Teaching case

e-Healthcare in ABC county health

department (ABCCHD)
1
: trade-offs
analysis and evaluation
Keng Siau, Hwee-Joo Kam
Department of Management, 209 College of Business Administration, University of Nebraska-Lincoln, Lincoln, NE, USA
Correspondence: K Siau, Department of Management, 209 College of Business Administration, University of Nebraska-
Lincoln, Lincoln, NE 68588-0491, USA.
Tel: 1 402 472 3078;
Fax: 1 402 472 5855;
E-mail: ksiau@unl.edu
Abstract
The issue of privacy stirred a tumultuous uproar when the ABC County Health Department
(ABCCHD) was planning for an e-Healthcare system that utilized information technology to
streamline the administration process of patients. ABCCHD had hired a software vendor,
Info-Health, a company that specialized in information system development for the
healthcare industry to help in the project. The privacy of patients with Sexually Transmitted
Diseases/Human Immunity System was a thorny issue in the implementation of the e-
Healthcare system. A trade-off between privacy and cost was discussed and debated.
Three alternatives, with varying degrees of privacy and cost, were considered.
Journal of Information Technology (2006) 21, 6671. doi:10.1057/palgrave.jit.2000054
Published online 24 January 2006
Keywords: information privacy; e-Healthcare; trade-off evaluation
Case summary
The ABC county health department (ABCCHD)
T
he ABCCHD was a government unit that was
administered by the mayors office. ABCCHD served
the community by providing health care to under-
privileged people based on the Federal Poverty Guidelines.
ABCCHD had a Health Board that advised the operations of
the department, set policies for the department, and
appointed the director of the department. The Health
Board comprised of nine people in total one from the City
Council, one County Commissioner, one physician, one
dentist, and five lay people, who were selected by the City
Council and County Commissioners. In cooperation with
the community resources, the ABCCHD, as the official
agency, was responsible for the health and welfare of the
community. The ABCCHD was committed to population-
based public health services services that were focused on
improving the health status of people in general, as opposed
to the treatment of individuals.
This mission was accomplished through three core
public health functions: Assess, Address, and Assure.
First, the ABCCHD assessed the community health status
and determined whether the community had adequate
resources to address the problems that were identified.
Second, the ABCCHD addressed identified problems by
developing health policies and recommending programs
to carry out those health policies.
Third, the ABCCHD assured that necessary, high-quality,
effective services were available. Part of this assurance
activity included the responsibility for quality assurance
through licensing and other mechanisms.
System planning for the epidemiology program at ABCCHD
ABCCHD was undergoing information system planning,
which included the revamping and remodeling of the entire
Sexually Transmitted Diseases/Human Immunity System
(STD/HIV) registration system. This inevitably involved the
Epidemiology Program, a subdivision under the ABCCHD.
The Epidemiology Program had supported the ABCCHD in
developing assessment tools and applying epidemiological
analysis to public health (disease) prevention, protection,
and health promotion efforts (see Exhibit 1 for more detail).
The STD/HIV testing process required epidemiologists to
interview STD/HIV patients as well as to provide the
necessary education and counseling. Epidemiologists col-
lected and analyzed patients data for research purposes. In
addition to implementing healthcare needs for STD/HIV
patients, epidemiologists must protect sensitive patient
data. Owing to the nature of the disease, epidemiologists
Journal of Information Technology (2006) 21, 6671
& 2006 JIT Palgrave Macmillan Ltd. All rights reserved 0268-3962/06 $30.00
palgrave-journals.com/jit
must be extremely careful about the issue of privacy with
regard to the STD/HIV patients.
The issue of privacy and cost of privacy
ABCCHD had met with its software vendor, Info-Health, a
company that specialized in information system develop-
ment for the healthcare industry to discuss this contro-
versial issue. The privacy of patients with STD/HIV was
raised and discussed extensively during the meeting with
system analysts. So was the cost of providing privacy. The
trade-off between privacy and cost was the issue that was
holding up the implementation of the e-Healthcare system.
Three alternatives were studied for the implementation
of the STD/HIV system (in decreasing amount of cost):
Implement a separate system for STD/HIV patients. This
STD/HIV system would be a stand-alone system that was
separated from the main system. Also, the registration of
STD/HIV patients would be handled at a different
counter or front desk from other patients. This option
required separate hardware and software. Operation cost
would also be higher because of the need to have
different staff to man the new counter or front desk.
Implement the STD/HIV system as part of the main
system but with built-in security and privacy features.
This option required a few additional modules of
software to handle the security and privacy features.
Also, a different counter or front desk would be set up to
manage the registration of STD/HIV patients separately
from other patients.
Implement the STD/HIV system as part of the main
system but with built-in security and privacy features.
Registration for STD/HIV patients would occur at the
same counter or front desk as other patients. This option
would not incur additional operational cost unlike the
other two options with separate counter or front desk for
STD/HIV patients.
Background
The existing information systems at ABCCHD
Cynthia May (Project Manager) and Susan Lee (Informa-
tion System Coordinator) had both chosen Info-Health, a
well-known software vendor in the healthcare area, to head
the e-Healthcare system planning. According to Cynthia
May, Info-Health was chosen as it had deep knowledge
regarding healthcare information systems and the company
had proprietary software designed for e-Healthcare sys-
tems.
Currently, STD/HIV registration was separate from the
central registration system (an AS/400 system). When a
patient came in to take a HIV test, he/she needed to fill out
laboratory forms, consent forms, and a patient intake form.
The patient would later attend a counseling and education
session with an epidemiologist and a public health nurse. In
addition, lab technicians would conduct a HIV lab test after
regular work hours. Next, only positive test results
were recorded in a logbook. The test result would then be
confidentially disclosed to the patient. No names were
displayed in the logbook, but a unique identifier was used
for tracking the patients. After testing, the logbook was
locked in a safe place. Periodically, the data in the logbook
was entered and saved in the Management Information
System-Sexually Transmitted Disease (MIS-STD) database
and the HIV/AIDS Reporting System (HARS) for further
data analysis. The MIS-STD and the HARS systems were
not linked to the central registration system. The MIS-STD
and HARS systems data were strictly confidential and
access to the systems was tightly controlled.
One of the major shortcomings of the existing informa-
tion system was that the laboratory test report was
generated by hand, which made it tedious to create other
reports that were categorized by gender, race, age, behavior,
and disease. The existing system was of a great incon-
venience in the report-generating process. As a result, an
e-Healthcare system was planned to replace and integrate
existing information systems such as the central registra-
tion system, the MIS-STD, and HARS.
The New e-Healthcare system
During the Joint Application Meeting, epidemiologists
indicated a need to block unauthorized access to STD/
HIV data. They required Info-Health to impose strict
security and privacy control for the STD/HIV data in order
to protect people with STD/HIV coming in for multiple
services from being cross-referenced by their name, social
security number, date of birth, and address. The new
e-Healthcare system must be able to eliminate paper-
work, including laboratory forms, the HIV consent forms,
and the (general) consent forms. According to epidemiol-
ogists, it was essential to have a tool to effectively generate
reports by age, gender, and risk behavior.
The privacy issue
The initial proposal
After listening to the requirements of the epidemiologists,
Info-Health decided that it would incorporate the STD/HIV
registration system into the central registration system
while it simultaneously imposed restrictions for data
accessibility. In other words, STD/HIV patients would be
registered using the same screen as other patients, but
access to details relating to STD/HIV patients would be
protected. The main reason for this approach was that a
patient who used STD/HIV services had also presumably
used other services in the Health Department. In fact, one
of the Info-Healths goals was to design an efficient system
by eliminating data redundancy. This new system provided
convenience and reduced the amount of paperwork.
However, epidemiologist John Watson strongly objected
to this idea due to the fact that it might infringe on the
privacy rights of the patient. He argued that the support
staff members who recorded a patients visits on a daily
basis could know which patient was infected with STD/HIV
or had made appointments for STD/HIV testing. To fully
protect a patients privacy, John insisted on a separate
system just for the STD/HIV patients. On the other hand,
assistant nursing supervisor, Mary Foster, felt that system
efficiency should be the top priority. She mentioned that
having a separate system for STD/HIV patients would limit
the ability to integrate data and provide the doctors with a
e-Healthcare in ABCCHD K Siau and H-J Kam
67
complete picture of a patient. Cynthia May, as the Project
Manager, was concerned about the cost of the e-Healthcare
system and the operating cost. Info-Health analyst, Nicole
Davis, pondered the privacy, systems efficiency, and cost
issues related to the case.
Analysis of debate issues
The debate issues here are related to:
(i) The privacy protection of STD/HIV patients.
(ii) Information Access and Control.
(iii) The cost of privacy.
Privacy protection of STD/HIV patients
John Watson pointed out that the STD/HIV data was
strictly confidential. While the Public Health Nurse wanted
an effective integrated system, s/he and the ABCCHD must
realize that both the debated issues of public health and
privacy were synergistic. If patients suspected that their
confidentiality might be violated, they would be much less
likely to come forward for testing, education, counseling,
examination, and treatment. Without complete trust,
individuals would be less likely to freely divulge personal
information, causing difficulties in collecting data, and
also imposing limitations on improving the quality of the
data collected. In the long run, failure to gather quality
data from patients impeded the implementation of a sound
e-Healthcare system (Gostin et al., 2001).
Cynthia May and Susan Lee agreed that due to the
confidentiality of the STD/HIV data, there was a dire need
for privacy protection. Mishandling of private information
might also expose ABCCHD to potential lawsuits. The
concept of confidentiality is assumed for a relationship that
requires intimacy or trust between two or more persons, in
which private or secret information was shared. This was
based on the understanding that this information should
not be repeated or made available to unauthorized persons
(Fombad, 2001). This definition was applied to the
relationship between STD/HIV patients and the ABCCHD.
Information access and control
Mary Foster highlighted the advantages of the new e-
Healthcare system. Although the current paper-based
system was less accessible, and therefore, the information
was less exposed and less vulnerable to information abuse,
it was painstaking to generate reports from the paper-based
data gathered from the laboratory, patient intake, and HIV
consent forms. With the paper-based system, the accessi-
bility of the data was limited. In addition, paperwork could
be easily misplaced or lost. And these problems could be
resolved or alleviated with the new e-Healthcare system.
The new e-Healthcare system would enhance data
accessibility. Mary Foster mentioned that nurses would
prefer to have an integrated and efficient e-Healthcare
system to facilitate data retrieval and reports generation.
The nurses played a major role and had critical responsi-
bilities in ABCCHD. Blocking the accessibility of STD/HIV
data in the new e-Healthcare system would require nurses
to make adjustments and adaptations to the new system. In
addition, nurses might find it necessary to relinquish
certain types of decision-making with the STD/HIV system.
This might engender resistance from the nurses. Also, with
the use of this new e-Healthcare system, they might have to
perform tasks that were not within their normal realm.
An advantage on data accessibility, however, could easily
be transformed into a threat when the issue of the privacy
of information pertaining to STD/HIV data was taken into
account. Enhanced data accessibility with the e-Healthcare
system would also mean that the sensitive and confident
STD/HIV data would become easily accessible and vulner-
able. This was the main concern of John Watson. The new
information system could inadvertently increase the danger
of data exposure. STD/HIV patient data could be retrieved
effortlessly and be passed to third parties as valuable
information. In other words, when it became easier for
epidemiologists to retrieve and analyze data, it also became
easier for unauthorized parties to unscrupulously hack into
the system and steal valuable information.
John Watson argued that in the case of the STD/HIV
system, third parties would like to access and obtain HIV
data simply for their own benefits. For example, employers
might want to know if a prospective employee was a HIV
patient. This information was valuable to the employers due
to the fact that employers were usually unwilling to provide
insurance for HIV patients, and, in the worst-case
scenarios, they would even terminate employment. Wrong-
ful discharge of HIV-positive employees could end in a
costly lawsuit, which could even wind up costing the
company millions of dollars. Unauthorized disclosure of a
persons HIV status might result in other serious repercus-
sions the individual might suffer from social rejection,
ostracism, discrimination, inferences about his sexual
preferences, and drug use (Fombad, 2001).
The cost of privacy
Although Cynthia May stressed the importance of privacy,
she understood that there was a cost associated with
privacy and security control. As a government department
operating with public funding, ABCCHD could not operate
as if it were a wealthy private healthcare institution. The
cost of developing the e-Healthcare system was an issue and
a constraint. Cynthia May understood the need to do a
trade-off between privacy features and cost of providing
those features.
Three information privacy management alternatives
Info-Health analyst, Nicole Davis, proposed three approa-
ches. Each approach has its distinct advantages and
disadvantages, and cost.
Alternative A
Implement a separate system for the STD/HIV system and a
separate counter or front desk for registering STD/HIV
patients. The cost of obtaining and implementing a separate
system was an important issue with this approach. Other
major shortcomings include repetition and redundancy,
since the separate system was similar to the main system,
but on a smaller scale. However, its main strength was that
a separate registration system would be established solely
for STD/HIV patients. In other words, the stand-alone
STD/HIV system did not share the STD/HIV data with
e-Healthcare in ABCCHD K Siau and H-J Kam
68
the primary network system, which therefore allowed more
privacy and security for STD/HIV patients. On the other
hand, because the stand-alone STD/HIV system and the
e-Healthcare system were separated, understanding and
retrieving the patients health history would prove to be a
headache. There was also the danger that doctors, who were
using the STD/HIV system, might prescribe drugs that
would interact with other drugs prescribed by other doctors
using the primary healthcare system. Having a different
counter or front desk for STD/HIV patients would also
increase the operation cost as additional staff would be
required.
Alternative B
Incorporate the STD/HIV system into the main system with
the necessary built-in security and privacy features, but
provide a different counter or front desk for STD/HIV
registration. Even with built-in security and privacy
features, data piracy and abuse might still happen. A
different counter or front desk allowed for more privacy
and patients records would not be as easily exposed to the
public because the STD/HIV front desk would be in a
separate area away from the public. However, the ABCCHD
might not have enough resources to set up a different front
desk.
Alternative C
Embed the STD/HIV system in the main system with built-
in security and privacy features. The STD/HIV patient
registration would be handled by the same front desk staff
who also managed the registration for regular patients. This
approach was more economically feasible as it cost less to
implement the STD/HIV system. However, with this option,
the security of STD/HIV patients would be more question-
able and uncertain. When information sharing occurred in
the main healthcare system, the possibility of information
piracy and abuse would be a constant and ongoing concern.
Another obvious problem was that the front desk environ-
ment significantly exposed sensitive STD/HIV data to the
public. Any person within viewing distance from the
computer screen would have the ability to view the patients
record. Having the STD/HIV patients registering at the
same counter or front desk as other patients might make
the STD/HIV patients uncomfortable and uneasy.
Study questions
1. How should the trade-off be managed?
a. Should there be a trade-off between privacy concerns
and system efficiency?
b. Should there be a trade-off between privacy concerns
and cost of implementing the system?
c. What should be the cost of privacy? How do you
determine the cost?
d. What should be the criteria used to evaluate the trade-
off?
2. What are the advantages and disadvantages of each
alternative?
a. Which of the three alternatives is the most effective in
preventing information abuse, and thus safeguards
STD/HIV patient records?
b. Which of the three alternatives is the most efficient?
c. Which of the three alternatives is the least expensive?
3. What recommendations would you make to ABCCHD?
Exhibit 1
The epidemiology program promoted the use of scientific
knowledge about health and disease within the population
to effectively conduct public health assessments as well as
policy developments and assessments. This program
provided services to enable public health agencies to
conduct several important services as listed below:
Monitor health status to identify community health
problems.
Diagnose and investigate health problems and health
hazards within the community.
Inform, educate, and empower people about health
issues.
Evaluate the effectiveness, accessibility, and quality of
personal and population-based health services.
Research for new insights and innovative solutions to
health problems.
Program planning, management, and evaluation activities
were dependent on the public health surveillance and data
systems, which required epidemiological capacity for data
collection, analysis, interpretation, and dissemination. In
addition, the epidemiology service was important for an
effective and timely response to communicable disease
outbreaks, environmental emergencies, and reported clus-
ters of disease. Finally, epidemiological capacity was crucial
to the publics role in community health planning and
policy development.
Each year, epidemiological information and assistance
was provided to hundreds of interested citizens, commu-
nity agencies, health professionals, students, businesses,
schools, human service providers, researchers, and elected
officials, including the Health Board, City Council, Mayor
Officials, County Board of commissioners, and the State
Legislature.
Notes
1 The name of the county has been changed to ABC County. We
have also disguised the names of the characters involved in this
case to protect their identities.
References
Gostin, L.O., Hodge Jr., J.G. and Valdisseri, R.O. (2001). Informational Privacy
and the Publics Health: The Model State Public Health Privacy Act,
American Journal of Public Health 91(9): 13881392.
Fombad, C.M. (2001). The Crisis of Confidentiality in the Control of HIV/AIDS
pandemic in Botswana, International Social Science Journal 53(170):
643656.
Further Reading
Siau, K. (1999). Xcert Software Inc, Journal of Information Technology 14(3
September): 235242.
Siau, K. (2003). Health Care Informatics, IEEE Transactions on Information
Technology in Biomedicine 7(1): 17.
Siau, K. and Chong, C. (2000). Is E-Commerce A Solution for the Mary Riepma
Ross Film Theater? Quarterly Journal of Electronic Commerce 1(4): 363392.
e-Healthcare in ABCCHD K Siau and H-J Kam
69
Siau, K., Nah, F. and Teng, L. (2002). Acceptable Internet Use Policy,
Communications of the ACM 45(1): 7579.
Siau, K., Southard, P. and Hong, S. (2002). e-Healthcare Strategies and
Implementation, International Journal of Healthcare Technology and
Management 4(1 and 2): 118131.
About the authors
Keng Siau is a Full Professor of Management Information
Systems at the University of Nebraska-Lincoln. He is the
Editor-in-Chief of the Journal of Database Management
and editor of the book series Advanced Topics in Database
Research. He received his Ph.D. degree from the University
of British Columbia where he majored in Management
Information Systems and minored in Cognitive Psychology.
His master and bachelor degrees are in Computer and
Information Sciences from the National University of
Singapore. He has edited 12 books and authored more
than 15 book chapters. He is also the author of over 80
refereed journal articles and over 90 refereed conference
papers (including nine ICIS papers). His research articles
have appeared in such journals as Management Informa-
tion Systems Quarterly, Communications of the ACM, IEEE
Computer, IEEE Transactions on Information Technology in
Biomedicine, IEEE Transactions on Professional Commu-
nication, IEEE Transactions on Systems, Man, and Cyber-
netics, IEICE Transactions on Information & Systems,
Communications of the AIS, Information Systems, DATA-
BASE, Journal of Information Technology, and Interna-
tional Journal of HumanComputer Studies. For more
information about him, please refer to his personal website
at http://www.ait.unl.edu/siau/.
Hwee-Joo Kam earned her M.A. in Management Informa-
tion Systems from the University of Nebraska-Lincoln.
Currently, she works as a software developer in Michigan
and an adjunct faculty in the Western Michigan University.
Appendix A1. Teaching notes
e-Healthcare in ABCCHD Trade-offs Analysis and
Evaluation
Objectives
This case accentuates the issue of trade-off between privacy
and cost. It presents the privacy issue encountered during
information system planning and presents three alterna-
tives. Students are encouraged to analyze the issue and to
address the problem while keeping in mind the limitations
and constraints of ABCCHD, which is a public health
department.
After completing an analysis of this case, the students
will appreciate:
(i) Privacy issues in information systems.
(ii) Trade-offs decisions that need to be made.
Methodology
The case of ABCCHD, a real-life scenario, exemplifies a
privacy issue encountered by a government institution
during system planning. This case is developed based on an
interns experience in ABCCHD. The intern had partici-
pated in system planning and realized its complexity,
especially in the planning of STD/HIV system.
Teaching suggestions
The case is written to foster the understanding of systems
analysis and design for senior undergraduate and graduate
students. This case allows students to analyze each possible
solution by taking several factors into consideration:
the issue of privacy, the systems requirements, and the cost.
The ABCCHD case could be covered within the time span
of a single 6090 min session. This case is suitable for
students who are taking a System Analysis and Design class,
or a module related to Privacy in an Introduction to MIS
class. The case could be used in conjunction with topics
such as information privacy, information security, project
management, alternatives evaluation, and information
systems development.
This is an interesting case on system planning, and it
covers the analysis and evaluation of each alternative, while
simultaneously dealing with the privacy, system efficiency,
and cost issues. The case should be distributed at least 1
week prior to class time. The instructor could begin the
discussion by having the students describe the ABCCHD
as an organization. The discussion should take about
510 min and would serve to introduce the ABCCHD.
For an actual case discussion, it is useful to begin with the
STD/HIV system. The instructor could pose the following
questions: What was the STD/HIV system in the case? or
What were the system requirements for the new STD/HIV
system? Students would then realize the shortcomings of
the existing system and begin thinking about the changes
that should be considered to establish a more efficient
system.
A follow-up question could be What kind of constraints
were ABCCHD facing? In this section, the instructor could
spend another 1520 min to discuss the constraints that
ABCCHD faced, and then relate the constraints to the
planning of STD/HIV system. ABCCHD was a government
institution that had a tight budget and limited computer
resources.
For the next 2025 min, the instructor could discuss the
trade-off between privacy concerns and system efficiency,
as well as privacy concerns and cost. Some system users
such as nurses would prefer to incorporate the STD/HIV
system into the main system as such system integration
facilitated easy retrieval of patients data. Nevertheless, the
epidemiologists believed otherwise. They strongly insisted
that the privacy of STD/HIV patients was paramount, and
they demanded that the Info-Health should isolate the STD/
HIV system from the main system. However, building
another similar system was redundant because the STD/
HIV system was basically the main system in a smaller
scale. Having a separate system adds to the cost of
development. These different perspectives should be made
known to the students.
The instructor could spend the next 2025 min discuss-
ing the three alternatives available to ABCCHD. In this
section, the instructor should ask the students to highlight
the advantages and disadvantages of each alternative. After
a thorough analysis of these three alternatives, the
e-Healthcare in ABCCHD K Siau and H-J Kam
70
instructor could then ask the students to recommend the
best option. There are no right or wrong answers as
the choice of the best alternative would depend on the value
and cost associated to privacy. And that is the strength of
this case as it allows for arguments and counter-arguments.
If there is time remaining, the instructor could discuss
the health information system in general. For example, the
instructor could also briefly mention the prospects of the
health information system and the adoption of information
systems in the healthcare industry in general.
e-Healthcare in ABCCHD K Siau and H-J Kam
71