Jan Leimeister

Einleitung: Die geplante Einführung der elektronischen Gesundheitskarte (eGK) in Deutschland setzt den Aufbau einer nationalen Gesundheitstelematikplattform voraus. Die technischen Komponenten dieser Telematik Infrastruktur (TI) lassen sich in zwei Klassen gliedern:
Zentrale Komponenten: Zugangsnetz, Broker, Backbonenetz, Zeitstempel, Public-Key-Infrastruktur, Auditierung, Directory Services sowie die Fachdienste.
Dezentrale Komponenten: Smartcards, Kartenterminals sowie Konnektoren.
Eine sichere Internetverbindung soll die Kommunikation zwischen den beiden Bestandteilen der TI gewährleisten.

In this paper, we provide a detailed overview of specific characteristics required to evaluate IS security approaches with regard to their applicability in the healthcare domain. The future of integrated treatment is enabled by e-health solutions that comprise health services and information delivered or enhanced through communication and information technologies. This is based on the communication between medical information systems involving all healthcare stakeholders. Thus, the implementation of e-health requires not only the establishment of IS communication infrastructures and the appropriate reorganization of current processes, but also requires the deployment of adequate security approaches concerning information systems in healthcare. Due to the special requirements that need to be met to ensure the security of personal health information and due to the healthcare processes that directly affect the care and service delivered to the patients, there is a strong need for clear, concise and healthcare specific IS security approach characteristics.

This paper describes a single sign-on solution for the central management of health care provider’s smart cards in hospitals. The proposed approach which is expected to be an improvement over current methods is made possible through the introduction of a national healthcare telematics infrastructure in Germany where every physician and every patient will automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). This introduction will cause changes in many existing health care administrative processes. The example process of writing a discharge letter is used in the paper to compare two existing approaches for integrating the new smart cards to the proposed single sign-on approach. Based on the findings we support a centralized single sign-on card management approach which allows us to exploit possible process improvements now and in the future. In closing we outline further application potentials of the described approach for management of smart cards in health care and, in particular, in hospitals.

The role of security management in the development and operation of information systems has a long tradition of research in computer science, information systems and management science. Integrating the economic, organizational, and technical aspects of information systems security analysis and assessment requires a bridging of these different research streams. We examined major articles published concerning IS security using a new classification scheme for IS security analysis and assessment approaches. We looked at approaches discussed in recent publications as well those examined as in past articles that have attempted to classify various approaches to IS security. This paper therefore organizes a diverse collection of literature into a cohesive whole with the aim of providing IS management with an overview of current security analysis approaches, thereby offering management an effective aide for selecting the methods best suited to their needs. Furthermore, this work structures IS security research into a classification scheme that can also be used in future research and practice.

The objective of this paper is an analysis of security issues of the forthcoming German healthcare telematics infrastructure. The current analysis reevaluates results from a former security analysis conducted in 2007/08 and introduces new results based on the updated specification documents of the German healthcare telematics. As a result, basics for further security analysis activities are given and corresponding security measures to overcome the identified vulnerabilities are derived. Due to the transferability of the healthcare telematics security concept, which is currently applied in Germany, the achieved results might be helpful for worldwide healthcare telematics projects in the future.

The electronic health card (EHC) is presently being introduced in Germany, however in a much slower pace than originally anticipated and planned. For an evaluation of the applications of EHC a doctors practice of a dentist was chosen as reference practice. To analyze the direct effect of the EHC, a process analysis was made of the actual and future EHC processes. For exploring potential user acceptance a patient survey including 49 patients was conducted. The benefits for all involved parties were observable. Based on these analyses, some conclusions are drawn for the improvement of the EHC introduction in Germany.

Der Beitrag beschreibt die Single Sign-On Clinic Card-Lösung zur zen- tralen Verwaltung von Gesundheitskarten im Krankenhaus. Ziel dieses Konzeptes ist es, die propagierten Effektivitäts- und Effizienzverbesserungspotenziale, gege- ben durch die Einführung der elektronischen Gesundheitskarten, vorteilhafter heben zu können, als es die bisher von der gematik spezifizierten Ansätze zur ge- planten HBA-Integration in Krankenhausprozesse erlauben. Anhand eines kon- zeptionellen Vergleichs kann die Vorteilhaftigkeit des neuen Ansatzes de- monstriert werden. In einem Ausblick werden weitere Anwendungspotenziale für diesen zentralen Ansatz zur Verwaltung von Gesundheitskarten dargestellt.

Ausgehend von der Analyse der Spezifika im Gesundheitswesen wird das Ziel der integrierten Versorgung identifiziert und erläutert. Hiefür sind relevante Informationen nicht nur abteilungs- oder institutionsbezogen, sondern patientenorientiert entlang des gesamten Behandlungsprozesses bereitzustellen. Die Darstellung unterschiedlicher Initiativen zur Informationsintegration verdeutlicht, dass keiner der untersuchten Ansätze die wesentlichen Integrationsanforderungen vollständig erfüllt. Als Lösung wird ein agentenbasiertes Vorgehen vorgeschlagen und anhand einer prototypischen Implementierung beschrieben. Abschließend werden die Ergebnisse bewertet und zentrale Themenstellungen für die Forschung im eHealth-Umfeld im Allgemeinen und für Software-Agenten im Besonderen aufgezeigt.

Gamification has taken the world by storm. Regardless of where one stands on gamification, it can aptly be described as interesting but also galvanising and controversial. We are pleased to write a provocative editorial to kick off this special issue on gamification in the European Journal of Information Systems. Our position is that the information systems (IS) discipline has the opportunity to play an outsized role in navigating the discourse of gamification—an increasingly influential, interdisciplinary discourse in research and practice. We assert that active engagement in the gamification discourse is a compelling IS research opportunity, given the growing, globalised platform-based economy. Consequently, we frame our editorial with the knowledge we have gained as IS researchers who engage in gamification research in an effort to share what we have learned about artefacts and original theorisation with both IS and gamification scholars. We do so by proposing a pragmatic path forward for gamification and IS researchers who wish to contribute to these related discourses, both individually and in the form of the combined IS–gamification discourse. We propose a framework of three practices that we are confident can more systematically generate the key theoretical artefacts needed to generate native theory in the IS–gamification discourse and hence to improve the associated research and practice. Foundational to this framework is our paradigm, which advocates active engagement with IS–gamification research and practice, as bridged by a strong focus on design thinking and generating artefacts that are foundational to theory generation.