, and critical thinking appropriate for doctoral
level scholarship. The report must follow APA Publication
Manual guidelines (6th edition) and be free of typographical,
spelling, and grammatical errors. This Application is the
Major Assessment for this course. You will submit this
document by Day 7 of Week 9.
By Day 7 of Week 9
Final Report: 12- to 15-page scholarly report is to be
submitted.
Grading Criteria
Document: Week 9 Major Assessment 5 Rubric (Word
document)
Week in Review
This week you analyzed the development and
implementation of a health information technology
system/application and how HIT projects are identified and
moved forward within an organization. You also evaluated
the impact leaders and key decision makers have on the
implementation of HIT projects. Next week you will
examine the need for constant diligence when working with
patient information and the ethical codes and laws that
govern today’s use of health information technologies.
To go to the next week:
Week 5
983
J. Software Engineering & Applications, 2010, 3, 983-989
doi:10.4236/jsea.2010.310115 Published Online October 2010 (http://www.SciRP.org/journal/jsea)
Towards an Efficient Information Systems
Development Process and Management: A Review
of Challenges and Proposed Strategies
Achimugu Philip1, Babajide Afolabi2, Oluwaranti Adeniran2, Oluwagbemi Oluwatolani1,
Gambo Ishaya2
1
Computer Science Department, Lead City University, Ibadan, Nigeria; 2Department of Computer Science and Engineering, Obafemi
Awolowo University, Ile-Ife, Nigeria.
Email: {check4philo, tolapeace, igpeni}@yahoo.com, {bafox, aranti}@oauife.edu.ng
Received July 31st, 2010; revised August 26th, 2010; accepted August 31st, 2010.
ABSTRACT
Before Information Systems are developed, they must have undergone a process called Systems Development Life Cycle
(SDLC) using appropriate methodology. The SDLC consists of phases varying from author to author. However, an information systems project can only be successful with intense interaction amongst project manager, systems analyst,
system designers and the end users. Viewed from the project manager’s perspective, the SDLC lacks the essence of
project management activities. Similarly, end users involvement is not clearly specified. The main aim of this paper is to
propose a framework for information systems management and development process which accommodates the views of
the different participants. Furthermore, the paper sharpens the concept of conventional SDLC, on the basis of the proposed framework. In addition, tools and methods that are appropriate for the implementation of the framework are
herein discussed.
Keywords: SDLC, Information Systems, Framework, Project Management, Development, End Users
1. Introduction
The early applications of computers were implemented
without the aid of any explicit Information Systems (IS)
development methodology and appropriate management
techniques. In these early days, the emphasis of computer
applications was towards programming. This meant that
system developers were technically trained but were not
necessarily good communicators. This often meant that
the needs of the users in the application area were not
well established, with the consequence that the IS design
was frequently inappropriate for the application. Few
programmers would follow any formal methodology; in
most cases, they use rule-of-thumb and rely on experience [1].
Estimating the date on which the system will be operational was difficult and applications were frequently behind schedule. Programmers might spend a very large
proportion of their time on correcting and enhancing the
applications which were operational. Typically, a user
will come to the programmer asking for a new report or
Copyright © 2010 SciRes.
modification of one that was already supplied. Often,
these changes had undesirable effects on other parts of
the system, which also had to be corrected. This vicious
circle will continue, causing frustration to both programmers and users. As computers increased rapidly in
number and management was demanding more appropriate systems for their expensive outlay, the situation could
not continue. There were three main changes [2]:
1) The first was a growing appreciation of the part of
the development of the system that concerns analysis and
design and therefore, the role of the system analyst as
well as that of the programmer;
2) The second was realizations that as organizations
were growing in size and complexity; it was desirable to
move away from one-off solutions towards a more integrated approach;
3) The third was an appreciation of the desirability of
an accepted methodology for the development of information systems.
Organizations today are much more concerned about
the effects of competition than they were in the past;
JSEA
984
Towards an Efficient Information Systems Development Process and Management:
A Review of Challenges and Proposed Strategies
therefore, no organization would like to stand the risk of
being overtaken by other competitors on the same playing ground with equal opportunities. Organizations that
acquire prompt delivery of information system projects
and posses efficient management skills will always be at
the fore front of this global digital drive which commands profits for organizations and good quality of services for users and customers. Although, traditional uses
of information technology still exist, new information
systems development has become one of the most important weapons for organizations to gain competitive
advantage. New application development is the most
vigorous for those organizations that recognize information as a resource for achieving their strategic goals.
Existing literature provides some formal methods and
management models for information systems development which cannot explain all the tasks that must be
performed by the diverse group of people that are involved in the development process of information systems. For instance, the waterfall model in isolation cannot fully explain the perspective of the project manager,
same goes to the capability maturity model and hosts of
others. The primary management goal is to build a
working information system under a planned budget and
schedule. The activities such as planning, organizing,
staffing, leading and controlling are of particular importance in managerial activities [3].
The main aim of this paper is to propose a framework
for an efficient information systems development process
and management that will enable information system
projects to be promptly and successfu…