Healthcare System Innovization through Digital Transformation

Author : Sumit Chakraborty; Reference : HSIDT/ V1.0/ CR 15082014

Healthcare System Innovizationthrough Digital Transformation

First Edition, 2014

Sumit Chakraborty

Digital TechnologyPortfolio

DSS ERP Biomedical Technology

BIKMS

Registration

Consulting

Testing

Discharge

Billing & payment

Surgery

FI-CO, MM,HR

SD, PLM

Workflow management

Project management

Supply chain management

Maintenance

K-creationCoE

K-storageDigital library

K-sharingby cloud

Perception

Case basedreasoning

K-applicationDiagnosis

Analytics

Data warehousing

Data mining

Social Networking

Data visualization

Performancescorecard

Imageprocessing

HCI

Digital measuring instrumentation

E-healthcloud

M-health

Sensors


ForewordThis e-book is written for various purposes : (1) an example of project for Management Information

Systems (MIS), Digital Transformation and Enterprise Solutions courses of academic programmes on

business administration (e.g. MBA, PGP, PGDM, PGDCM, PGDBM), information technology, computer

science and MCA; (2) consulting tool of business analysts in IT firms; (3) a reference for the healthcare

system administrators (e.g. CIO, CEO and CFO, ministry of healthcare) and (4) a reference of today’s

research on healthcare informatics and secure multi-party computation. The basic objectives of digital

transformation are to innovate and streamline business models, operational processes and experience of

the patients in healthcare service using information, communication and biomedical technology. This

work presents a healhcareflow mechanism; the intelligence of the mechanism is explored from the

perspectives of knowledge management through case based reasoning, decision making using analytics,

biomedical technology management, workflow control subject to time and resource constraints,

verification of fairness, correctness and privacy of patient data, multi-mode payment function,

cooperative communication protocol for collaborative information seeking, enterprise application

integration and life-science supply chain coordination. The service provider tries to improve the quality of

healthcare service at fair reasonable cost by integrating different enterprise applications through

systematic coordination of material, information and financial flows. This work also suggests the

information, communication and biomedical technology schema required for digital transformation in

terms of computational intelligence, communication, data, application and security schema. It is really

challenging to provide accessible, affordable and quality health care to the rural and urban population

globally.

For effective healthcare system innovization, digital technology management is not only the critical

success factor. There are other several factors. The healthcare consultants, specialists and work force

need a good human resource management model for proper talent acquisition and retention, research

and innovation, career growth planning, incentive, reward, recognition and retirement planning. The

healthcare service provider may have a flawed business model based on old legacy information

technology, malicious healthcare practice due to economic and financial pressure, mechanical HR policy

and bad resource allocation mechanism. The patients or service consumers may lose trust in health care

products and practice due to costly treatment procedure, complicated and fraudulent business rules and

vague computational intelligence. Fairness and correctness of computation and testing is a critical

concern in healthcare practice. Knowledge management is another critical success factor; case based

reasoning may be a good solution for information storage and retrieval.

Research Methodology : The present work has reviewed relevant literature and analyzed five

explorative cases on healthcare and healthcare information systems. The case study approach has been


selected to support analytical rather than statistical generalization. Case studies capture reality in

considerably greater detail and allow for the analysis of the problems of an adaptive enterprise. The

business processes of a complex multi-tier healthcare supply chain in USA has been analyzed and a group

of experienced healthcare system administrators have been interviewed. This work also explores the

basic properties of secure multi-party computation in healthcare from the perspectives of fairness,

correctness, privacy and rational information sharing.

Keywords: Healthcare information system, Digital Transformation, Computational intelligence, Cloud

computing schema, Artificial intelligence, Case based reasoning, Digital technology portfolio, Data

schema, Networking schema, Security schema, E-health, M-health, Information management schema.

E-book Structure : The present work is organized as follows. Chapter 1 defines the problem of today’s

healthcare service; shows industry analysis, critical success factors, healthcare chain and process flows. It

also presents the basic concept of digital transformation in the context of healthcare service model.

Chapter 2 presents the information technology schema. It explores the digital technology (DT) portfolio

of the healthcare service provider in the context of application schema. Chapter 3 highlights

computational intelligence and computing schema in terms of cloud computing, soft computing, artificial

intelligence, case based reasoning and perception. Chapter 4 and 5 present networking and data schema

respectively. Chapter 6 analyzes security schema. Chapter 7 discusses information management schema

and concludes the work.

Sumit Chakraborty

BEE (Jadavpur University), Fellow (MIS, IIM Calcutta)

Business Analytics Research Lab, India.

E-mail : [email protected]


ContentSL No. TopicPart I Digital System Schema1.1 Digital Transformation basic overview1.2 Healthcare industry analysis1.2.1 Business objectives1.2.2 Constraints1.2.3 Critical success factors1.3 Process flow analysis for healthcare chain1.4 Healthcareflow mechanism1.4.1 Mechanism’s intelligence analysis

Part II Digital Technology schema2.0 Application schema : Digital technology portfolio and application integration3.0 Computing schema and computational intelligence4.0 Data schema 5.0 Communication networking schema 6.0 Security schema

Part III Digital System Management Schema7.1 Organization structure for digital transformation7.2 Investment analytics for digital technology portfolio rationalization7.3 Strategic roadmap for digital transformation 7.4 Rural healthcare and conclusion

References


Chapter 1 : Introduction

1.1 What is digital transformation?

This is the case of a large healthcare chain. The healthcare service provider is a large organization having

complex structure. The Chief Information Officer (CIO) is planning to evaluate the scope of digital

transformation in the organization. He would like to discuss various aspects of digital transformation with

the top management. Digital transformation actually demands the fundamental rethinking and radical

redesign of different systems and processes for dramatic improvement of business performance,

quality of service and effective enterprise resource planning and capacity utilization through efficient

and intelligent application of modern information and communication technology and management skills.

It does not mean downsizing. Digital transformation is closely associated with an intelligent design of

information system schema, information technology schema and information management schema.

Today’s healthcare system must require an optimal portfolio of intelligent information and communication

systems and biomedical technology to satisfy various business objectives subject to a set of constraints.

These objectives may be improved quality of service (QoS); fast and correct transaction processing;

efficient management of resources; fast decision making in adaptive situation; improved accuracy in

decision making (e.g. intelligent scheduling, coordination); discovery of hidden intelligence from large

pool of data; supporting knowledge creation, storage, transfer and application in an enterprise;

supporting office automation and workflow control; effective asset management, cost control, revenue

management, strategic pricing and supply chain management and corporate social responsibilities. The

constraints may be time, cost, resources, skill, regulatory compliance, capacity, old and obsolete

technology, malicious and irrational business practice, policy paralysis and administrative failure. Digital

transformation does not mean downsizing; rather it can create new job opportunities through innovative

service offerings.

The basic objectives of digital transformation initiatives are to innovate and streamline business models,

operational processes and customer experience in healthcare service. They change how functions work,

redefine how functions interact and reshapes boundaries of the healthcare service provider. Today, the

healthcare service consumers need great digital experiences. They would like to interact with the

healthcare service providers anytime and anywhere. The healthcare service providers are expected to

build intelligent digital business models which can engage the service consumers digitally through online

and m-commerce mechanisms. A digital business model challenges the physical offline from the

perspectives of internal power, business process design and private data of the consumers. An efficient

digital business model is essential to connect a large or small organization to the service consumers

online. A digital business model has three components such as content (what is consumed), customer

experience (how is it packaged) and technology platform (how is it delivered). For instance, each


healthcare service provider should have a well-designed web site or portal which can give necessary and

correct information regarding the location, contact number, e-mail, address, transport facilities, service

and product offerings, consultants, approximate tariff or service charge, vision, organization structure,

rules and regulations to the local or national or international patients. The content is basically what is

consumed by the patients. It is applicable to all public and private hospitals, nursing homes and

healthcare clinics. The customer experience is associated with the website and the digitized business

processes such as e-mail acknowledgements, alert, payment processing options, shopping cart and

customer feedback. The platform consists of a set of digitized business process, data and infrastructure.

The platform has internal and external components. The internal platform components may be business

analytics, HR and finance modules; the external platforms include phones, communication networks,

tablets, laptops or computers that consumers use to interact with the healthcare service provider. It is

essential to create unique content with the help of healthcare consultants, experts and specialists for

improving and measuring customer’s experience. It is also required to develop a flexible global platform.

The healthcare service provider should monitor the performance of digital business model through the

feedback of the consumers about content, digital experience and platform.

Traditionally, digital transformation uses different types of technologies such as enterprise resource

planning, supply chain management and business intelligence solutions, analytics, mobile communication

system, social media and smart embedded devices to improve business performance, quality of service,

value propositions and internal processes. Additionally, the healthcare business model requires the

support of modern biomedical technology such as digital measuring instruments (e.g. blood pressure,

blood sugar, digital thermometer, digital stheoscope, digital x-ray), biosensors and human computer

interaction. The healthcare organizations often face common pressures from their customers, competitors

and workforce to take initiatives and show high commitment in digital transformation. But, it may occur

at different paces with different results. It explores new business opportunities and service offerings with

the support of biomedical, information and communication technologies. It must be driven by the top

management; it requires high commitment of top leaders, system and business analysts; strategic moves

of change management through monitoring a set of performance metrics. The top management may

create a new organization or reshape the boundaries of the organization by using strategic assets in new

ways. It is essential to manage people, processes and technology in a smart way.

The CIO has discussed with the top management of healthcare organization on critical steps and

strategies for digital transformation. For digital transformation, the top management of an organization

should see beyond the hype of new generation technology. An organization may often feel of getting

routine results from the investment in new technologies. The system and business analysts should try to

explore new ways of doing business and offering services to the service consumers by using digital

technology. They must understand the opportunities and threats of new technologies; they should assess

and mitigate the risks in time. An organization changes not only by using technology, but also by


improving its processes, business models and management skills. The top management should find

skilled, experienced and innovative technologists at a high level of decision making; those experts should

be capable of evaluating today’s digital technology platform correctly and convincing the leaders on the

risks and scope of technology appropriately. The top management should be able to take fast and correct

decisions in choosing right technology at right time. In other words, they should not adopt digital

technologies blindly; the project management team should run a pilot, test, get feedback from the

stakeholders and fine tune the new system. Such type of phased experimental approach can reduce the

chance of disaster or failure of new digital technologies. The project team requires a mix of experts on

different digital technologies. Digital transformation requires an open, transparent, fair and rational

corporate culture. It never stops; it is a continuous process. Despite the hype around disruptive

innovation of digital technologies, the healthcare service provider still has a long way to go in the journey

of digital transformation through enhanced customer experience, streamlined operations and processes

and creating new business models and service offerings. The CIO has asked the business analysts for a

detailed process flow analysis to study as-is system, find out the gap and design to-be system of the

healthcare service provider.

1.2 Healthcare Industry Analysis

The CIO has met with the chief of corporate strategy division in presence of the business and system

analysts and have discussed regarding the critical issues of today’s healthcare service industry such as

competition, value based service delivery model, competencies and the role of digital technology. Today’s

healthcare service sector faces several challenges such as increasing costs, poor quality of service in rural

and remote zone, unhealthy competitive environment, limited or non-existent measurements of costs

and outcomes and increasing demand. The outcome and critical observations of their meeting are as

follows:

The existing healthcare service may have a flawed business model based on old legacy information

technology, economics and financial pressure, mechanical HR policy and bad resource allocation

mechanism (e.g. health insurance scheme). The healthcare workforce may be forced to work under

excessive financial and economic pressure.

The healthcare workforce (e.g. consultants, nurses, surgeons, testing, maintenance, registration,

discharge and billing associates, system administrators, IT people) expect a good HR model for

proper talent acquisition and retention, research and innovation, career growth planning, incentives,

reward, recognition and retirement planning scheme. the quality of healthcare service may be

affected seriously if they are forced to work driven by economic and financial pressure, hard target of

revenue and profit, malicious business practice and evil wishes. The society should not accept narrow


and negative outlook, thoughts and policies created by the management scientists, statisticians,

economists, strategists and HR experts.

Fairness and correctness of computation and testing is a critical concern in healthcare

practice. Another important issue of secure multi-party computation is privacy of patient’s data. The

public may be losing trust in existing health insurance products and health care practice due to

dishonest and costly treatment procedure, complicated and fraudulent business rules and statistical

illusions.

Digital technology management is a critical success factor of healthcare service. Case based

reasoning can be a good solution for knowledge management.

Health security should cover each member of a society. Each member should have access to an

extensive set of healthcare services at fair, affordable and reasonable cost. Land is not a problem for

building smart healthcare infrastructure. The critical issues are efficient corporate governance free of

power play and politics, good medical practice and fair resource allocation mechanisms.

Advanced medical science evaluates quality of healthcare service through the outcomes achieved in

the treatment of illness. An increasing expectation of the service consumers and the change of

patient demographics due to aging population threaten to increase healthcare costs and restrict

timely access to patient care services. The aging and retiring skilled healthcare workforce affect

sustainability of the system. The system should utilize its resources and assets rationally and develop

and acquire new talents. Life is a precious asset of human society; it should be saved irrespective of

age, gender and social status.

The chief manager of corporate strategy is trying to convince the CIO about the basic concept of value

based healthcare service model. The basic objective of healthcare service model is to achieve high value

in terms of quality and access to different service offerings, outcome, cost, safety, convenience and

overall satisfaction index of the stakeholders associated with health chain. Outcomes are health results

for a patient’s condition over a healthcare cycle; costs are the total costs of care over the care cycle.

The CIO and the system analysts have informed the CIO that it is not a simple task to compute value in

terms of outcome achieved and cost of treatment for a healthcare system precisely. It is difficult to

quantify the outcome of healthcare service since it is a multi-dimensional parameter and depends on the

perception of the service consumers; it is possible to compute cost of healthcare service approximately

through financial and cost accounting system.

Value is the basic building block of performance improvement in healthcare service. A healthcare service

provider should focus on value, volume, efficiency and operational excellence through process re-

engineering simultaneously. Value is created across different tiers of healthcare chain spanning over a

specific set of services jointly satisfying the basic needs of a patient. The needs of the patients are

related to personal medical problems which may be addressed through proper coordination. For primary


and preventive care, value may be measured for specific patient groups with similar needs. It is created

over full care cycle through efficient supply chain coordination. The patients often require an integrated

unit accountable for total care of a complex medical problem. The patients can perceive value in terms of

sustainable recovery, need for ongoing interventions and reoccurrence of ailment. Value is created

through excellent delivery service, cost control, knowledge management, innovation, fair and correct

medical practices. A healthcare information system may track value of service through an innovative

patient’s feedback and performance scorecard.

Next, the chief manager of strategy has brought the issue of competition in the context of healthcare

service industry. The healthcare service providers are expected to compete based on cost and quality of

services. Such type of competition can result efficiency, effectiveness, operational excellence, reduction of

errors and disruptive innovation. They should be able to improve value in terms of quality of service and

cost. A provider should not only compete in local area but also in regional and national domain to

improve its business performance. They should develop differentiated services and facilities to create

unique value through use of digital technology, knowledge management, supply chain coordination. They

should develop competencies in medical diagnosis, prevention and treatment of specific diseases and

share correct data on the performance of their workforce, operational excellence and infrastructure

publicly through web services. They should get incentives for their specialized skill, operational

excellence, expertise, quality of service and efficiency. The providers should learn continuously and

innovate based on errors and feedback of the service consumers.

The chief manager of strategy has outlined the vision of a value based healthcare system, which should

be built upon a series of core principles. The service provider should clearly define the goal, organization

structure and the role of different stakeholders associated with the health chain. Each actor must

contribute to value. Even, the health plans or insurance providers can contribute rather than acting as

passive actors. The fundamental goal of the healthcare system is to provide timely access to care and

deliver good value for patients through cost control. The system needs an efficient healthcare delivery

model which is capable of controlling cost and improving value through various ways such as

recommending healthy living practice, accurate diagnosis, timely access to services and good

coordination among the workforce. The service should be organized around medical problems of the

patients over the full cycle of care through integrated practice units. The value is increased by the

experience, scale, skill and learning of the workforce through optimal breadth and depth of service

offerings. Many providers offer a broad range of services but the volume of care for any one service is

small. The provider may not be able to provide value for each service due to lack of proper facilities, skill

and knowledge. The provider should design its service lines strategically based on competencies. The

value should be appropriately measured and reported. The incentives should be aligned with value and

innovation should be rewarded.


The business analysts are able to identify the problem, business objectives, constraints and critical

success factors of the healthcare service provider by analyzing vision, mission statement, corporate policy

and annual reports and also through industry analysis. The outcome is listed as follows :

1.2.1 Business objectives

Ensure high quality of service, work culture and administrative efficiency

Efficient time management and resource allocation for optimal capacity utilization

Fast and correct transaction processing for efficient enterprise resource planning and supply chain

management

Develop a highly skilled and innovative workforce through efficient knowledge management

Optimal fund allocation for digital technology portfolio rationalization

Revenue management through fair pricing, corporate social responsibilities and good medical practice

Intelligent HR policy in terms of talent acquisition, retention, incentives, training, career growth and

retirement planning

Building an innovative business model, mechanism and organization structure of the healthcare

service provider

Effective healthcare service model

o Prevention of illness : Early detection, right diagnosis, right treatment to right patient

o Rapid cycle time of diagnosis and treatment

o Treatment : Less invasive treatment methods, fewer complications, fewer mistakes and

repeats in treatment, faster recovery, more complete recovery, greater functionality and less

need for long term care, fewer recurrences and relapses

o Reduced need for visits, slower disease progression, less care induced illness

o Better health is less expensive than poor health

o Better health is the goal, not more treatment

1.2.2 Constraints

Resources (man, machine, material, method, money, land)

Digital technology infrastructure

Skill of experts for complex decision making

Timeline for digital transformation

High cost

Quality of service and

Process efficiency in supply chain coordination

Overcapacity in urban zone and shortage of capacity in rural zone

Large variation in quality across providers

No systematic measurement of outcomes and costs


Difference in QoS between public and private healthcare system

Many incremental reforms with limited impact

1.2.3 Critical Success Factors

Digital technology, an optimal mix of information, communication and biomedical technologies

Fairness, correctness and privacy in secure multi-party computation

Knowledge management

High commitment, cooperative work culture and skill of healthcare consultants and workforce

Supply chain coordination

Streamlined process flows and workflows subject to time and resource constraints

Disruptive innovation

Intelligent human resource management model

Free choice of health plans and providers, universal access to health insurance with a broad

range of services

Extensive network of capable providers

Scalability in excellent and compassionate rural care

The teams have come to a conclusion that the healthcare service provider must deploy an efficient

delivery service model which requires deep insights into the needs of the service consumers, process

flows, mechanisms, protocols and business rules. This innovation can be explored in terms of the

structure of interactions, service boundary, allocation of tasks and resource and delivery locations. The

service consumers and providers require a good coordination mechanism through information and

communication technology. The service provider should be able to optimize the breadth and depth of its

service offering based on competencies and facilities. The system should manage workflow control

subject to time and resource constraints. The outcome of patient care may be affected with the strategic

importance of location of healthcare facilities.

1.3 Process Flow Analysis

Healthcare Chain : The business analysts have shown the architecture of the health chain to the CIO.

Figure 1 shows the complex multi-tier architecture of a healthcare service model: patients (tier 1);

branded and non-branded hospitals, medical surgery centers and physicians (tier 2): healthcare service

providers (HCSP) having service centers and distribution centers (tier 3); distributors, wholesalers and

retailers (tier 4); suppliers, drug manufacturers and medical device manufacturers (tier 5) and carriers

(tier 6). Information and funds flow from tier1 - tier2 - tier3 - tier4 - tier5 - tier6 through the information

system and healthcare products and services flow in the reverse direction. The information is related to

healthcare products, services, providers and consumers. Healthcare supply chain is a network of

organizations that satisfies the demand of the service consumers for healthcare products and services.


The basic objective is to improve the quality of service in patient care by integrating different business

units through systematic coordination of material, information and financial flows. The business and

system analysts intelligent mechanism for the above healthcare service model.

Figure 1: Healthcare Chain

Figure 2 : A typical process flow in a healthcare organization (through swim lane diagram)

Registrationassociate

Consultant

Testingassociate

Supply chain coordinator

Surgeon

Discharge associate

Dispute resolver

Billingassociate

Registration

Consulting

Testing

SCM & QC

Dispute resolution

PaymentBilling

Operation

Discharge

Collect payment in advance


The business analysts have done process flow analysis (Figure 2) and have found out many gaps in

existing healthcare operation and the use of information technology, particularly for rural healthcare

institutes. For example, the existing registration system use spreadsheets without verifying the identity

proof of the patients; the system does not generate any registration card and is not integrated with other

applications. There is no information system used for workflow control and appointment fixing for

consulting and surgery scheduling. The healthcare consultants write prescriptions manually based on

memory and experience without taking the help of any information system. There is no case based

reasoning system for proper knowledge management. The healthcare workforce do not use digital

measuring instruments. The as-is system does not support quality control initiatives of the drugs, medical

devices and healthcare products through any materials management and quality control modules. The

system does not support purchasing, goods receipt, inspection, acceptance or rejection of goods, vendor

control and invoice verification electronically. The testing lab faces various problems such as poor manual

documentation, lack of sufficient number of testing professionals, risk of mixing or swap of test results

and delay in delivery of test reports for emergence cases. The discharge certificate is prepared using

word pressing software; there are evidences of mistakes in event logs and the instructions of medical

administration and follow up are not clear. The data of patient’s help guide is not updated regularly; the

tariffs or service charges as mentioned in the bulletin board do not match with the data used in medical

bills. The payment processing system does not support credit card, e-banking and e-health insurance

facilities due to lack of proper application integration. The billing system does not provide break-up of

total bill amounts and tax computation; just shows summary. No online system is used for getting

patient’s feedback or providing patient’s help guide. In urban hospitals, the healthcare service provide

takes feedback of the patients through survey; but there is risk of incorrect feedback due to various

reasons such as wrong perception, misunderstanding of the tough questions used in the survey or lack of

knowledge or critical observations of the patients and their attendants and the timing of survey.

1. 4. Healthcareflow Mechanism

Digital transformation requires an efficient and intelligent mechanism. The business analysts of the

healthcare organization have developed an intelligent mechanism in terms of a set of agents, inputs,

outputs, strategic moves, protocol, revelation principle, payment function and information system

schema. It is the basic building block of healthcare business model. An efficient mechanism provides

different benefits such as improved customer service, accuracy, ease of processing, increased

productivity, quick access to information, greater geographical reach, better coordination, reduced

transaction costs, rational decision making and efficient knowledge management. But, it has several

constraints and challenges like high cost of computation and communication, information flow, privacy of


data, coordination, economic modeling, pricing strategy, payment, fairness and correctness of service

transactions and behavior of the service consumer and provider.

Agents: Service consumer or patient (C), Service providers (P): workflow (Pw), healthcare (Ph), testing

(Pt), financial service (Pf) and supply chain (Ps), maintenance (Pm), system (Psy) and human resources

(Phr);

Input : Data of C, P, healthcare products, services and pricing plan;

Strategic move: Knowledge management through case based reasoning; decision making using

analytics; biomedical technology management; workflow control subject to time and resource constraints;

verification of fairness, correctness and privacy of data; multi-mode payment function; cooperative

communication protocol; enterprise application integration, life-science supply chain coordination and

rational investment planning for IT portfolio optimization.

Protocol:

1. Registration : Pw call workflow management system → register C through a service contract on fair

healthcare and privacy policy; make a meeting plan for consultation and collects payment in advance. C

approaches P personally or with the help of family members, friends or security workforce.

2. Consulting: Ph call case based reasoning system → do health check-up and diagnosis; recommend

medication and testing.

3. Testing (optional) : Pw make a testing plan for C and sends it to Pt; Pt do testing; send test data to Ph;

Ph call analytics → make decision and recommendations.

4. Supply chain coordination: Ps call ERP-SCM system → do demand and distribution planning by CPFR,

inventory control, sourcing, order management, warehousing and shipping of medicines and medicare

products. C and P should verify the quality, performance and warranty of the biomedical devices while

sourcing the same from local or global vendors.

5. Surgical operations (optional) : Pw make operation plan; Ph perform operation on C. The process having

steps 2-5 may have single or multiple iterations depending on the complexity of the problem of C. C may

take the opinions of more than one healthcare specialists.

6. Receivables management: Pf call ERP system → generate invoice; process payment for C in single or

batch mode.

7. Dispute resolution: C verifies fairness and correctness of all transactions. C and P negotiate and settle

any medical, financial or privacy disputes mutually or with the intervention of a trusted third party.

8. Exit: Pw issues discharge certificate to C. C may exit from the system at any stage by submitting a

bond to Pw. Psy stores data of C in a secure data warehouse.

Revelation principle: Rational data sharing, fairness and correctness of computation, Privacy

preserving data mining through cryptographic and secure multi-party computation protocols, secure data

warehousing;


Payment function: The basic components of the payment function are discriminatory pricing scheme,

incentive, discount, penalty and multimode payment options comprising of free health check-up, health

insurance, corporate mediclaim policy, credit card, direct cash payment and bank loan; Phr process salary

of healthcare workforce.

Information system schema :

computational intelligence : workflow control for time scheduling and resource allocation; case based

reasoning: case retrieval and adaptation mechanism; analytics: data visualization and performance

scorecard; transaction processing for registration, testing, payment and discharge;

communication schema : web (e.g. e-mail, social networking), mobile communication (e.g. wireless

internet), netmeeting and videoconferencing system for virtual patient care and telemedicine;

data schema : data warehouse, data mining, relational database;

application schema : web enabled ERP, business intelligence system, knowledge management system;

Output: healthcareflow plans, transaction documents, business intelligence reports.

1.4.1 Mechanism’s intelligence analysis

In the above mechanism, the cost of communication depends on the interactions between the service

consumer and service provider; the number of negotiation rounds and the frequency of information

sharing among the trading agents associated with the supply chain. It depends on the complexity of

critical patient care and workflow control subject to time and resource constraints. It also depends on

cooperative communication among the healthcare specialists for collaborative information seeking and

knowledge management through videoconferencing and wireless or wired networks. The cost of

computation depends on the complexity of various algorithms associated with workflow control for time

scheduling and resource allocation; case based reasoning; analytics for data warehousing, data mining,

data visualization and performance scorecard and transaction processing for registration, testing,

payment, discharge and supply chain management. It also depends on the complexity of encryption and

decryption algorithm and signcryption to preserve the privacy of data. The cost of signcryption is

relatively less than the cost of signature-then-encryption approach.

An optimal mix of strategic moves provides adequate intelligence to the mechanism (HM) for

improved quality of service.

The mechanism requires a fundamental rethinking and radical redesign of healthcare practice and

infrastructure in terms of technology management, organization structure, operations, marketing,

financial and human resources management. The basic objective of the service provider is to improve the

quality of healthcare service at fair cost by adopting a set of intelligent rational strategic moves such as


case based reasoning, decision making using analytics, workflow control subject to time and resource

constraints, verification of fairness, correctness and privacy of data, multi-mode payment processing

system, cooperative communication protocol for collaborative information seeking, enterprise application

integration and life-science supply chain coordination. The healthcare service agents should use

intelligent information and communication technology schema for workflow control, transaction

processing, complex decision making, knowledge management and improved supply chain coordination.

The next theorems analyze these strategic moves in details. Additionally, the healthcare specialists should

be able to utilize the intelligence of modern biomedical engineering (e.g. bio-sensors, organ

transplantation), bio-inspired artificial intelligence (e.g. robotics in surgical operations), advanced testing

system (e.g. image processing, CT scanner, x-ray and homecare kits) and the innovations in life-science

industry (e.g. drug discovery) for critical patient care.

The mechanism (HM) adopts discriminatory pricing strategy, multi-mode payment options,

efficient ERP and application integration for fairness and correctness in revenue

management and cost control.

The healthcare service provider formulates a discriminatory pricing strategy for different types of service

offerings to ensure good quality of service at reasonable cost. The pricing strategy requires competitive

intelligence to ensure a sustainable business model. The mechanism must ensure fairness and

correctness of computation for the service consumer in testing and financial transactions processing

through the use of intelligent enterprise applications and honest and transparent work culture. A service

provider can optimize profit and revenue through malicious practice like unnecessary testing, operation,

ventilation, error in diagnosis, recommending costly drugs, lucrative incentive policy and incorrect

computation. The mechanism requires the support of efficient regulatory compliance policy and dispute

resolution protocol to resist malpractice and errors. Theorem 4 discusses these issues in details. It is

essential to declare brain death of the patients by the critical care expert, medical super, neurologist and

neurosurgeon before cardiopulmonary death. It saves the cost of unnecessary ventilation. It is also

possible to do transplantation of critical organs of a dying patient (e.g. heart, kidney, lungs, pancreas,

skin) to save the life of other patients. The revenue of the service provider can be optimized in various

fair ways such as regular preventive health check up, scalability, increased number of service offerings

(e.g. yoga, meditation, nutrition, childcare, men and women care, old people care, sports people care,

disabled and physically challenged people care, stress control), strategic pricing, efficient financial

accounting and cost control (e.g. cost of energy and utilities, rational use of communication schema,

intelligent architecture resulting optimal space utilization, reduced wastage of drugs, blood and medicare

products etc.). The primary healthcare centres, district, rural and state general hospitals should have

facilities of medical diagnosis and pathological tests (e.g. TC, DC, ESR, sugar, liver function test, USG, X-


ray etc.) and distribution of common and essential drugs to the poor patients at fair and reasonable cost.

The payment processing system offers multiple options such as health insurance, corporate mediclaim

policy, credit card and direct cash payment. Such a flexible system requires effective enterprise

application integration among multiple organizations like healthcare service provider, vendors, insurance

companies and banks through an web enabled ERP system.

The revelation principle of the healthcareflow mechanism ensures security and privacy of

strategic data through secure data warehousing, privacy preserving data mining and basic

cryptographic tools like encryption, digital signature and signcryption.

The privacy of healthcare information is protected by various regulations that apply to healthcare plans

and electronic healthcare information in financial and administrative transactions. The healthcare

organizations are known as covered entities in the regulation. The regulation protects healthcare

information only if it is identifiable and created or received by a covered entity. The healthcare service

provider, health insurance provider and other healthcare professionals jointly maintain the privacy of

medical data of the service consumers or patients. The mechanism requires a trusted computing

environment. The primary objective of e-health is to increase the flow of healthcare products and

information so that the patients can get right treatment in time. The participation of healthcare

professionals and healthcare institutes in patient care should be nonrepudiable. A good e-patient care

system is essential for global healthcare outsourcing business model where no direct patient interaction is

involved. For example, there is shortage of medical experts for healthcare firm 1 at location A; the firm 1

uses an outsourcing business model. There are skilled medical experts in another healthcare firm 2 at

location B. The files of x-rays, CT scans, MRI and other test reports of the patients of firm 1 are uploaded

at the e-patient care system. The medical experts of firm 2 study the uploaded reports and perform the

diagnosis. The critical success factors of this practice are strict regulatory compliance, liability, privacy

and high quality medical practice, good outsourcing infrastructure, low cost base and proper utilization of

time zone difference. E-patient care is particularly useful for rural healthcare at remote locations. In this

patient care model, signcryption ensures confidentiality, message integrity and non-repudiation of

transmitted data. A real-time service oriented architecture can support critical patient care locally and

remotely through secure transmission of medical data stream. Here, data management is a critical issue

since the patients are attached with electronic sensors and life-support devices and these instruments

transmit real-time data to the service provider through authenticated communication channel. Access

control, security, privacy and trust are prominent issues of advanced patient care while the patient is

located at home or another medical facility.

The mechanism should ensure confidentiality, integrity and availability of data in real-time information

exchange among various tiers of healthcare supply chain. It is required to protect the confidential


information in storage and transmission. The information created and stored by the healthcare service

provider needs to be available to authorized entities in a timely manner. The confidentiality of data may

be affected by snooping i.e. unauthorized access or interception of data. The integrity of data can be

threatened by modification, masquerading, replaying and repudiation. Another critical issue is denial of

service which can threaten availability of data in time. The mechanism should protect the healthcare

information system from all these malicious attacks for better business continuity and improved customer

service. Privacy is required to maintain the competitiveness and reputation in e-healthcare and to avoid

the bias of trading agents. But, absolute privacy may result loss in e-transactions due to increased

transaction costs, lack of reputation, loss of coordination and relationship. Similarly, absolute anonymity

may cause serious flaws in regulatory compliance of the healthcare business.

The mechanism must address correct identification, authentication, authorization, privacy and audit for

each e-transaction. For any secure service, the system should ask the identity and authentication of one

or more agents involved in a communication. The agents of the same trust zone may skip authentication

but it is essential for all sensitive communication across different trust boundaries. After the identification

and authentication, a service should address the issue of authorization. The system should be configured

in such a way that an unauthorized agent cannot perform any task out of his scope. The system should

ask the credentials of the requester; validate the credentials and authorize the user to perform a specific

task. Each trading agent should be assigned an explicit set of access rights according to the assigned

role. Privacy is another important issue. A trading agent can view only the information according to his

authorized access rights. Finally, the system should audit each transaction, what has happened after the

execution of a specific service transaction. Secure communication is a critical issue of service oriented

computing model. The basic objective is to provide confidentiality, data integrity, authentication and non-

repudiation in the communication of sensitive data. Cryptography ensures privacy and secrecy of

sensitive data through encryption, digital signature and signcryption.

The mechanism should ensure confidentiality, integrity and availability of data in real-time information

exchange among various tiers of healthcare supply chain. It is required to protect the confidential

information in storage and transmission. The information created and stored by the healthcare service

provider needs to be available to authorized entities in a timely manner. The confidentiality of data may

be affected by snooping i.e. unauthorized access or interception of data. The integrity of data can be

threatened by modification, masquerading, replaying and repudiation. Another critical issue is denial of

service which can threaten availability of data in time. The mechanism should protect the healthcare

information system from all these malicious attacks for better business continuity and improved customer

service. Privacy is required to maintain the competitiveness and reputation in e-healthcare and to avoid

the bias of trading agents. But, absolute privacy may result loss in e-transactions due to increased

transaction costs, lack of reputation, loss of coordination and relationship. Similarly, absolute anonymity

may cause serious flaws in regulatory compliance of the healthcare business.


The CIO and system analysts have been trying to fix the positioning strategy of the healthcare service

provider. The existing business model is acting as a beginner; the healthcare workforces are using e-mail,

internet and tradition softwares (e.g. word processors, spreadsheets). But, they lack experience with

emerging digital technologies. Now, the CIO has to decide whether the healthcare service provider should

adopt a conservative, fasionista or digrati approach. A conservative firm may struggle to adopt new

emerging digital technology though its management has a vision and effective structures to govern DT. A

fashionista firm is very aggressive in adopting new technologies, but may not have proper coordination

mechanisms or vision of DT. The CIO has selected Digirati approach which shares a clear vision of DT,

optimal investment in emerging digital technologies timely and managing the DT portfolio effectively to

gain the most value from digital transformation.


Chapter 2 : Application Schema

An efficient healthcare information system integrates various enterprise applications while maintaining

individual autonomy and self-governance. The system should support confidentiality, message integrity,

non-repudiation, auditing and availability of service in time. The system should support sharing of data in

a collaborative business environment wherein a group of trading agents can exchange strategic business

information maintaining the privacy of critical data. Increased organizational agility is required for the

cooperation of adaptive enterprises. Information technology can improve the quality of service and

reduce cost in healthcare services. The demand for critical patient care is growing. But, many small rural

healthcare centers are facing problems to develop and maintain a costly IT infrastructure. This forces

those healthcare centers to search for innovative IT platform. E-health is a promising IT platform of

healthcare services.

The concept of e-health is promising; still there are lots of challenges. Many healthcare service providers

are reluctant to adopt or migrate to web enabled systems due to various reasons. One of the major

threats is security and privacy of data. Threat of Electronic Data Interchange [EDI] is another critical

issue. EDI is the electronic exchange of business information in a standard format among the trading

agents. Many healthcare service providers are still managing their business operations using EDI and FTP

protocols. They believe that EDI is a reliable robust system which can ensure the security and privacy of

data. But, EDI has several limitations. The major limitation is the investment in the initial set-up and the

high cost of implementation, customization and training. In healthcare business, the supply chain

network of a healthcare service provider grows periodically. New trading partners get added to the

existing supply chain architecture which become complex gradually. The cost of communication and

adoption of EDI technology is relatively high as compared to web enabled system.

This section presents a case of the application schema of a complex healthcare organization (P). The

healthcare service provider would like to maximize the business value from the investments in

information, communication and biomedical technologies. The provider has decided to manage digital

technology as a portfolio of assets similar to a financial portfolio; the primary objective is to improve the

performance of the portfolio by balancing risk and return. The chief information officer (CIO) of the

organization would like to align digital technology with the business strategy of the organization through

an effective IT portfolio management practice and an optimal mix of enterprise solutions or applications.

The top management has asked the CIO some fundamental questions:

What is the IT portfolio essential for the digital transformation of the healthcare organization (P)?

Does it require efficient enterprise application integration?

What are the inputs, outputs, process flow logic, protocol and mechanism essential for each

application?


How can the service provider use information and communication technology for effective and

intelligent decision making, transaction processing and knowledge management ?

How can the service provider use analytics and business intelligence system effectively for corporate

strategy formulation?

Does digital transformation require the intelligence of biomedical engineering from the perspective of

image processing, human computer interaction (HCI), and sensors for e-health and m-health service?

2.1 Digital Technology (DT) Portfolio Rationalization

Figure 3 : Digital Technology Portfolio for Healthcare System

Digital Transformation requires efficient enterprise application integration among DSS, ERP,

SCM, BI, WFMS and KMS and biomedical systems for improved quality of service,

coordination and resource utilization.

The CIO has consulted with the business analysts of the healthcare organization and they have jointly

designed an IT portfolio for the digital transformation of the complex business model of P (Figure). The

complexity of application schema depends on the architecture of healthcare chain, breadth and depth of

DT Portfolio

DSS ERP Biomedical BIKMS

Registration

Consulting

Testing

Discharge

Billing & payment

Surgery

FI-CO, MM,HR

SD, PLM

Workflow management

Project management

Supply chain management

Maintenance

K-creationCoE

K-storageDigital library

K-sharingby cloud

Perception

Case based reasoning

K-applicationdiagnosis

Analytics

Data warehousing

Data mining

Social Networking

Data visualization

Performancescorecard

Image processing

HCI

Digital measuring instrumentation

E-healthcloud

M-health

Sensors


service offering, scalability and the complexity of process flows. A simple healthcare service model may

require only a transaction processing system having patient registration, billing and payment processing

modules. But, the complex healthcare model P requires an optimal mix of decision support system (DSS),

enterprise resource planning (ERP), knowledge management system (KMS), business intelligence (BI)

and intelligent biomedical system. An web service oriented architecture can integrate multiple enterprise

applications properly to ensure improved coordination among different functional units of the healthcare

service provider. Efficient enterprise application integration is useful for payment processing, financial and

cost accounting, workflow control and supply chain coordination.

The CIO was analyzing each branch of the decision tree as shown in figure. A simple decision support

system should have workflow control, registration, consulting, testing, surgery scheduling, billing,

discharge and conference meeting modules. The business intelligence system should have data

warehousing, analytics, data visualization, data mining and performance measurement modules. The

healthcare specialists require intelligent test report analysis based on time series data, graphical

presentation and performance scorecard. The knowledge management system should support creation,

storage (e.g. digital library, CoE), sharing and application of knowledge through case based reasoning

and perception. Case based reasoning offers different types of benefits to a healthcare KMS. Knowledge

acquisition task becomes simple; the decision making agents can avoid repetiting mistakes made in the

past. They can reason incomplete or imprecise data; they can explore a new domain efficiently. They can

avoid repetition of all the steps that need to be taken to arrive at a solution. The recommender system

can learn over time as it encounters more situations and create more solutions. The case based

reasoning mechanism can be used in different ways to a broad range of domains. The CIO has also

considered some other important applications such as enterprise resource planning (ERP), supply chain

management (SCM), information security, videoconferencing, netmeeting, telemedicine and regulatory

compliance.

2.2. Healthcare Information System : Primary Modules

A decision support system (DSS) is an interactive, flexible and adaptable computer based information

system specially developed for supporting the solution of a non-structured, semi-structured or structured

problem for improved decision making. It uses data, provides easy user interface and can provide

decision maker’s own insights. In addition, a DSS may use interactive models and may include a

knowledge component. The business analysts have done process flow analysis and requirements

engineering of the healthcare information systems and have recommended a set of essential deliverables

of HIS to the CIO. The output of the basic modules of HIS include registration card, appointment slip and

medical prescription for consulting, surgery schedule, quality control certificate, test report, discharge


certificate, bill and payment, online feedback form and patient’s help guide. The analysts have outlined

the inputs to each module, outputs of HIS, process flow logic, protocol and complexities of each

deliverable or output. This exercise gives the basic overview of data and computing schema essential for

digital transformation. Sequential process flows are suitable for normal case, parallel process flows are

suitable for emergency cases. But, the system should check and complete each task correctly.

2.1 Registration Card

Agents: Registration associate (R), Healthcare service consumer (C);

Input : Name of patient, address, contact phone number, e-mail id, medical problems : symptoms,

medicine consumed (if any), case history, drug allergy;

Protocol :

1. The patient or the attendant of the patient fills registration form. R checks voter ID card/

passport / ration card / aadhar card/ PAN card for correct identification of the patient.

2. R enters the patient data into the system and generates registration card with registration

number and healthcareflow chart and allocate resources.

Output: Registration card [registration no., date of issue, patient’s name, age, gender, bar code,

consulting hours, address, logo]; patient’s flow chart [registration no., patient’s name, serial no., date,

process, signature]

2.2.1 Appointment Slip for Consulting

Agents : Appointment scheduler (A), Healthcare service consumer (C);

Input: Name of patient, Address, Contact phone number, E-mail id, Medical problem;

Protocol :

1. C submits registration card and medical documents to A.

2. A enters the patient’s data into the system; searches for empty slot as per availability of

consultant; fixes time and date through negotiation with patient, reserves slot and generates

appointment slip based on availability of consultant and First-In-First-Out (FIFO) queuing rule.

3. A manages exception rationally based on the critical and complex nature of a case and

emergency.

Output : Appointment slip [registration no., patient’s name, age, gender, appointment no. and date,

date of appointment, consultant, healthcare service: specialist and treatment, consulting charges,

location, remarks, issued by]

2.2.2 Prescription by Consultant

Agents : Healthcare consultant or Doctor (P), Healthcare service consumer (C);

Input : Registration card; Patient’s flow chart;


Protocol :

1. C produces registration card to P.

2. P checks case history and test reports of C; verifies health conditions of C; calls case based

reasoning system.

3. D generates prescription from HIS and gives to C.

Output : Prescription [ Registration no., name of patient, age, gender, location, consultant’s name, date

and time; Diagnosis : medical problem, case history, measurements : weight, blood pressure, body

temperature, pulse rate; medicine prescribed : serial no., medicine name, form, dose, frequency,

duration, quantity, from, to, remarks; special instructions: testing, surgical operations, next appointment

: consultant, location, time ]

2.2 Surgery Schedule

Agents: Scheduling associate of surgery scheduling center (S), Healthcare service consumer (C);

Input: Registration card, patient’s flow chart, consultant’s prescription;

Protocol :

1. C submits registration card and medical documents to S.

2. S enters the patient’s registration no. into HIS; searches for empty slot as per availability of

operation theater and surgeons.

3. S negotiates with C on technical and commercial issues of various options: technical specification

of medical device to be implanted, make, features, surgical operation procedure and tariff;

4. S fixes time and date of surgical operation through negotiation with patient, reserves slot and

generates surgery schedule based on availability of surgeons and First-In-First-Out (FIFO)

queuing rule. S manages exception rationally based on the critical and complex nature of a case

and emergency.

Output : Surgery schedule [ Report id, user id, date and time; registration no. of patient, patient’s name,

age, gender, surgery advised, organ, name of surgeon, list of pre-operative medical tests and charges,

advance to be deposited for surgical operation, admission date, surgery scheduled date and time,

reporting location / unit, anticipated duration of stay, pre-operative treatment : drugs, instructions of use,

remarks : emergency contact];

2.4.1 Quality Control Certificate

Agents: Healthcare service consumer or patient (C), healthcare service provider (P), Quality control

associate (Q), vendor or supplier (V);

Input : Registration ID of patient, Purchase order no. of medical device or drug;

Protocol :

1. C gets admitted to the hospital; the surgeon or doctor consults with C.


2. P issues RFQ (request for quotation) to the vendors.

3. The vendors submit bids or quotations.

4. C and doctor jointly select the best bid subject to financial and quality constraints and C signs

device consent form.

5. P issues purchase order to V.

6. V supplies the medical devices or drugs with invoice. P makes goods receipt note (GRN) in the

system with reference to purchase order.

7. Q inspects the model, technical specification, manufacturing date, import history, valid warranty

period, test certificate, manual, programming performance and invoice in presence of the patient

or his attendant and accepts or rejects the device. The basic objective is to procure the best and

latest model.

8. If there is a three way match between purchase order, GRN and invoice; C gives payment to V

by cheque or credit card. The vendor issues receipt of cheque.

9. The device gets installed; the performance is monitored for a specific duration. If there is any

problem in device’s performance; V is recalled and the device get rejected and replaced through

issuing rejection memo. The packets of the devices or equipments should be collected by C for

future reference.

10. V gives final receipt to C and a copy to P.

Output : QC test certificate [Purchase order reference, Device : make, serial no., date of manufacturing,

warranty period; quantity, delivery date, GRN no., invoice no. and date]

The quality, performance and product life cycle management of biomedical devices and sensors is an

important issue in today’s healthcare service. The healthcare service provider and consumer should be

cautious of these issues while sourcing medical devices through local or global vendors. Quality control is

an important function to resist the flow of fake products in grey market of biomedical devices. The

patients may face the risk of buying old models of biomedical devices at high price. They may be

deprived of features and benefits of new models. It is basically a problem of product life-cyle

management. Many devices are imported from foreign countries a long time back; the selling agents

may try to clear old stock at high price. The quality control and invoice processing systems should verify

the make, date of manufacturing and warranty period carefully.

2.4.2 Medical Test Report

Agents : Healthcare service provider: Testing associate (T), Healthcare service consumer (C);

Input: Registration card, consultant’s prescriptions;

Protocol :


1. C shows registration card and consultant’s prescription or surgery schedule to T. T generates

testing bill; collects payment from C and gives receipt; collects test sample of C.

2. T enters test results into HIS.

3. C shows receipt to T; T gives test reports to C.

Output : Test report [ Report id, report date, request no., location, Referred by, package, specimen,

date and time of collection, result date, Test : type, test parameters, results, unit, biological reference

interval, method of testing, remarks / opinion / conclusion from test results, verified by, authorized by]

2.3 Discharge Certificate

Agents : Discharge associate (D), Healthcare service consumer (C);

Input : Registration card; Patient’s flow chart;

Protocol : C produces registration card to D. D generates discharge certificate and gives to C.

Output : Discharge certificate [ Registration no., name of patient, age, gender, location, user, date and

time; discharge summary : medical problem, reason for admission, date of surgery, operative procedure;

details of hospital stay : event during hospitalization, medication administered during hospitalization,

investigation, condition at discharge, date of discharge; Advice on discharge : serial no., medicine, form,

dose, frequency, duration, quantity, from, to, remarks; special instruction, next appointment : consultant,

location, time]

2.4 Bill and Payment Receipt

Agents: Healthcare billing associate (B), Healthcare service consumer (C);

Input : Registration card; patient’s flow chart; discharge certificate;

Protocol :

1. C produces registration card, patient’s flow chart and discharge certificate to B.

2. B generates medical bill or invoice.

3. D checks the correctness of computation and pays through cash or credit card or demand draft.

4. B generates receipt and gives to C.

Output : Discharge bill [ Patient details : registration no., name of patient, age, gender; Billing: bill no.,

service tax registration no., admission date, discharge date, location, user, date and time, serial no.,

service description, tariff, total bill amount, advance paid, patient’s due or refund; digital signature or

stamp; consolidated bill break up details : anesthesia charges, bed / stay / ambulatory service charges,

drug, non-medical items, OT store items, others, surgery charges, theatre charges]


2.5 Online Feedback Form

Agents : Patient care associate (P), Healthcare service consumer (C);

Input: Feedback form [Business functions, units, performance metrics, rating scale, questionnaires,

suggestions, patient’s information: registration no., name, phone no., e-mail id];

Protocol :

1. The patient or the attendant of the patient fills data in feedback form based on perception.

2. The system accepts data and generates feedback number.

Output : Feedback acceptance confirmation with feedback number

Critical success factors: open feedback; rational, logical and analytical thinking; understanding of the

patient on performance metrics and questions.

2.6 Patient’s Help Guide

Agents : Healthcare helpdesk associate (H), Healthcare service consumer (C);

Input : Registration card; Consulting doctor’s prescription, Patient’s flow chart;

Protocol : C produces registration card to H. H provides patient help guide, general instruction chart and

medical problem information sheet to C.

Output : Patient help guide [Location of facilities, contact phone number, e-mail, rules, service offerings,

list of consultants, tariff or service charges, patient’s rights and responsibilities]; Patient information guide

[ Medical problem, biological information, causes of problems, symptoms, treatment procedure, general

patient queries, post treatment problems]

3. Enterprise Resource Planning (ERP)

Agents : Healthcare service provider (P);

Input: Master data schema - human resource, material, healthcare service, vendor and service

consumer or patient, business rules, organization structure;

Protocol :

1. Deploy an optimal mix of ERP and SCM system modules through scope analysis, business process

re-engineering, selection of appropriate hardware, networking schema and package, master data

configuration, customization of applications, data migration and testing, training, system

monitoring and performance optimization.

2. Call ERP system : FI-CO, MM, HR, maintenance, project management and SD (optional);

3. Call SCM system :

a. Planning : demand, inventory, distribution, capacity;

b. Collaboration : sourcing, CPFR;


c. Execution: warehousing, transportation, order management and reverse logistics;

Output : Transaction processing, intelligent reports for decision making.

The business analysts have also done the requirements engineering of enterprise resource planning and

supply chain management system. The CIO would like to present these requirements to the top

management to streamline various business processes associated with the healthcare supply chain. A

supply chain is a network of organizations that satisfies the demand of ultimate customers by producing

values in the form of products and services. Supply chain management (SCM) is a novel management

paradigm; the basic objective is to improve the competitiveness of the supply chain and to fulfill ultimate

customer demands by integrating a network of organizational units through systematic coordination of

material, information and financial flows. A supply chain includes all the stages involved directly or

indirectly in a business process such as suppliers, manufacturers, distributors, retailers, healthcare service

providers and patients. Each stage performs different processes and interacts with other stages of the

supply chain; there is a flow of material, information and funds between different stages. The ultimate

objective is to maximize the value, which is measured in terms of the difference between revenue

generated from the customer and. the overall cost across the supply chain. Enterprise Resource Planning

(ERP) is a cross-functional enterprise backbone that integrates and automates many internal business

processes and information systems within the sales and distribution, production, logistics, accounting and

human resource functions of an enterprise. These have evolved considerably over fifty years as a result

of continuous improvements in business management and the development of information and

communication technologies. ERP system tries to integrate and synchronize isolated functions into

streamlined business processes. The healthcare service provider may get different types of benefits in

terms of streamlined business processes, best practices, flexible, configurable organizational structure

can be implemented in modules, global capabilities, multi-currency support and local language support.

The critical issues are consulting and implementation skill of ERP and SCM systems and version

upgradation problems.

The ERP system of healthcare service provider should have material management (MM), finance and cost

control (FICO), human resource (HR) management, maintenance and project management modules.

FICO module should be used for financial accounting, cost control, revenue management, tax

computation, budget planning and investment management for various projects. MM module should be

used for e-procurement, tendering, purchasing, inventory control, materials requirement planning (MRP),

contract negotiation, vendor selection, spend analysis, vendor rating, receiving and inspection of

healthcare products for warehousing, quality control and invoice processing. Sales and distribution (SD)

module may be used for distribution planning, order management, pricing and receivables management.

Another important module is project management which can be used for project planning, resource


allocation and monitoring functions. Maintenance module may be used for periodic and preventive

maintenance scheduling, service contracts management and spare parts management related to the

maintenance of information and communication system, biomedical instruments, civil, mechanical and

electrical infrastructure.

Web enabled ERP HR module can be effectively used for human resource management through HR

master data schema for various functions such as human resource planning (e.g. job design, organization

structure modeling), HR strategy and policy formulation (e.g. pay package, incentive, allowance, reward

like performance based bonus, provident fund and pension), efficient talent acquisition (e.g. interview

scheduling, selection, testing and recruitment), talent retention (e.g. career growth planning), HR

development (e.g. training, research and innovation), personal administration (e.g. time management,

leave management, salary processing, performance management, promotion and reward distribution,

360 degree feedback, retirement planning), outsourcing (e.g. contracts negotiation with service

providers) and employee relationship management (e.g. trade unions, negotiation, corporate culture and

communication).

An extended ERP system may be used for supply chain management (SCM). The SCM system may have

planning, collaboration and execution modules. The SCM planning module may be used for demand

planning, inventory control, distribution and capacity planning. The collaboration module may be used for

strategic sourcing and CPFR. Collaborative planning, forecasting and replenishment (CPFR) is a strategic

tool for comprehensive value chain management of a healthcare organization. This is an initiative among

all the stakeholders of the healthcare supply chain in order to improve their relationship through jointly

managed planning, process and shared information using web service. The ultimate goal is to improve a

firm’s position in the competitive market and the optimization of its own value chain in terms of optimal

inventory, improved sales, higher precision of forecast, reduced cost and improved reaction time to

customer demands. The execution module may be used for warehousing, transportation management,

reverse logistics or returns management and product life-cycle management.

2.3 Knowledge Management System (KMS)

Agents : Healthcare service provider (P);

Input : cases, globally best healthcare practice: diagnosis, surgery, drugs;

System: data warehouse, web enabled collaboration platform, intranet, extranet, e-mail, knowledge

based system (e.g. expert system), groupware, videoconferencing, medical bulletin board;

KM Mechanism:

1. Knowledge creation through socialization, externalization, internalization and combination;


2. Knowledge storage in organization memory (e.g. case base, digital library, e-books, e-papers, e-

journals, e- magazines and e-technical reports);

3. Knowledge sharing or transfer through meeting, seminar, workshop, conference and training

programs;

4. Knowledge application to support innovaton, research and development and new problem

solving;

5. Case based reasoning

6. Perception

Output : digital library, centre of excellence (CoE), case base, innovation model (K-A-B-C-D-E-T-F).

Digital transformation ensures creation, storage, transfer and application of knowledge

effectively in a healthcare organization.

The innovation cells of healthcare organization have met with the CIO, CEO, CFO and business analysts

and have analyzed various critical issues of knowledge management. They have discussed about the

need of a medical digital library which should store structural data (e.g. patient lab results and

demographic studies), multimedia data (e.g. MRI images) and free-text documents (e.g. patient reports,

medical literature, teaching files and news articles). The digital library requires efficient information

retrieval algorithms and data processing techniques to support quality decision making from a large pool

of data and to help overcoming human cognitive constraints. Medical data are often available in free text

form and the doctors require scenario specific retrieval. For example, a doctor would like to get the

output of two specific queries: (1) diagnosis scenario: diagnosis of pancreatic cancer from patient reports

and (2) treatment scenario: treatment of pancreatic cancer from the collection of medical literature.

Specific complex queries may not be processed by traditional information retrieval systems due to various

reasons such lack of indexing for representing synonyms, phrase and similar concepts in free text,

ranking the similarity of the content within the document with the query term and a method to resolve

the mismatch of the term in the query with that in the document. Medical information knowledge and

healthcare data grow at explosive rates. The basic objective of the knowledge management system is to

provide correct information from the data warehouse or case base for intelligent decision making and

improved quality of patient care.

The research, development and innovation cell have discussed on different aspects of knowledge

management and the role of information and communication technology in KM with the business analysts

and CIO. They have jointly explored knowledge management mechanisms and the related information

sytem. They feel that a knowledge management cell should be formed and it should be responsible for

defining knowledge, reengineering of KM processes and design of KMS architecture. Knowledge and

knowledge management are complex and multi-faceted abstract concepts, justified true belief. Data is


raw numbers and facts, information is processed data and knowledge is personalized authenticated

information related to facts, procedures, concepts, interpretations, ideas, observations and judgments.

Knowledge management cell focuses on exposing the workforce to potentially useful information and

facilitating assimilation of information. KMS applies information and communication technology for

knowledge management. Knowledge is considered as a significant organizational resource; the objective

of KMS is to support creation, transfer and application of knowledge in the healthcare organization. This

knowledge is embedded in and carried through multiple entities including organization culture and

identity, routines, policies, systems, documents and workforce. According to the knowledge-based view

of a firm, these knowledge assets can produce long-term sustainable competitive advantages of the

healthcare service provider.

Organizational knowledge creation involves developing new content or replacing existing content within

the knowledge base of healthcare service provider. Knowledge is created, shared, amplified, enlarged

and justified in organizational settings through social and collaborative process and individual’s cognitive

process. Knowledge may be tacit and explicit. Tacit knowledge is rooted in actions, experience, mental

models (mental map, belief, paradigm) and individual belief on cause-effect relationships. Technical tacit

knowledge is the know-how applicable to specific task such as surgery skill. The explicit dimension of

knowledge is articulated and generalized knowledge such as knowledge of medicine and healthcare

practice.

In a healthcare organization, knowledge creation can occur through socialization, externalization,

internalization and combination. Socialization is the process that transfers tacit knowledge in one person

to that in another person. It is experiential, active and knowledge extracted from internal and external

environment of the organization. Socialization is primarily a process between individuals. Externalization

is the process for making tacit knowledge explicit. One case is the articulation of one’s own tacit

knowledge like ideas or images in words, metaphors, and analogies. A second case is eliciting and

translating the tacit knowledge of others. Dialogue is an important means for both. During such face-to-

face communication people share beliefs and learn how to better articulate their thinking, though

instantaneous feedback and the simultaneous exchange of ideas. Externalization is a process among

individuals within a group. Once knowledge is explicit, it can be transferred as explicit knowledge through

a process called combination by using information and communication technology. Combination allows

knowledge transfer among groups across organizations. Internalization is the process of understanding

and absorbing explicit knowledge into tacit knowledge held by the individual. Knowledge in the tacit form

is actionable by the owner. Internalization is largely experiential in order to actualize concepts and

methods, either through the actual doing or through simulations. The internalization process transfers

organization and group explicit knowledge to the individual.

Knowledge management of healthcare service provider involves various patterns of knowledge

manipulation activities such as acquire, selection, internalize and use. Acquiring knowledge is the


identification of knowledge in the organization’s environment so that it can be internalized and used

within an organization. Knowledge selection is the activity of identifying needed knowledge within

existing knowledge resources and providing it in an appropriate representation to an activity that need it.

In a pull system, knowledge selection is triggered by a request received from a knowledge seeker. In a

push system, knowledge selection is triggered by prespecified automatic alert criteria without explicit

request from knowledge seeker. Selection involves identify, capture, organize and transfer of knowledge

through proper channels. In push based system, identification of appropriate knowledge is more active

than in pull based system. Triggering from knowledge seeker activates identification function, which

involves locating the knowledge resource, accessing knowledge quality, valuing parameters for selecting

knowledge and filtering. Capturing involves retrieval of knowledge from identified knowledge sources or

coordinated collection of knowledge from multiple resources. Once knowledge has been captured, it may

be necessary or useful to organize it prior to transfer to the knowledge seeker. Organizing captured

knowledge involves interpreting, refining, assembling, transforming and rearranging. Transfer includes

channel identification, choice of the most reliable channel, scheduling and sending. Thus, captured

knowledge is transferred to one or more knowledge seekers. Internalizing alters organizational

knowledge sources based on acquired, selected or generalized knowledge. It receives knowledge flows

from these activities and produce knowledge flows that impacts organization state of knowledge. Using

knowledge is the activity of applying existing knowledge and / or producing an externalization of

knowledge.

Organization memory system is a significant part of an organization’s knowledge resides in the minds of

the workforce. However, in the current organizational environment where downsizing, reengineering,

restructuring and high rates of organizational turnover are common, enterprises are beginning to find

that it is easy to loose a vital element of their intellectual property i.e. corporate knowledge. While

organization create knowledge and learn, they also forget. In other words, organizations are beginning to

recognise that they can suffer a failure of their collective corporate memory. Unsurprisingly, one solution

that is put forward to this problem is that of an organizational memory system. The storage, organisation

and retrieval of organizational knowledge is known as organizational memory. An organizational memory

system enables the integration of dispersed and unstructured organizational knowledge by enhancing its

access, dissemination and reuse among an organization’s members and information systems. From the

view of information technology, organizational memory means a comprehensive computer system, which

captures a company’s accumulated know-how, business activities, the related core competencies, and

other forms of knowledge assets and makes them available to enhance the efficiency of knowledge

intensive work processes. Thus, knowledge from the past experience and events influence present

organizational activities. Organisational memory includes knowledge residing in various component forms

including written documentation, structured information stored in electronic databases, codified human

knowledge stored in expert system, documented organizational procedures and processes and tacit


knowledge acquired by individuals and network of individuals. Organizational memory has both positive

and negative effects. The positive effects include standardization of business process, organizational

change management and reuse of resources avoiding waste of time and cost. The negative effects

include organizational memory may cause decision making bias, lack of innovation and creativity. It may

lead to stable consistent organizational culture which may be resistant to change.

Knowledge transfer occurs at various levels: transfer of knowledge between individuals, transfer of

knowledge from individuals to explicit sources, transfer of knowledge from individuals to groups, transfer

of knowledge between or across groups and transfer of knowledge from a group to the whole

organization. The effectiveness of knowledge transfer depends on type of knowledge, perception and

motivation of sources and receivers and the quality of transmission channel. Knowledge transfer channels

can be classified into four categories. Informal transfer channels are unscheduled meeting or gossip

during break or informal seminar may be very effective for knowledge transfer in small firms. Formal

transfer channels are seminars, corporate training programmes which ensure greater distribution of

knowledge but may affect creativity and innovativeness, Personal transfer channels are job rotation

among various groups/departments/divisions, apprenticeships and Impersonal transfer channels are

knowledge management repositories.

Source of competitive advantages resides in the application of knowledge rather than in the knowledge

itself. There are three primary mechanisms for the integration of knowledge to create organizational

capability. Directives are the set of rules, standards or instructions derived through tacit knowledge of

experts in a healthcare organization. Directives should be communicated to non-specialists for improving

their productivity. Organizational routine refers to interaction protocols and process standards that allow

individuals to apply their specialized knowledge without sharing the same to others. Self-contained task

teams are formed to solve problems ignoring directives and organization routines. Knowledge discovery is

a process that attempts to identify and interpret patterns in information that are important to perform

some task. Knowledge discovery system adds value to information by making it more accessible,

tractable and usable. The information is more accessible because improved search engines allow

knowledge discovery systems to collect pertinent information from rapidly growing databases. The

information is more tractable as the information can be displayed at the right time in a workflow or in

higher density using data visualization techniques. The information is more usable as discovered rules or

constraints can be more tightly integrated into collaborative network system.

A KMS can possess six types of knowledge in a healthcare organization: descriptive, procedural,

reasoning, linguistic, presentation and assimilative. A KMS can manage i.e. acquire, store, process and

eliminate any and all of these six types of knowledge. Descriptive knowledge or data is information about

past, present, future and hypothetical states of relevance to a decision making situation - it is concerned

with knowing what. Procedural knowledge is knowing how and specifies step-by-step procedures for

accomplishing tasks. Reasoning knowledge specifies what conclusions are valid under what


circumstances: knowing why. Presentation knowledge facilitates communication from one entity to

another. Linguistic knowledge helps in interpreting communication received. Assimilative knowledge helps

maintain a knowledge base. Knowledge based DSS can be classified into four categories: Symbiotic DSS

(SDSS), Expert DSS (EDSS), Holistic DSS (HDSS) and Adaptive DSS (ADSS).

2.4 Business Intelligence (BI) System

Agents : Analysts, Healthcare service provider (P);

Problem : Intelligent decision making in complex and rapidly changing business environment;

Business objectives: organize, automate, monitor and analyze different business processes, metrics

and systems to improve overall corporate performance; discovery of hidden intelligence from large pool

of data;

BI system components: data warehouse, data mining, web mining, performance scorecard, analytics,

data visualization techniques;

Input: Transactional data associated with registration, consulting, testing, surgery, discharge, billing and

payment processing, supply chain management, project management, maintenance;

Strategic moves:

1. Strategize : Where does P want to go?

2. Plan : How does P get there?

3. Monitor: What is P doing to achieve specific business objectives subject to different constraints?

4. Act and adjust : What does P need to do differently?

5. Call balance scorecard or six sigma or dash board or business activity monitoring; use analytics in

medical testing through intelligent data visualization techniques.

6. Competencies : data governance, analytical tools and skills and data oriented culture;

Algorithm:

1. Identify a set of functions and critical performance metrics or parameters for each function.

Define a or a set of simple questions related to each performance metric with weight.

2. Select a simple rating scale for each performance metric: [e.g. 1-5; Excellent (5), Good(4),

neither good nor bad (3), Fair (2), Poor (1)]

3. Identify a group of innovative, skilled, knowledgeable and experienced raters; the raters should

observe the systems and give rating to various performance parameters independently and

freely through a true, unbiased feedback system. Compute aggregate score.

4. The raters should analyze as-is system, find out gap and design to-be systems through logical

suggestions and recommendations.

Output: Performance scorecard, alert, dash board, knowledge discovery from data, test reports;


The CIO scheduled an workshop to explore the scope of business intelligence system and analytics for

digital transformation of the healthcare organization. The business analysts, system administrator, CEO,

CFO and the analytics consultants were invited to the workshop. The CIO fixed a set of critical agenda for

the discussion in the workshop. Why should the healthcare service provider use analytics? What are the

areas of focus? What are the competencies and capabilities essential for analytics? What are the risks,

complexities, challenges and best practices?

Descriptive, predictive and prescriptive analytics perform intelligent data analysis through applied

statistics, data mining algorithms and quantitative models for intelligent decision making, planning,

strategy formulation, performance measurement and learning. The healthcare service provider should use

analytics as a strategic tool instead of a supporting one for digital transformation. In an uncertain and

competitive business environment, the healthcare service provider can use analytics for various business

functions such as human resource management, strategic management, customer relationship

management, supply chain optimization, streamlining operations, pricing, financial forecasting, risk

management and budget allocation. The provider may adopt binning as an advanced analytic technique

that analyzes the response of all patients to a set of direct questions related to specific domains.

Responses are then categorized into bias and corrective actions are taken to improve the quality of

service.

The digital transformation requires key competencies such as data governance, analytical tools and skills

and data oriented corporate culture for improving competitiveness and business performance of the

healthcare service provider. Data governance requires capabilities in terms of correct data model and

standardized data management practice. Analytical tools and skills require the appointment of

knowledgable and innovative data analysts, selection of good BI software package, efficient ETL

algorithms, analytical modeling tools and intelligent data visualization techniques. Data driven culture

requires the support of top management, high commitment and innovation in leadership; it considers

analytics as an important asset. The service provider can select any of the two alternative options.

Analytics may be used for specific performance metrics for a specialized path. Along the collaborative

path, analytics is used to achieve the business objectives of the enterprise through an information

platform which enables insights to be developed and shared across different business units. The

participants of the workshop have concluded that the healthcare service provider requires right focus,

proper resource allocation, right people, sophisticated technology and right culture as sources of

competitive strength.


2.5 Biomedical System

Digital transformation requires the intelligence of biomedical engineering, bio-sensors, bio-

inspired artificial intelligence and human computer interaction for improved QoS in patient

care.

The CIO has decided that the healthcare information system of P should be integrated with bio-medical

system appropriately through sensors, robotics, human computer interaction, mobile communication

system and internet. An effective digital transformation enables the service provider to offer different

innovative patient care services through medical imaging systems, digital radiography, computed

tomography, nuclear medicine, computer-integrated interventional medicine, ultrasonic imaging,

magnetic resonance imaging, diffuse optical imaging, image compression, medical image retrieval,

parametric imaging, brain magnetic resonance imaging, molecular imaging, data processing and analysis

by electronic medical record (EMR), image registration, biological computing, picture archiving, medical

imaging informatics, digital library, integrated multimedia patient record systems, computer-aided

diagnosis and clinical decision support system.


Chapter 3: Computing Schema & Computational

Intelligence Digital transformation of healthcare system demands the computational intelligence of distributed

computing (e.g. cloud computing, service oriented computing), secure multi-party computation (e.g.

fairness, correctness and privacy), embedded computing and artificial intelligence (e.g. robotics, case

based reasoning, computational theory of perception and soft computing) for intelligent decision making,

fast and correct transaction processing, knowledge management, enterprise resource planning, supply

chain management, complex surgical operations and medical diagnosis. This section explores the

computational intelligence through a set of algorithms, protocols, mechanisms, heuristics and quantitative

models. These are closely associated with data, networking, application and security schema of

healthcare information system. Computational intelligence are essential for data processing and

structuring, pattern recognition, knowledge representation, knowledge processing, learning, knowledge

aggregation, knowledge discovery, reasoning, decision making, predictive actions, adaptation and

evolution, behavior patterns generation, expert advising, planning, and proactive reasoning in medical

science and healthcare domain. The computational intelligence is a critical issue in healthcare domain due

to several factors such as complexity of data structure, reasoning methods, domain specific and

interdisciplinary knowledge, wide verities of diseases and medical treatment procedures, increasing

population and old aged people.

3.1 Distributed computing

Distributed computing considers the scenario where a number of distinct, yet connected computing

agents wish to execute a joint computation. The objective is to enable these agents to carry out such

distributed computing tasks privately. The advancement of computer network technologies, multi-agent

system and cryptography has improved the efficiency of distributed computing significantly. There exist a

set of standards (e.g. HIPAA, EDI, HL-7, DICOM, IEEE 11073, ICD-9 and CPT) related to health

information systems and the electronic exchange of private transactional data among the stakeholder of

the health chain such as patients and service providers. The standards allow the exchange of complete,

timely and correct data among different tiers of the chain in an effective and efficient way through a fully

integrated information and communication technology infrastructure. This section explores the scope of

cloud computing and service oriented computing for healthcare service.

The CIO has called the system administrator, system analysts and a cloud computing service provider to

discuss some critical issues such as why the healthcare industry should adopt cloud computing

technology, what are the expected benefits and how to compete more effectively. The healthcare


industry is facing different problems such as cost reduction associated with information and

communication technology infrastructure, maintenance and operations; fast and correct transaction

processing and data sharing for patient care, supply chain coordination and regulatory compliance. Many

healthcare organizations find it harder to stay in compliance with regulations by using old legacy

technology. Large organizations would like to consolidate their IT infrastructure which is spread across

multiple geographic regions. Small firms are trying to use information and communication technology at

fair price. Another important issue is security and privacy of critical patient data which should be stored in

encrypted form in the data warehouse. The service provider often faces the problems of availability and

continuity of service against natural disaster, communication link failure and shortage of power.

3.2 Cloud Computing Schema

With the significant advancement of information and communication technology, computing is perceived

to be used as the next utility after water, electricity, gas and telecommunication. The concept can be

extended to cloud computing and grid computing for a market oriented grid. Utility computing is

associated with a parallel and distributed system that enables the sharing, selection and aggregation of

geographically distributed autonomous computational resources dynamically at runtime depending on

their availability, capability, performance, cost and quality through web service. The computational

resources include different types of sophisticated software applications such as data mining, scientific

computing and image processing, data, CPU or processing power, servers, storage devices, scanners,

UPS and network interfaces which can be shared through web service. The objective of utility computing

is to provide computing power and storage capacity that can be used and reallocated for any application

and billed on a pay-per-use basis. Utility computing consists of a virtualized pool of information systems

and other IT resources that can be continually reallocated to meet changing business and service needs

of the consumers. These resources can be located anywhere and managed internally or externally. The

service provider tracks the usage of computational resources of the consumers and makes invoice based

on predefined price setting and usage data. An efficient resource management system coordinates and

monitors the complex operation.

Utility computing supports virtualization. Cloud computing is basically a distributed computing where

dynamically scalable and virtualized resources are provided as a service over the internet to achieve cost

saving, easy scalability and high availability. The services offered through cloud computing usually include

Software-as-a-Service (SaaS), Infrastructure-as-a-service (IaaS), Platform-as-a-service (PaaS), data-

Storage-as-a-Service (dSaaS) and database-as-a-service (DaaS). SaaS allows users to run applications

remotely from the cloud. IaaS provides a set of computing resources as a service which includes

virtualized computers with guaranteed processing power and reserved bandwidth for storage and

Internet access. PaaS includes operating systems and required services for particular applications along


with data security, backup and recovery, application hosting and scalable architecture. dSaaS provides

data storage, data warehousing and data mining facilities. This is a cost effective, innovative IT

infrastructure from which the consumers are able to access desired computational resources and from

anywhere in the world on demand.

The key technologies that enable cloud computing are virtualization, web service, service oriented

architecture, service flows and work flows. The trading in cloud computing depends on several

technological issues such as high availability of service, business continuity, data lock-in, security and

privacy of data, efficient data transfer, performance predictability, scalable storage, efficient bugs

management in large distributed system, adaptive scaling of operation, innovative software licensing and

reputation mechanisms. Strategic pricing considers all these QoS factors to define optimal price setting

for cloud computing. In fact, an intelligent, innovative competitive pricing mechanism and secured high

QoS can make cloud computing an attractive IT business model as compared to traditional corporate

computing model based on direct IT investment. Nowadays, pay-for-use or pay-as-you-go licensing are

becoming popular in cloud computing market. Thus, the computing world is rapidly transforming towards

developing information systems to be consumed as a service. Various service providers have started to

build scalable data centers at various locations for hosting cloud computing.

The key players of the market of cloud computing are a set of service providers, service consumers and

resource brokers. There are several challenges of trading in cloud computing : fair resource allocation

protocols, optimal task scheduling, tendering, contract net protocols, auction, market clearing and

negotiation mechanisms and pricing algorithms. The major threats are reduced contract duration,

uncertainty, risk and variable duration of a portfolio of contracts, reduced switching costs and customer

lock-in, uncertain customer demand, short life-cycle and high sunk cost. Cloud computing may require

high development cost for instrumentation, provisioning and monitoring and start up costs in the face of

uncertain demand. The cloud service provider shows the following computing schema to the CIO, system

administrator and system analysts to explore the scope of cloud computing.

Cloud Computing Schema:

Agents: Cloud computing service provider (Pcc), cloud computing service consumer i.e. healthcare

service provider (Ph);

Application domain: electronic medical records [EMR], office productivity, health information

exchange, physician collaboration solutions, clinical information systems, medical interfaces;

Input: Demand plan of Ph, Service plans of Pcc ;

Mechanism: Ph and Pcc negotiate and select an optimal mix of public or private or hybrid cloud

computing services.

SaaS (Software-as-a-Service)

dSaaS (Data storage-as-a-Service)

DaaS (Database-as-a-Service)


IaaS (Infrastructure-as-a-Service) and HaaS (Hardware-as-a-Service)

PaaS (Platform-as-a-Service)

CaaS (Communication-as-a-Service)

Revelation principle : Ph and Pcc jointly preserve the privacy of data and cloud computing system.

Payment function: Pcc pays Ph based on negotiated pricing plan and service consumed for a specific

period i.e. pay-as-you-go scheme.

Output : Cloud computing service plan, pricing plan.

The healthcare service provider (Ph) can use cloud based electronic medical records (EMR) solutions. The

primary benefits are reduced implementation time, lower initial costs instead of significant IT investments

on in-house technology evaluation and testing, partnership of compliance, better scalability and cost

control. Ph can also use cloud based secure office collaboration platform, electronic mail, file, spread

sheets and document sharing solutions, unified communication services including telephone, e-mail,

instant messaging, audio and video conferencing and miscellaneous cutting edge technologies to improve

productivity in healthcare operations. Different stakeholders of the healthcare chain can share critical and

strategic information through Health Information Exchange (HIE). Physician Collaboration Solutions

(PCS), m-health and e-health enable virtual patient care and telemedicines system for rural healthcare.

Cloud based clinical information systems may be used for efficient and fast workflow control,

appointment and surgery scheduling, testing, retrieval of patient’s information, procurement of drugs and

medical devices, billing and payment processing. Both small and large healthcare organizations are able

to use cutting edge technologies at reduced investment on information and communication technology.

The cloud computing schema can support the transition from the design of large scale medical

instrumentation to smart micro system technologies in the form of intelligent Hardware-as-a-Service

(HaaS), the transition from large telecommunication infrastructures to mobile data transfer in the form of

Infrastructure-as-a-Service (IaaS), the transition from isolated islands of medical data towards integrated

end-to-end cloud solutions in the form of Software-as-a-Service (SaaS) and the transition from intrusive

and expensive testing to harmless indirect health monitoring through novel devices in the form of user

Interface-as-a-Service (UIaaS). The patients or healthcare service consumers can receive innovative

healthcare services such as mobile electrocardiogram (ECG) recording, portable defibrillators, digital

stethoscopes and emerging medical peripheries based on multimodal data fusion through cloud

compatible novel medical interfaces.

Ph can adopt either cloud computing schema or go for direct IT investment. Cloud computing is a unique,

cost effective, differentiated business model. It makes the healthcare service provider agile and flexible to

the basic needs. Pay-for-what-happens is a flexible IT pricing strategy; Ph can pay per user per month on

any application as a service. It should not throw anything away; rather it should build on existing IT

assets and choose a hybrid model of on-premises and off-premises resources. There are different options


of cloud computing such as public, private and hybrid cloud. The computing resources are dynamically

provisioned over web via web applications or web services from an off-site third party service provider in

public cloud computing. In case of private cloud computing, private networks are used to provide full

control over data, security and quality of service by a cloud service provider or a company’s own IT

division. A hybrid cloud environment combines private and public cloud models.

dSaaS / DaaS : The basic objective of DaaS is to avoid the complexity and cost of running a database

with improved availability, performance, price and flexibility. It gives the access to various types business

intelligence solutions (through web) which include distributed database, data warehousing, data mining,

business and web analytics, data visualization and business performance measurement applications. The

pricing of dSaaS is based on the cost of hardware (e.g. data warehouse, servers), the cost of software

(e.g. business intelligence solutions) and system administration cost (e.g. data centre administration,

data base security, backup, recovery and maintenance). A consumer can lease a data storage space

where it is required to measure different system parameters such as stored data (GB/month) and number

of processed queries (per 10k requests / month) to compute the price of dSaaS / DaaS. The provider can

offer quantity discount in case of group buying of storage space. The prices of DaaS / dSaaS are also

determined by various QoS parameters such as connection speed, data store delete time, data store read

time, deployment latency (i.e. the amount of latency between when an application is posted and ready to

use) and lag time (how slow the system is).

The pricing of dSaaS is also governed by the security and privacy of data and the related system

architecture. A complex system architecture enhances the cost of computation and communication

among the agents and also the cost of energy. There may be different types of system architecture

possible in cloud computing. In a simple setting, the service consumer encrypts its data and stores in the

data storage server of the service provider. Whenever required, the consumer gets access its data

through proper access control schema and decrypts the data. In a slightly complex setting; the service

consumer stores its encrypted data in the server of the service provider and wants to share data with a

client. In this case, the service provider uses a data processor, data verifier and tocken generator for

dSaaS service. The service consumer perform data indexing with the support of the data processor,

encrypts the data and sends to the cloud server. The client requests the service consumer for a specific

query on stored data. The consumer sends a credential and tocken to the client. The client sends the

tocken to the service provider. The provider finds the appropriate encrypted data with the help of the

tocken and returns the same to the client. The client and the consumer jointly check the integrity of data

using verification mechanism. So, the costs of computation and communication are different in simple

and complex cloud computing settings. The pricing of dSaaS should consider these issues intelligently.

Some applications (e.g. education sector) require low level of privacy of data. Some applications (e.g.

financial service, healthcare etc.) need high level of security and privacy in data outsourcing and this


involves high cost of computation and communication from the perspectives of statistical disclosure

control, private data analysis, privacy preserving data mining, intelligent access control and query

processing on encrypted data. The service provider should define a discriminatory pricing mechanism for

dSaaS: high level of security and privacy of data demands high price and low level of security asks low

price.

The price of dSaaS is a function of miscellaneous cost elements of a data center. A data centre or data

bank is the collection of servers where the applications and data are stored. Data center consists of a set

of servers and network architecture. The servers store the data from different organizations and network

architecture facilitates the services to use, store, and update the data of the servers. The cost of

administration of data centre includes several factors: initial development cost, operating cost,

maintenance cost and cost associated with disaster recovery plan. The development cost includes the

cost that requires making master plan, building infrastructure, buying hardware and software, making

database and security schema. Operating cost includes the cost of energy, cooling system, system

administrators, software license and network cost. Maintenance cost is the cost of maintaining the system

which includes upgradation of hardware and software. One of the most challenging issues of data center

management is the resource allocation strategy: how it is possible to cater the demand of the service

consumers using minimum number of servers. It has an impact on the size, complexity and cost of data

center. The data centre administrator can follow dedicated or shared server allocation strategy.

The price of dSaaS is also a function of energy consumption of cloud computing system in a data center.

There are many open challenges of energy efficient design of computing systems and green IT covering

the hardware, operating system, virtualization and data center levels [22]. The basic objective of the

cloud computing system design has been shifted to power and energy efficiency to improve the profit of

the service provider. Energy consumption is not only determined by hardware efficiency, but it is also

dependent on the resource management system deployed on the infrastructure and the efficiency of

applications running in the system. Solar power electronics is an interesting option of green IT. Higher

power consumption results not only high energy cost but also increases the cost of cooling system and

power delivery infrastructure including UPS and power distribution units / panels. The consolidation of IT

infrastructure should be done intelligently to reduce both energy consumption and performance

degradation through improved power management. Energy consumption can be reduced by increasing

the resource utilization and use of energy efficient cloud computing system.

Software-as-a-Service (SaaS) : SaaS is an application hosted on a remote server and accessed

through web; it can be business service or customer oriented service. The basic objective is to reduce

software licensing cost and improve productivity by using sophisticated applications. The pricing strategy

of SaaS is based on pay-as-you-go basis; not dependent on number of licensing period and licensing

users as in case of direct software procurement. The service provider can configure the number of


required features of a software as per the demand of a service consumer and price SaaS service charge

accordingly based on basic, medium and mega package configuration. Another concept is software plus

service where an enterprise uses a locally hosted software application and additionally uses SaaS through

cloud for a specific type of application. Using the existing software paradigm, the consumer purchases a

software package and license by paying a one-time fee. The software then becomes the property of the

consumer. Support and updates are provided by the vendor under the terms of the license agreement.

This can be costly if the user is installing a new application on hundreds or thousands of computers.

SaaS, on the other hand, has no licensing. Rather than buying the application, the consumer pay for it

through the use of a subscription based on number of concurrent users and only pay for what is used.

The computation of subscription fee can be stochastic pricing or simple cost based pricing. The price of

SaaS depends on the specific business model of the service provider. Suppose, a service provider

develops in-house software products. Another service provider buys COTS from third-party vendor based

on number of licensed users and licensing period and provides SaaS to the consumers. There may be

restriction of number of concurrent users and different subscription rate of SaaS in second case.

This pricing strategy should also consider cost of upgrading software application; the provider may offer

incentive for upgrading applications. In case of security software pricing, there may be different

alternative strategies to manage network security: (i) consumer self-patching where no external

incentives are provided for patching or purchasing, (ii) mandatory patching, (ii) patching rebate and (iv)

usage tax. For proprietary software, when the software security risk and the patching costs are high, a

patching rebate dominates the other strategies. When the patching cost or the security risk is low, self-

patching is the best option.

Stochastic risk based pricing mechanism considers several risk factors and optimizes the expected net

present value of revenue subject to maximum acceptable risk of the provider. In this case, the service

provider does not give much focus on cost accounting model or profit margin but tests the price

sensitivity of the customers experimentally or through trial and error method. The provider does not have

any precise perception about the demand of the new software products. But, it follows dynamic risk

based pricing based on assessed risks and competitive intelligence. For in-house software development,

software cost is a function of efforts on feasibility study, requirement analysis, system design, program

design, coding, testing and modification following waterfall / v-process / spiral / proto-typing /

incremental delivery model. The service provider estimates effort for a specific SDLC model and then

selects an optimal profit margin.

Infrastructure-as-a-Service (IaaS) : A cloud computing infrastructure consists of different types of

elements: clients (e.g. mobile, PDA, laptop, thin and thick), the data center and distributed servers. Thin

clients are less costly than thick clients. A growing trend in the cloud computing is virtualization of

servers. In a virtualized environment, applications run on a server and are displayed on the client. The


server can be local or on the other side of the cloud. Software can be installed allowing multiple instances

of virtual servers which run on a physical server. Full virtualization is a technique in which a complete

installation of one machine is run on another. It allows the running of different and unique operating

systems. Hardware-as-a-Service (HaaS) simply offers the hardware required by a consumer. Cloud

computing is a business model of delivering IT resources and applications as services accessible remotely

over the Internet rather than locally. IaaS supports remote access of computer infrastructure as a

service.

Cloud computing supports elastically scaling computation to match time varying demand. But, the

uncertainty of variable loads necessitate the use of margins i.e. the servers that must be kept active to

absorb unpredictable potential load surges which can be a significant fraction of overall cost. The

provider should not adopt a fixed margin strategy; the margin should be load dependent. The margin

required at low loads may be higher than the margin required at high loads. Secondly, the tolerance i.e.

the fraction of time when the response time target may be violated need not be uniform across all load

levels. It is really challenging to achieve optimal margin cost while guarantying desired response time for

IaaS.

The pricing strategy of IaaS is based on the cost of servers, storage space, network equipment and

system software like operating systems and database systems. The price of IaaS is basically a

subscription fee for a specific timeline. Now the question is how to compute this subscription fee. The

rate should be fixed based on the cost of hardware and software, target revenue and profit margin. The

service provider may adopt a profit maximizing pricing strategy or revenue maximizing pricing strategy

within reasonable, stable target profit margin. The profit margin is a dynamic variable; it should be set

intelligently according to competitive intelligence and quality of service. The quality of service is

measured in terms of computing time. For small firm or individual service consumer, the provider can set

a fixed price per unit time; there may be SLA but there is no scope of negotiation of price. Large PSU can

negotiate with the service provider to set a rational price for fixed timeline.

Incentive compatibility plays a significant role in IaaS pricing, it is important to analyze the significance of

incentives for network infrastructure investment under different pricing strategies: congestion based

negative externality pricing and the flat rate pricing]. A lack of proper infrastructure investment incentive

may lead to an environment where network growth may not keep pace with the service requirements. It

is really complex to compute maximum capacity that IaaS provider will be willing to invest under different

pricing schemes. Optimal capacity of IaaS is determined by different factors: per unit cost of capacity of

network resources, average value of the user’s requests, average value of the user’s tolerance for delay

and the level of exogenous demand for the services on the network. It is hard to determine whether time

based pricing is more profitable than flat rate pricing. IaaS consumers always try to identify whether

average stream of the net benefits realized under congestion based pricing is higher than the average net

benefits under flat rate pricing. IaaS provider may adopt different types of pricing strategies at different


points of time but the service consumers may control their demand of IaaS service adaptively to avoid

the increase in cost.

Platform-as-a-Service (PaaS) : PaaS supplies all the resources required to build applications and

services completely from the web without any download or installation of any software in the clients. The

price of PaaS can be negotiated for a specific project. There can be different types of project

environments such as application-delivery-only-environment (e.g. security and on demand scalability),

standalone environment and add-on-developmental-environment (e.g. subscriptions of add-on SaaS

application are bought). The price of system software can be charged as a subscription fee based on

number of concurrent users and usage period. The pricing of PaaS is also governed by the complexity of

platform services which may include application design, development, testing, deployment, hosting,

geographically dispersed team collaboration, web service integration, database integration, security,

scalability, storage, state management and versioning. The developers, project managers, and testers

can access the development and testing softwares of the service provider through web; but, lack of

interoperability and portability may be a critical issue in PaaS. The price of PaaS is determined by the

complexity of interoperability between the systems of the service provider and service consumer.

Communication-as-a-service (CaaS) : For CaaS, the a service provider can adopt service or traffic

pricing strategy and can offer several options to the consumers for voice calls, text messages, multi-

media messages, mobile internet and smart phone applications. For CaaS, the service provider may adopt

fixed up to pricing : a fixed fee p, a free call time allowance of n units and over limit rate r i.e. charge p

for usage upto n units and bill r for usage over n units. In case of traffic pricing, the service provider

simply prices the traffic consumed and each consumer has the right to allocate the purchased traffic

among various types of services according to individual preferences. The provider designs only a single

price schedule to price the traffic consumption; each plan in the schedule provides a certain level of

traffic usage for a specific price setting. Traffic pricing is a specific case of quasi bundling. Bundling of

services may increase the profit of the service provider when the service consumers have different

valuations for individual goods but similar valuations for a bundle of services. Though the service provider

chooses the bundle composition, each consumer chooses individual traffic allocation in case of traffic

pricing.

The consumer of cloud computing service can reduce IT maintenance cost significantly and can always

use the latest software applications with the cloud without worrying about upgrades and patches. It can

reduce the training cost using the skill, product knowledge and experience of the cloud service providers.

It can build a real-time enterprise model with the help of an enterprise ready cloud computing

infrastructure through a well-defined SLA and 24/7 support. The service consumer uses resources more


effectively; a service consumer can identify areas that can be moved to the cloud and quickly free up

skilled IT staff on high value initiatives. It can lower operating costs in terms of IT infrastructure,

maintenance and operational costs. It can stay secure and store sensitive data on a global network of

sophisticated data centers. Further, it can develop IT solutions faster with the support of the service

provider’s platform and interoperability support of third party solutions.

Cloud computing is particularly a desirable option for small to medium sized business wherein in-house

development and operations of IT applications may be time consuming and expensive. Small or medium

sized enterprises are best served by cloud computing within small IT budget. Large enterprises may

select cloud computing as a suitable option when they want to experiment with new information

technologies without high initial investment. It helps improve productivity by providing new machines and

instant access to new resources and software; it builds an adaptive enterprise model in a changing

business environment. The overall business competitiveness can be strengthened by reducing the time of

deployment and enhancing the ability to adapt to changing market conditions. The new paradigm of

cloud computing provides different types of benefits but there are still a number of challenges such as

performance for intensive transaction and data oriented applications, security and privacy, control over IT

platform, bandwidth costs and reliability of service.

3.3 Artificial intelligence

Soft computing is a consortium of methodologies including fuzzy sets, neural networks, genetic

algorithms and rough sets that works synergistically and provides flexible information processing

capability for handling ambiguous situations in healthcare domain. The basic objective is to exploit the

tolerance for imprecision, uncertainty, approximate reasoning, and partial truth in tractable, robust and

low-cost solutions. This technique is widely used for data mining and KDD applications. Fuzzy sets deal

with uncertainty. Neural networks and rough sets are used for classification, prediction, clustering and

rule generation. Genetic algorithms (GAs) are used for optimization and search processes. The other

approaches are case based reasoning, perception and decision trees. Fuzzy sets are suitable for handling

incomplete and noisy data and pattern, mixed information, human interaction and can generate

approximate solutions faster. Neural networks are nonparametric, robust and exhibit good learning and

generalization capabilities for intelligent data processing. Genetic algorithms provide efficient search

algorithms to select a model from mixed data based on preference criterion/objective function. Rough

sets are suitable for handling different types of uncertainty in data.


Figure 4 : Computing schema for soft computing

3.3.1 Case based reasoning

The CIO, system analysts and business analysts have been exploring the computing schema of

knowledge management system based on artificial intelligence. A significant part of an organization’s

knowledge resides in its memory. While a healthcare organization creates knowledge and learns, it also

forgets. It can suffer a failure of collective corporate memory. The storage, organization and retrieval of

knowledge is known as organizational memory. In healthcare management, this knowledge can be

classified as declarative, procedural, causal, conditional and relational - what drug is appropriate for an

illness, how the drug works, why the drug works, when the drug works and how a drug interacts with

other drugs. An organizational memory system enables the integration of dispersed and unstructured

knowledge by enhancing its access, dissemination and reuse among the authorized entities.

Organizational memory is a comprehensive information system that captures accumulated know-how,

business activities, core competencies and other assets and makes them available to enhance the

efficiency of knowledge intensive business processes in healthcare management. Knowledge from the

past cases, experience and events can influence present activities and solution methodologies. Case

based reasoning can be the basic building block of healthcare knowledge management system. It

standardizes a set of processes, methods and best practices and saves time and cost in knowledge

management. But, it may cause decision making bias and may affect innovation and creativity.


Case based reasoning (CBR) is a methodology for solving problems by utilizing previous experience. It

involves retaining a memory of previous healthcare problems and their solutions and solving new

problems by referencing the past cases. A healthcare expert presents a new query case to the

recommender system. The recommender system searches its memory of past cases stored in case base

and attempts to find a case that has the same problem specification of the current case. If the system

does not find an identical case in its case base, it will attempt to find the case or cases that match most

closely to the current query case. There are two different types of search such as similarity search and

neighborhood search. In case of similarity search, the solution of the retrieved case is directly used for

the current problem. The system adapts the retrieved cases if the retrieved case is not identical to the

current case. In a complex search, the system requires the access of multiple case bases which are

located at various locations. This collaborative information seeking requires a web service enabled

platform for complex search.

Case based reasoning mechanism

Agents : Healthcare consultant (Ph);

Input: New case or query (q) regarding a patient;

Protocol:

Retrieve the most similar cases (c1,…,ck) k nearest neighbors w.r.t. q from the case base;

Adapt the proposed solutions to a solution s(q) compute s(q) by combining the solutions sj of the

cases cj. sj is weighted as per the differences between cj and q;

Learn after applying s(q) to q in reality Store the new solution in the case base for solving q’.

Evaluate performance : Rejection ratio = no. of unanswered queries / total no. of queries.

Output: Recommended solution;

CBR is selected for the proposed healthcare recommender system due to various reasons. The healthcare

domain has an underlying model, the process is not random and the factors leading to the success or

failure of a solution can be captured in a structured way. Cases recur in healthcare domain though there

may be exceptions and novel cases. Healthcare solutions can be improved through case retrieval and

case adaptation. Relevant healthcare cases are available at different healthcare institutes; it is possible to

obtain right data. Case retrieval is the process of finding within the case base those cases that are the

closest to the current case. There must be criteria that determine how a case is evaluated to be

appropriate for retrieval and a mechanism to control how the case base is searched. Most often, an

entire case is searched. But, partial search is also possible if no full case exists.

Case retrieval mechanism


Agents: Decision-making agents (DMAs), mediator (M);

Input : Query case (q);

Output: Retrieved cases s(q);

1. DMAs define the query case and inform the same to M. M requests DMAs to specify their preferential

parameters.

2. DMAs negotiate with each other and define aspiration point (pa), reservation point (pr), indifference

threshold (ith), strong preference threshold (st), weak preference threshold (wt) and veto threshold

(vt). DMAs communicate this to M.

3. Repeat until DMAs are satisfied with a solution or concludes that no compromise point exists for the

query case.

3.1 M retrieves a set of cases from the case base: the most similar case to the query case and its

characteristics neighbors. M sends the search results to DMAs.

3.2 If the retrieved cases are acceptable to DMAs, the search process stops.

Otherwise DMAs refine their preferential parameters; go to step 3.1.

A case is a record of a previous experience or problem in terms of problem definition, patient’s

symptoms, drugs, solution methodology, test results and recommendations. A case base also stores

global best practices, standards, valid drugs, price and contacts of specialists. Data is stored based on

domain knowledge and objectives of the reasoning system. The cases should be stored in a structured

way to facilitate the retrieval of appropriate case when queried. It can be a flat or hierarchical structure.

Case indexing assign indices to the cases for retrieval and comparisons. There are different approaches of

case retrieval. In case of nearest neighbor search, the case retrieved is chosen when the weighted sum

of the features that match the query case is greater than the other cases in the case base. A case that

matches the query case on n number of features is retrieved rather than a case which matches on k

number of features where k < n; different features may be assigned with different weights. Inductive

approach is driven by a reduced search space and requires reduced search time. This results reduced

search time for the queries. Knowledge based approaches select an optimal set of features of case by

using domain knowledge. The complexity of case retrieval depends on multiple factors: (a) number of

cases to be searched, (b) domain knowledge, (c) estimation of the weights for different features and (d)

case indexing strategy.

The mediator agent searches for a set of cases similar to the query case on the basis of the specifications

of the query case and the preferential parameters as defined by the decision making agents. Aspiration

point is the value of an attribute which is desirable or satisfactory to the DMAs. Reservation point is the

value of an attribute that the DMAs like to avoid. DMAs inform the mediator agent regarding various

preference thresholds in order to compare alternative cases. There is an interval of preference wherein it

is not possible for the DMAs to distinguish between different alternatives due to imprecision and


uncertainty of measurements of various attributes. This is indifference threshold. Strong preference

threshold is defined as minimal change of any attribute that makes the new alternative case strictly

preferred with respect to a set of attributes. There exists an intermediate region between indifference

and strong preference threshold where the decision-making agent hesitates to compare alternatives. It is

weak preference threshold. Veto threshold indicates what is the minimal change of any attribute that

makes the new alternative unacceptable regardless of the value of other attributes. The mediator tries to

explore the most similar case with respect to the query case and also a set of cases within the

neighborhood of the most similar case. The neighborhood is defined by a set of cases that are not worse

than the middle point. These cases indicate to what extent the values of particular attributes can be

possible with respect to the most similar case.

Case adaptation is the process of translating the retrieved solution appropriate for the current problem; it

adds intelligence to the recommendation process. There are various approaches of case adaptation. The

retrieved case can be directly used as a solution to the current problem without any modification.

Otherwise, the retrieved solution should be modified according to the current problem. The steps or

processes of the previous solution can be reused or modified. The solution of the current case can be

derived by combining knowledge of multiple retrieved cases. Case adaptation is a complex decision

making task, it considers multiple factors: how close is the retrieved case to the query case? How many

parameters are different between the retrieved and the query case? DMAs can apply common sense or a

set of rules or heuristics for case adaptation.

Case adaptation mechanism

input: Retrieved case(s), Query case;

output: Recommended solution;

1. Cosense : DMAs view the complete information path, unified chronological ordering of all the events

of the search process and try to make sense of the search results.

1.1 DMAs view the sense making trajectories of other agents. A DMA may hand-off the sense making

task to an expert if it is difficult to understand the search results.

1.2 DMAs share relevant information and negotiate to reach an agreement.

1.3 DMAs verify whether the solution of the retrieved case can be applied to the current case

directly.

1.4 DMAs analyze the gaps between the query case and the retrieved case(s) and sense the need of

appropriate modifications by assessing risks, threats and opportunities of the current problem.

2. DMAs decide how to respond to the change and finally recommend the solution of the current case

rationally.


Making sense of the information found during an investigational web search is a complex task of case

based reasoning. Sense making is to find meaning in a situation, it is the cognitive act of understanding

information. The system should support collaborative information search by providing several rich and

interactive views of the search activities of a group. One of the problems facing HCI research today is the

design of computer interfaces to enable sense making of the processed information. Sense making is not

only important for individuals, but also for groups to achieve shared goals. Traditional sense making tools

focus on data mining, provide better information representation, visualization and organization of search

results. But, it is also required to support the collaboration and communication that occurs among the

investigators when they make sense of information together.

Figure 5: Healthcare recommender system

Soft computing tools like artificial neural network (ANN) and memory based reasoning can be used as the

computational components of the proposed healthcare recommender system (Figure 5). In this scheme,

prediction query manager (PQM) receives new query request and consults with ANN and MBR

concurrently. When both predictors agree in prediction value, PQM normally returns the predicted value.

When the predictions of ANN and MBR are significantly different, PQM reports failure and asks for the

opinion of human experts. ANN is trained with the given data set or cases stored in the case base. The

feature weights are calculated. When a new query comes in, k nearest neighbors are retrieved from the

case base based on the feature weight sets. The prediction value of ANN is utilized in conjunction with

the prediction of MBR system. ANN predicts on the basis of trained data and test data. MBR predicts the

Training algorithm

Best practices

Case retrieval

Initial training data

Predicted value k-most similar

casesFeatureweights

Online learning

Case maintenance

Old Cases

Healthcare Case Base

Knowledge creation

Artificial neuralnetwork

Memory based reasoning

Case adaptation

New query

New cases

Healthcare expert

Prediction manager


solution based on k-nearest neighbor cases. This provides extended information for the query with most

similar cases in the case base.

K-Nearest-Neighbors (KNN) Algorithm

Input : Training objects :D; Test object: Z (a vector of attribute values);

L : Set of classes to label the objects; output: cz L where cz is the class of z;

Algorithm:

for each object y D do

compute d(z,y), the distance between y and z;

end

select ND, k closest training objects for z;

cz = argmax v L ∑yN I(v = class (cy));

where I(.) is an indicator function that returns the value 1 if its argument is true and 0 otherwise.

d(x,y) = √nk=1 (xk – yk)

2 i.e. eucledian distance;

d(x,y) = √nk=1 |(xk – yk)| i.e. manhattan distance;

xk, yk are the attributes of x and y respectively; wi = 1/ d(y,z)2;

distance weighted voting : cz = argmax v L ∑yN wi . I (v =class (cy));

KNN algorithm computes the distance or similarity between z and all the training objects to determine

nearest neighbor list for given training set D and test object z which is a vector of attribute values and

has an unknown class label. The algorithm then assigns a class to z by taking the class of majority of

neighboring objects. The storage complexity of KNN algorithm is o(n) where n is the training objects. The

time complexity is also o(n) since the distance needs to be computed between the target and each

training object. There are several key elements of this approach : (a) set of labeled training objects to be

used for evaluating a test object’s class; (b) a distance of similarity metric to compute the closeness of

objects; (c) the value of k, number of nearest neighbors and (d) the method of distance measurement.

KNN is a specific case of instance based learning such as CBR. It is particularly suited for multimodal

classes as well as applications in which an object can have many class labels. The performance of KNN

algorithm depends on the choice of k, an estimate of the best value for k that can be obtained by cross

validation. If k is very small, the results can be sensitive to the noise points. If k is too large, then the

neighborhood may include too many points from the classes.

Another approach is the approach of combining class labels. The simplest method is to take a majority

vote. This can be a problem if the nearest neighbors vary widely in their distance and the closer

neighbors, more reliably indicate the class of the objects. Another approach is to weight each object’s

vote by its distance wi = 1/ d(y,z)2 ; distance weighted voting : cz = argmax wi x I (v = class (cy). The


choice of distance measure is another important issue. It can be Eucledian or Manhattan distance

measure. Building the classification model is cheap but classifying unknown objects relatively expensive

since it requires the computation of k nearest neighbors of the objects to be labeled.

3.3.2 Perception

Human agents can perform different types of physical and mental tasks without any measurements and

any computations. In healthcare domain, a doctor can understand the medical problems of the patients

and recognize symptoms, similarities and dissimilarities through the perception of time, distance, force,

direction, shape, color, odor, taste, number, possibilities, likelihood, truth and other different types of

attributes of physical and mental objects. Perception is the basic building block of approximate reasoning.

Recognition and perception are closely associated. Recognition is a sequence of decisions, decision are

made based on information and the information is a mix of measurements and perceptions.

Measurements are crisp (e.g. Body weight is 60 kg.) while perceptions are fuzzy (e.g. body weight is

normal). Perception may be converted into measurements but such conversions may be

counterproductive, unrealistic and infeasible. Alternatively, perceptions are converted into propositions

expressed in natural languages such as a patient is very weak. Perceptions are intrinsically imprecise and

f-granular i.e. both fuzzy and granular. The boundaries of perceived classes are unsharp and the values

of the attributes are granulated. A granule is a clump of elements of a class that are drawn together by

similarity, proximity, indistinguishability or functionality. The perception of blood pressure of a patient

may be expressed as very high, high, medium, low and very low. F-granularity of perceptions reflects

the finite ability of sensory organs and the brain to resolve detail and store information. Information can

be singular (temperature: 980 C), c-granular (temperature: 960 - 990C) and f-granular (temperature:

normal). The computational theory of perception (CTP) deals with perception based system and function

modeling, time series analysis, probability and statistical analysis treating perceptions as a collection of

different linguistic if-then rules. CTP uses natural languages systematically to express patterns, classes,

perceptions and recognitions for data mining and knowledge discovery from data. CTP computes and

reasons with perception based information replacing traditional predicate logic and probability theory. In

CTP, a proposition p is an answer to a question and it represented as a generalized constraint. The

descriptors of perceptions are translated into generalized constraint language (GCL) and precisiated

natural language (PNL). Goal directed constraint propagation answers a given query. In fact, a doctor can

use both complex perception based fuzzy information and simple measurement based crisp information

for intelligent decision making in patient care.


Figure 6 : Decision making in healthcare

Robots are increasingly used for complex surgical operations such as brains, eyes, hearts and hip

replacements. Intelligent robotic walkers and toys are used for elderly and handicapped people. Robots

are equipped with sensors for perceiving their environment and effectors with which they can assert

physical forces on their environment. Perception is the process by which robots map sensor

measurements into internal representations of the environment. Perception is a complex process as the

sensors are noisy and the environment is partially observable, unpredictable and dynamic. Robots have e

problems of state estimation or filtering. Good internal representations imply that robots have sufficient

information to make good decisions, they are structured and updated efficiently and they are natural.

Machine learning plays an important role in robot perception.

The mechanism (HM) uses the intelligence of workflow management system for efficient

time management, exception handling and resource assignment during registration,

consulting, testing and surgical operations.

The healthcare service provider should use a workflow management system to improve quality of service,

operational efficiency and to ensure the safety of the service consumers through proper resource

allocation, capacity utilization, meeting scheduling and exception management. The system requires

proper integration among process definition, workflow engine, rules engine and healthcare information

system through exchange of data, events and actions [35]. Generally, sequential and parallel control

flows are used for simple time scheduling. Process optimization, high throughput and efficiency are

essential to improve revenue and reduce the cost of the service provider. The workflow management

system should plan the schedule of the specialists of a healthcare chain for attending national and

international medical conferences, workshops and seminars logically so that the service consumers get

proper treatment and consulting service in time.

Case based reasoning

AnalyticsPerception

Decision Making

Experiment

DSS, GDSS, KMS, Expert system


The mechanism (HM) uses the intelligence of web enabled ERP system for improved

coordination and integration among various healthcare units.

The mechanism uses an web enabled enterprise resource planning system for fast and correct

transaction processing, financial management and supply chain coordination among various tiers of the

healthcare chain. A typical ERP system should be used for sales and distribution, materials management,

finance and cost control and human resource management. The ERP system should be integrated with

workflow management, supply chain management and business intelligence systems for a complex and

large healthcare organization. The supply chain management system should be used for collaborative

planning, forecasting and replenishments, order management, distribution and demand planning,

inventory control, warehousing and shipping functions. The BI system should have data warehousing,

analytics, data visualization, data mining and performance measurement modules for strategic decision

making. The enterprise applications of multiple tiers of the healthcare supply chain are integrated

through internet.


Chapter 4: Data Schema

4.1 Business Intelligence Systems

The healthcare workforce can use novel, rich and interactive Business Intelligence

applications through efficient data warehousing and data acquisition techniques, cloud data

services and next generation mobile devices for intelligent data analysis, query and

transactions processing.

The healthcare information system requires a well-defined master data schema and configuration setting

for fast and correct computation and intelligent query processing. The primary elements of data schema

are an efficient data extraction and noise filtering algorithm, a secure data warehouse and a set of data

mining algorithms. Raw data is extracted from heterogeneous sources; the extracted data is filtered and

stored in a secure data warehouse. The data mining algorithms are applied on the stored filtered data

and new knowledge is discovered and applied for intelligent decision making.

The healthcare service provider (Pf and Ps in healthcareflow mechanism) evaluate the performance of the

trading agents associated with the supply chain periodically based on historical trading data stored in a

secure data warehouse; this evaluation is important for efficient financial and cost accounting, sourcing

and risk management. Pf compute the credit rating of the service consumers and also performs spend

analysis; Ps compute the vendor rating of the vendors on the basis of quality of products and delivery

performance. Ps inform the vendor rating to the vendors periodically; efficient vendors are rewarded and

the inefficient agents get alert or blacklisted as per regulatory compliance policy. The data schema should

support various transactions maintaining confidentiality, message integrity and nonrepudiation through

credential based access control mechanism. Auditing is required to check fairness and correctness of

computation and to validate security policies on periodic basis. Data plays a strategic role in healthcare

information system and its protection against unauthorized disclosure (secrecy) and improper

modifications (integrity), while ensuring its availability to legitimate users (no denial of service) is also

very important.

The CIO, system administrator and system analysts have jointly decided that the healthcare service

workforce should use BI applications through sophisticated data analysis techniques on strategic data

assets for better and faster decision making and innovative service offerings to the patients. From market

surveys and negotiation with the vendors, they have observed that the cost of data acquisition and data

storage has declined with the launch of parallel data architecture and sophisticated analytic tools. Today,

the top management requires short time lag between data acquisition and decision making.


4.2 Performance Scorecard

The healthcare service provider should deploy an online performance scorecard system for

the evaluation of quality of service based on correct feedback of the patients.

The business analysts have designed a performance scorecard for online implementation. A patient and

his / her attendant should enter name, registration number, age, gender, date, contact phone number

and e-mail id into the online feedback form before going through a set of questions and giving rating

based on perception, observations and practical experience. He / she should indicate the reason of

selection of the healthcare service provider. The performance scorecard is designed based on a simple

data structure : serial number, business function, performance metrics, rating scale and suggestions /

remarks. The rating scale has five options : excellent or very satisfactory (rating score: 5), very good or

satisfactory (rating score : 4), good i.e. neither satisfactory nor dissatisfactory (rating score : 3), average

or dissatisfactory (rating score : 2) and poor or very dissatisfactory (rating score :1). The basic objectives

of the performance scorecard are to ensure fairness and correctness in computation, evaluate the

performance of the healthcare consultants and workforce and improve quality of service. The objectives

of the feedback systems should be communicated clearly to the patients and their attendants. The

patients give rating for each business function and performance metric after the discharge and they are

assumed to give true and honest feedback and suggestions in a trusted computing environment for the

improvement of the healthcare system, quality of service and operational excellence. The performance

scorecard computes the aggregate score based on the rating selected by the patients during a specific

period. The patient’s relationship management associates should be able to interact with the patients in

time for any clarification. The service provider should also keep the option of manual feedback form for

the patients not knowing computers and information technology.

SL No.

Business Function

Performance Metrics

Excellent Very good

Good Average Poor Suggestions & remarks

1. Registration Speed / waiting time 2. Identity proof check3. Data entry accuracy4. Design of registration card5. Cooperation and attitude6. Clarity of information7. Quality of workflow

managementTable 1: Performance scorecard for registration


SL No.

Business Function

Performance Metrics

Excellent Very good


1. Consulting Correctness of appointment2. Design of appointment slip3. Accuracy of data4. Flexibility5. Exception management 6. Quality and clarity of

treatment7. Punctuality and availability8. Waiting time 9. Care, concern and

attentiveness10. Use of IS ( e.g. CBR)

Table 2: Performance scorecard for consulting

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Testing Explanation of consent form2. Waiting time 3. Skill of testing4. Quality of measuring

instruments5. Correctness of test results6. Payment processing

Table 3: Performance scorecard for testing

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Surgery Waiting time2. Pre-surgery testing3. Surgery schedule4. Correctness of data( e.g. tariff)5. Operation theatre environment6. Conduct of OT personnel7. Quality of nursing8. Skill of surgeons9. Clarity of post operative

instructions10. Promptness in transfer from OT

to ward or waiting room11. Overall coordination

Table 4: Performance scorecard for surgery

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Supply chain coordination

Scope of negotiation

2. Clarity of information given for procurement

3. Purchasing4. Receiving5. Inspection 6. Payment processing7. Quality control certificate 8. warranty verification9. Quality of medical devices

Table 5: Performance scorecard for supply chain management


SL No.

Business Function

Performance Metrics

Excellent Very good


1. Discharge Clarity of instructions and guidance during discharge

2. Medical diagnosis3. Correctness of data in

discharge summary4. Drug prescription and

administration5. Pain management 6. Promptness in attending calls

Table 6: Performance scorecard for discharge

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Billing Correctness in computation2. Fairness in computation3. Flexibility in payment mode4. Admission and settlement of

bills5. Skill 6. Attitude of workforce7. Speed / waiting time

Table 7: Performance scorecard for billing

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Follow up Correctness of schedule2. Patientflow control3. Care, concern & attentiveness4. Punctuality5. Clarity of instructions6. Coordination

Table 8: Performance scorecard for follow up

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Nursing care Attending calls and promptness 2. Behavior, attitude, care and

concerns 3. Communication and clarity of

instructions4. Pre operative nursing care5. Post operative nursing care6. Medicare administration7. Diet chart

Table 9: Performance scorecard for nursing care

SL No.

Business Function

Performance Metrics

Excellent Very good


1. Maintenance Electrical system2. Mechanical system3. Civil infrastructure4. Measuring instruments5. Information system6. Communication system7. Quality of house keeping


services : Hygiene and courtsey 8. Cleaning of rooms / ward9. Cleaning of toilets

Table 10: Performance scorecard for maintenance

SL No.

Infrastructure Performance Metrics

Excellent Very good


1. Infrastructure Ward2. Operation theatre3. Canteen4. Signage 5. Parking facilities6. Outdoor7. Emergency

Table 11: Performance scorecard for infrastructure

SL No.

Criteria Performance Metrics

Excellent Very good


1. Overall impression

Quality of service

2. Healthcare cost3. Healthcare outcome 4. Value

Recommend others : yes / no

Table 12: Overall impression

4.3 Data Visualization

Intelligent data visualization techniques are extensively used for image processing

applications and graphical presentation of test results of the patients. The healthcare

consultants require the support of these techniques for correct medical diagnosis and

subsequent treatment and surgical operations.

Medical imaging ensures fairness and correctness in medical diagnosis. Intelligent pattern recognition or

data mining algorithms are generally used for digital radiography, computed Tomography, Nuclear

medicine, ultrasonic imaging, magnetic resonance imaging and diffuse optical imaging. Biosignals are

used for Electroencephalography and Electrocardiograms. The fairness and correctness of computation

for medical testing depends on the efficiency of machine learning and data mining algorithms. The

pattern recognition algorithms are based on computed tomography, multi-element and multidimensional

phased arrays in ultrasound, combined positron emission tomography (PET) for CT scanners and rapid

parallel imaging for MRI. For example, planar X-ray imaging techniques are used for orthopedic, kidney

stones, lungs and gastrointestinal problems. Nuclear imaging techniques image the spatial distribution of

radioactive materials injected into the body to detect abnormal tissue distribution for cancer. Ultrasonic

imaging use ultrasound technology and Doppler measurements. MRI is a non-ionizing technique with

excellent soft tissue contrast and high spatial resolution used for brain disease, spinal disorders,

angiography, cardiac assessment, and musculoskeletal damage. The other common techniques are

Diffuse Optical imaging, parametric imaging and biosignals based EEG and ECG for the treatment of


cardiac and cancer problems. Biomedical data processing and analytics are extensively used for medical

diagnosis through image enhancement, segmentation, feature extraction and interpretation.

The advances in digital biomedical imaging technologies enable visualization of the structure, function

and pathology of human body effectively. These images can be acquired in multiple dimensions and with

multiple modalities through magnetic resonance imaging (MRI) and positron emission tomography

coupled with computed tomography (PET/CT). A major challenge now is to put the large amount of

imaging data in a readily usable and viewable format for interpretation. The healthcare service provider

should also consider the progress in three-dimensional visualization of biomedical data. It is the ability to

interact and navigate the image data in a realistic 3D volumetric display. These volumetric displays are

typically constructed from 2D slice images that are acquired in a regular pattern and make up a

volumetric grid. 3D visualization techniques are extensively used for image processing applications, image

guided surgery, radiotherapy and computer aided diagnosis. It is possible to perform real-time interactive

visualization of multidimensional data using low cost hardware instead of high end workstations.

Intelligent data visualization techniques are increasingly used for innovative biomedical data

interpretation in computer integrated surgery, virtual biopsy, motion activity visualization, radiotherapy,

parametric medical imaging, computer aided design and modeling of bones, muscles, cartilage,

ligaments, and tendons. Parametric imaging requires modeling and parameter estimation for certain

metabolic, pharmacokinetic, endocrine and various biochemical systems and visualization of anatomical

structures.

The healthcare consultants and medical test lab professionals have a meeting with the CIO and system

analysts. They have informed the need of intelligent data visualization techniques for correct

interpretation of test results. The system needs high accuracy of machine learning and pattern

recognition algorithms for correct image processing. For critical cases, they need the graphical

presentation of test data (e.g. blood, urine, pressure) for time series analysis. The system analysts have

also met the chief financial officer (CFO) and supply chain manager. They need intelligent analytics and

multi-dimensional data visualization techniques for analysis of revenue, cost, demand, inventory, resource

capacity, supplier’s performance, spend, quality and HR performance. These analyses are important for

financial, supply chain and human resource management, process mining, patient care and formulation of

corporate strategy and policy.

4.4 Data Warehouse & Data Mining

Business Intelligence applications requires the support of efficient data warehousing (DW)

architecture, Extract-Transform-Load (ETL) tools, Complex Event Processing (CEP) engines

and efficient data mining algorithms.


Figure 7: Data schema with data warehouse and data mining for KDD

The healthcare information system gets various types of data from registration, consulting, testing,

surgery, supply chain management, billing and discharge modules. The BI applications require

integration, cleaning and standardization of data against inconsistencies, incompleteness and noise. The

filtered data is loaded into a data warehouse (DW) server for simple and complex multidimensional SQL

query processing, data mining and case based reasoning. Intelligent relational database management

systems (RDBMS) can be used for storing and querying DW data. The system administrator is facing a

big data challenge - how to use low cost data warehouse to support large volume of data. Additionally,

the data schema requires online analytic processing (OLAP) servers for filtering, aggregation, drill-down

and pivoting of data, reporting servers to generate intelligent reports for financial analysis and supply

chain management, enterprise search engines, data mining engines, text analytic engines and web

analytics.

Decision support queries use index structures in RDBMS for filtering, join, and aggregation; materialized

views for summary of data; partitioning to divide tables and indexes into smaller manageable units and

hash and range partitioning for database maintenance. Data compression can reduce data load and the

cost of the query; results lower storage and backup costs; supports intelligent query processing on

compressed data and increases network bandwidth. Data compression is important in biomedical imaging

applications due to digital biomedical imaging systems (e.g. digital x-ray), improvement of image

resolution and online sharing of information through networks. A basic data compression system has an

encoding and a decoding component. The encoder performs compression and the decoder does

decompression. The objective of any data compression system is to reduce the size of signal data while

maintaining information integrity or a certain degree of it. Digitized medical images require storage

space and bandwidth for transportation over communication networks. Data compression is useful for


reduced storage and transmission requirements. The critical issue of medical images compression is

information integrity. Information loss should be avoided when possible. Data compression may be lossy

or lossless. Lossless compression is desirable since it maintains information integrity. Competitive

compression strategies employ predictive coding and context based coding prior to entropy coding to

enhance compression performance.

Intelligent query processing can provide multidimensional view of data; OLAP supports filtering,

aggregation, pivoting, rollup and drill down on multi-dimensional view of data. OLAP servers use

multidimensional storage engine (MOLAP) or relational DBMS engine (ROLAP) or hybrid engine (HOLAP).

MOLAP computes large data cubes to speed up query processing. In ROLAP, the multidimensional model

and its operations are mapped into relations and SQL queries. Relational database servers are the

backend of large data warehouses; they support processing of complex SQL queries from very large

databases by query optimization. The query optimizer selects a complex query and compiles that into an

execution plan. Parallel processing supports query processing over large databases for selection,

projection, join and aggregation operations. BI applications search over different types of data through

an integrated model. The search engine crawls each data source and stores the data into a central

content index for fast querying. ETL tools take care of data quality issues for correct reporting, ad hoc

queries, and predictive analysis.

Cloud data services can support hardware provisioning and server consolidation based on virtualization

and pay-as-you-go model. But, data-storage-as-a-service faces various challenges such as security and

privacy of data, access control, performance and scaling of complex query processing and intelligent

reporting. The system administrator has considered the issues of data partitioning, data compression,

query optimization, data cube, multidimensional data model, parallel processing enterprise search

engines, ETL algorithms and private cloud services for effective data warehousing at affordable cost.

Data mining algorithms are provided through statistical software packages (e.g. SAS, SPSS, MATLAB,

Microsoft Excel minor, Microstrategy) or in-database-analytics solutions for various functions such as

classification, prediction, clustering, regression, time series forecasting and association rule mining. But,

the main problem is the high cost of data mining software packages. The CIO have asked the business

analysts to explore the scope of data mining in healthcare business, select a specific set of data mining

algorithms and also to do the cost benefit analysis. He has also discussed the issue with the purchasing

manager for the procurement of costly machines such as CT scanner. For example, support vector

machine can be used as optimal margin classifier in image processing.

4.5 Electronic Medical Records (EMR)

Electronic Medical Records (EMR) is expressed by various terms such as Personal Health Record (PHR),

EMR and Electronic Patient Record (EPR). PHR contains a patient’s medical history in a digital format.


EMR is the documentation for a patient with all services provided within a healthcare service provider.

EMR should take care of system quality (accessibility, usability), information quality (readability,

accuracy) and decision support (data analysis). The data structure of EMR is complex and diverse

including demographic and historical data. Demographic data give the details of patient’s name, date of

birth, unique MRN or patient identification number (PID), address and contact details, attendants identity

proof and the details of referring doctors. The historic data provide the details of medical records like

current clinical diagnosis, medical history, medications, allergies, examination findings, treatment plan,

investigations, complications, nursing observations, treatment plans and notes of specialists. EMR

provides benefits in terms of access control, searching, information retrieval, secure storage and safe

transmission of patient data. But, the critical issues are quantity and complexity of data, use of standard

medical terminologies, diversity of data infrastructure and databases within and across enterprises and

the community.


Chapter 5 : Communication Networking Schema

The mobile communication technology and sensor networks are the basic building blocks of

m-health and telemedicine. These digital technologies can replace traditional healthcare

model in the context of home care, mobile society, changing population demographics and

expensive healthcare.

Mobile health (m-health) and telemedicine are interesting healthcare models which use wired and

wireless communication technologies for real-time health monitoring of service consumers. Telemedicine

uses transmission of medical data (e.g. health parameters measured by biosensors, medical images)

through communication channels. The people use mobile phones for consulting with doctors and

healthcare service providers during emergency situations or travel. However, the mobile commerce model

of healthcare is not matured as on date. In fact, the healthcare specialists generally like to check the

health conditions of the patients physically through face-to-face meeting. They may be confused by the

misleading communication from the patients due to lack of their knowledge and experience and make

errors in diagnosis and administration of drugs. Sensor networks are necessary to monitor health

parameters of critical patients requiring constant support. A sensor detects the presence and the variation

of physical parameters such as pressure, temperature, humidity, velocity, force, torque, slip, vibration,

contact, proximity, motion and biochemical properties in mechanical, thermal, chemical and optical

domain. Wearable medical sensors are used to monitor health parameters like heart rate, motion, body

temperature, blood pressure, pulse rate, arterial oxygen saturation, body weight, ECG and EEG

waveform. The critical constraints of sensors are cost, size, energy consumption, mobility, processing and

storage capability. The system administrator has found out that the communication schema can be used

in various ways in healthcare like notification, messaging, alert, web access, videoconferencing,

radiology, general and surgical consultation. The deployment of communications technologies and

network infrastructures can reduce the cost of conventional healthcare system and improve quality of

service for scalable operation. But the networking schema often face critical challenges like bandwidth,

channel capacity, noise, congestion, energy consumption and security and privacy of data.

Human Computer Interaction is the basic building block of a smart medical home.

Multimedia supports human computer interaction through visual information processing,

speech processing, emerging sensing modalities and virtual reality. HCI technologies can be

effectively used for surgical education and patient care, simulation of operating theatre,

videoconferencing, online shopping of drugs and healthcare products in virtual environment,

video on demand services and e-learning for remote healthcare.


The system analysts have informed the CIO about the recent trends of human computer interactions and

multimedia technologies and their applications in healthcare services. A smart medical home integrates

the healthcare information system with a patient’s home for comforts, privacy and real-time health

monitoring. Telemedicine uses multimedia technologies such as audio, visual and communication network

for medical diagnosis, treatment and patient care; health data is exchanged between patients and

physicians. Virtual reality integrates different sensing technologies of human computer interaction

seamlessly and allow the users to gain realistic experience. Computer driven simulations of operating

theater in virtual reality support surgical education and training of technical skill. Today’s smart medical

home and surgical operation theatres can use various types of multimedia technologies innovatively such

as human computer interaction, multimedia content management, multimedia delivery, telemedicine,

sensory devices, speech and conversational systems and virtual reality. Smart medical home use

electronic devices (e.g. Internet, mobile phones and interactive digital television), electrical equipments

and security devices for automation of domestic tasks, urgent communication during emergency

situations, human friendly control and personal safety. Seamless integration of different multimedia

technologies is necessary for medical devices used in a smart medical home. The objective of human

computer interaction is to mimic human-human interactions such as basic senses of human cognition.

HCI uses natural human actions such as facial expressions, body movement, speech and eye movement

to interpret and generate output. Vision and speech are two of the most critical senses used in human

computer interaction. Speech processing performs speech recognition and speech synthesis. Visual

information indicates what a man perceives through his eyes and data captured by optical cameras.

Visual information processing systems use face recognition and optical character recognition technology.

Digital technology uses the intelligence of web, videoconferencing and mobile

communication system for collaborative information seeking, virtual and critical patient care

and telemedicine.

The system analysts and networking consultants have deigned an efficient networking schema which is

expected to use web service, video conferencing and mobile communication devices intelligently. Video

conferencing enables critical patient care and virtual patient visit. But, it is a costly option. Web service

provides a trusted computing platform where the agents can share data through secure communication

channels for registration, workflow administration and time scheduling. Rural healthcare infrastructure

needs secure wired and wireless communication system for urgent cases. The system is expected to use

e-mail, social networking and mobile internet service. The rural people from remote places should be able

to communicate with healthcare specialists for necessary advice, fast aid and making transportation

arrangement through ambulances during emergency (e.g. sudden critical sickness or accidents). They


can learn the basic knowledge of medicare, hygienic life-style, family planning and preventive measures

through television and radio broadcasts conducted by the healthcare service provider.

Intelligent location based services can be effectively used for emergency situations. The system should

have a mobile device and biosensors attached with the patient’s body, a device monitored by a doctor, a

central monitoring unit embedded with location based services and wireless sensor network. The sensors

measure and collect health parameters of the patient, the doctor receives the alarm signals and CMU

controls the communication between the devices associated with the patient and doctor. Alternatively,

the patient can use global positioning system (GPS) enabled mobile device which can indicate his location

during sudden illness during emergency situation. The mobile device should be able to inform his location

details (location name, longitude, latitude) to his family member or emergency contact number

intelligently. Additionally, he should carry an identity proof with his contact, address and the name of

family members. During sudden illness, he should get the help of the police or the public or his friends

or family members in time for fast admission to the hospitals. The service consumers and the healthcare

service provider should be able to interact effectively during emergency. However, the poor people

should be able to buy such costly mobile devices and use the same in a simple way.

Knowledge is a significant asset of any healthcare service provider. It is the state of knowing and

understanding the medical problems of the patients. Data is raw numbers and facts, information is

processed data and knowledge is processed information. Knowledge management focuses on exposing

individuals to potentially useful information and facilitating assimilation of information. It involves

enhancing individuals learning and understanding through provision of correct information. The

healthcare experts should use a cooperative communication system for effective learning, solving

complex problems and intelligent decision making.

A cooperative communication schema enables creation, storage, sharing, distribution and transfer of

knowledge and information among a group of authorized entities of a complex healthcare organization. It

also provides effective search and retrieval mechanisms for locating relevant information. It is essential

for collaborative information search which may be explicit or implicit. The level of mediation implies how

aware a system is of the contribution of different searching agents and how it uses those contributions to

influence the search of the investigators. The decision making agents can collaborate synchronously or

asynchronously; they may work at the same place at the same time or may be distributed at different

sites. Different agents may play different roles in the searching process. The agents can divide the task

in different ways depending on the roles. The allocation of tasks depends on the nature of tasks, skill

and experience of the agents and the capabilities of the system that mediates information seeking.

Collaborative information seeking is gradually becoming essential in healthcare management; the

specialists should be able to find out good solutions for critical cases.


Videoconferencing is an important component of cooperative communication schema that gives

support to critical patient care and virtual patient visit, medical board meeting, consulting, dispute

resolution, telemedicine and negotiation in trading process. It provides many benefits in terms of reduced

travel cost, faster decision making, wider participation in decision making, improved quality of service,

increased productivity, improved customer relationship, better team management and expanded global

reach. It is particularly very useful for critical patient care and emergency situations when the required

skill and domain knowledge is rare at a healthcare institute. But, a field study on medical professionals

found that people process information differently between videoconference and face-to-face

communication. In videoconference, people tend to be more influenced by heuristic cues and

communication skill and likeability of the speaker rather than by the quality of arguments of the speaker.

Communication through videoconference presents the challenges of difficult audio localization, turn

taking, conversation speed, change in cue salience, asymmetrical personal distance and high level of self-

awareness and all these factors increase the cognitive workload demand from the participants as

compared to face-to-face communication. Cognitive theory has a significant implication on sense making

through videoconference. In spite of all these constraints, videoconference is useful to streamline

knowledge adoption and transfer in healthcare management. Alternatively, the healthcare specialists can

share knowledge through netmeeting software or cloud computing services.

The rapid expansion of global market, the explosive growth of information and communication

technologies, aggressive competition and the changing economic and social conditions have triggered

tremendous opportunities to provide healthcare service electronically. E-health is a significant

development of the use of emerging information and communication technologies in healthcare. E-health

while promising also presents new business challenges in terms of acceptable standards, choice of

technologies, overcoming traditional jurisdictional boundaries, upfront investment, privacy and

confidentiality of critical data. New and evolving information and communication technologies are being

adopted by healthcare service providers worldwide. It is essential for an efficient healthcare information

system to integrate different enterprise applications such as analytics, ERP, SCM and KMS through

extranet, intranet and internet for proper information flow, rational decision making and fast and correct

transaction processing. E-health requires an efficient and intelligent mechanism to provide various

benefits such as improved customer service, accuracy, ease of processing, increased productivity, quick

access to information, greater geographical reach, better coordination, reduced transaction costs, rational

decision making and efficient knowledge management. But, it has several constraints and challenges like

high cost of computation and communication, information flow, privacy of data, coordination, economic

modeling, pricing strategy, payment, fairness and correctness of service transactions and behavior of the

service consumer and provider.


Another important component of a cooperative communication schema is internet, intranet and extranet.

Web enabled enterprise applications are essential for efficient coordination, integration and workflow

control. The trading agents should be able to share strategic information with confidentiality through a

trusted computing environment. The online transactions should be processed through web maintaining

privacy, confidentiality, message integrity and non-repudiation. Secure Service Oriented Computing

(SSOC) is the basic building block of enterprise application integration. It integrates a network of

enterprises by positioning web services as the primary elements. Each web service exists as an

independent software program with distinct design characteristics. Each service is assigned a specific

function and capabilities. A service composition is a coordinated, aggregate of services that integrates

different applications through robust interfaces. A service oriented computing platform is comprised of a

distinct set of components; each component encapsulates specific business logic and service.

A service oriented computing model is expected to provide a trusted computing environment to the users

of the system. Otherwise, the malicious agents can attack the healthcare system in different ways. The

most promising technology that supports SSOC is web service. It supports the execution of various

business processes that are distributed over a network and available through standard interfaces and

protocols. Service oriented computing model requires an intelligent design paradigm to protect its users

from miscellaneous types of malicious attacks such as phishing, cross site scripting, malicious file

injection, insecure direct object reference, cross site request for query, information leakage, improper

error handling, broken authentication and session management, insecure cryptographic storage and

failure to restricted URL access. The healthcare information system should have service oriented

architecture to enhance the efficiency, agility and productivity of the agents.


Chapter 6 : Security Schema

The CIO is discussing with the system analysts, system administrator and information security

consultants on various aspects of security schema for the digital technology platform: computational

intelligence in terms of cryptography and secure multi-party computation, web security, biometric access

control and healthcare security policy. The main focus of security schema is to ensure fairness and

correctness in computation of registration card, appointment slip for consulting, prescription by

consultant, surgery schedule, quality control certificate, medical test report, discharge certificate, bills and

payment receipt, feedback form and patient’s guide. The other important issue is to preserve the privacy

of patient’s personal and medical data. There may be the risks of failure of secure multi-party

computation in terms of authentication, authorization, correct identification, privacy, audit, fairness and

correctness due to various reasons:

Incorrect data provided by the service consumers or patients to the registration associate during

registration intentionally or due to lack of knowledge or incorrect perception of the patients or

their attendants; the patients or their attendants may be irrational in information sharing properly

with the service providers.

No verification of patient’s identity correctly during registration; the cases of emergency situation

or accidents may skip verification due to unavailability of data about the patients;

Wrong entry of data into various information systems by the healthcare associates due to time

and resource constraints or misunderstanding or lack of validation of input data;

Computational errors due to wrong configuration of enterprise applications and / or errors in the

heuristics, algorithms and quantitative models and / or no updating of data (e.g. service charge,

tariff of testing, price of drugs and healthcare products; low accuracy of pattern recognition

algorithms in image processing system may result incorrect medical diagnosis.

Access control problem causing dangerous errors in information system; a malicious agent may

enter false data into HIS during the absence of authorized users;

Swap or mixing of test data of various patients or drugs administration due to confusion, poor

document management, lack of clear understanding or training of the healthcare workforce;

Errors in decision making by the health consultants due to lack of proper knowledge

management or misperception or lack of coordination among the workforce of various

departments or inappropriate enterprise application integration or error in test reports;

incomplete prescription due to memory failure or silly mistakes;

Errors in scheduling due to exceptions (e.g. unfit patients, non-availability of doctors and

surgeons);


Intentional errors due to malicious business practice, lack of ethics, casual approach and dull HR

policy; unintentional errors due to physical and mental fatigue for excessive workload and

sickness;

Lack of verification of correctness of computation in medical billing and payment processing by

the service provider and / or service consumer;

Incorrect data in patient’s help guide may cause confusions and mismatch between the

computed results and perceived one;

Incorrect feedback by the patients or their attendants due to misperception, misunderstanding of

feedback form, lack of knowledge and critical observations or casual attitude;

The system analysts and security consultants have performed a detailed risk assessment and mitigation

analysis and explored countermeasures to prevent the occurrence of these flaws and errors in future.

They have also analyzed the computational intelligence of secure multi-party computation and

cryptography and have outlined a security policy for the protection of digital technology assets. The

security policy spans over miscellaneous critical issues such as access control, inference control, web

security, data validation and verification, data recovery and back up, system maintenance schedule, user

training, work culture and HR practice.

6.1 Cryptography and Secure Multi-party Computation

Privacy is a critical concern of healthcare data; the issue can be addressed utilizing the concept of

cryptography including secure multiparty computation. The CIO, system administrator and system

analysts have designed jointly the basic building blocks of the security schema. The computational

intelligence depends on the efficiency of encryption, decryption, digital signature and signcryption

algorithms. The fundamental objectives of cryptography are to provide confidentiality, data integrity,

authentication and non-repudiation. Cryptography ensures privacy and secrecy of information through

encryption methods. The sender (S) encrypts a message (m) with encryption key and sends the cipher

text (c) to the receiver (R). R turns c back into m by decryption using secret decryption key. In this case,

an adversary may get c but cannot derive any information. R should be able to check whether m is

modified during transmission. R should be able to verify the origin of m. S should not be able to deny the

communication of m. There are two types of key based algorithms - symmetric and public key.

Symmetric key encryption scheme provides secure communication for a pair of communication partners;

the sender and the receiver agree on a key k which should be kept secret. In most cases, the encryption

and decryption key are same. In case of asymmetric or public-key algorithms, the key used for encryption

(public key) is different from the key used for decryption (private key). The decryption key cannot be


calculated from the encryption key at least in any reasonable amount of time. The widely-used public–

key cryptosystem are RSA cryptosystem (1978), Elgamal’s cryptosystem (1985) and Paillier’s

cryptosystem (1999).

In case of secure communication, cryptography ensures privacy and secrecy of sensitive data through

encryption method. The sender (S) encrypts a message (m) with encryption key and sends the cipher

text (c) to the receiver (R). R transforms c into m by decryption using secret decryption key. An

adversary may get c but cannot derive any information. R should be able to check whether m is modified

during transmission. R should be able to verify the origin of m. S should not be able to deny the

communication of m. There are two types of key based algorithms: symmetric and public key.

Symmetric key encryption scheme provides secure communication for a pair of communication partners;

the sender and the receiver agree on a key k which should be kept secret. In most cases, the encryption

and decryption keys are same. In case of asymmetric or public-key algorithms, the key used for

encryption (public key) is different from the key used for decryption (private key). The decryption key

cannot be calculated from the encryption key at least in any reasonable amount of time.

A digital signature is a cryptographic primitive by which a sender (S) can electronically sign a message

and the receiver (R) can verify the signature electronically. S informs his public key to R and owns a

private key. S signs a message with his private key. R uses the public key of S to prove that the message

is signed by S. The digital signature can verify the authenticity of S as the sender of the message. A

digital signature needs a public key system. A cryptosystem uses the private and public key of R. But, a

digital signature uses the private and public key of S. A digital signature scheme consists of various

attributes such as a plaintext message space, a signature space, a signing key space, an efficient key

generation algorithm, an efficient signing algorithm and an efficient verification algorithm. There are

various forms of digital signature such as group signature and ring signature. A group signature scheme

allows a member of a group to sign a message anonymously on behalf of the group. A designated entity

can reveal the identity of the signer in case of any dispute.

Traditional signature-then-encryption is a two step approach. At the sending end, the sender signs the

message using a digital signature and then encrypts the message. The receiver decrypts the cipher text

and verifies the signature. The cost for delivering a message is the sum of the cost of digital signature

and the cost of encryption. Signcryption is a public key primitive that fulfills the functions of digital

signature and public key encryption in a logically single step and the cost of delivering a signcrypted

message is significantly less than the cost of signature-then-encryption approach. The service oriented

computing model is vulnerable to insecure communication. An application may fail to encrypt network

traffic for sensitive communications. The basic objective of the proposed secure service oriented

computing model is that the application properly signcrypts all sensitive data. A pair of polynomial time

algorithms (S,U) are involved in signcryption scheme where S is called signcryption algorithm and U is


unsigncryption algorithm. The algorithm S signcrypts a message m and outputs a signcrypted text c. The

algorithm U unsigncrypts c and recovers the message unambiguously. (S,U) fulfill simultaneously the

properties of a secure encryption scheme and a digital signature scheme - confidentiality, unforgeability

and nonrepudiation. In a triplet Elgamal signature scheme (r,e,s), the commitment r is computed as r =

gk(mod p) where g and p are part of the public key and the commitment k is an integer independent to

such values. The signature generation scheme permits the receiver to recover the commitment by

computing r = gsye(mod p). The sender computes the commitment in such a way that it is only

recoverable by the receiver. The commitment value can be used as a symmetric key shared between the

sender and the receiver and this symmetric encryption provides message confidentiality. The recoverable

commitment value of Elgamal triplet signature scheme is used as the symmetric key to achieve

symmetric encryption of the message while the triplet signature serves the signature.

Secure Multi-party Computation : Two or more agents want to conduct a computation based on

their private inputs but neither of them wants to share its proprietary data set to other. The objective of

secure multiparty computation (SMC) is to compute with each party’s private input such that in the end

only the output is known and the private inputs are not disclosed except those which can be logically or

mathematically derived from the output. In case of secure multi-party computation, a single building

block may not be sufficient to do a task; a series of steps should be executed to solve the given problem.

Such a well-defined series of steps is called a SMC protocol. Secure multi-party computation should have

a set of properties such as privacy, fairness, correctness, independence of inputs and guaranteed output

delivery. A SMC protocol ensures correctness if each party receives correct output. Corrupted (or

malicious) parties select their inputs independently of the inputs of honest parties and honest parties

must receive their output. Corrupted parties should receive their outputs if and only if the honest parties

receive their outputs and this ensures fairness of the protocol.

A protocol preserves privacy if no agent learns anything more than its output; the only information that

should be disclosed about other agent’s inputs is what can be derived from the output itself. Secure

multi-party computation preserves privacy of data in different ways such as such as adding random noise

to data, splitting a message into multiple parts randomly and sending each part to a DMA through a

number of parties hiding the identity of the source, controlling the sequence of passing selected

messages from an agent to others through serial or parallel mode of communication, dynamically

modifying the sequence of events and agents through random selection and permuting the sequence of

messages randomly. In the study of SMC problems, two models are commonly assumed : semi-honest

model and malicious model. A semi-honest party follows the protocol properly with correct input. But

after the execution of the protocol, it is free to use all its intermediate computations to compromise

privacy. A malicious party does not need to follow the protocol properly with correct input; it can enter

the protocol with an incorrect input. A third party may exist in a protocol. A trusted third party is given all


data; it performs the computation and delivers the result. In some SMC protocols, an untrusted third

party is used to improve efficiency. This section analyzes the computational intelligence of the security

schema.

6.2. Cloud Security

Application : Web enabled enterprise solutions associated with cloud computing schema;

Agents : User of web application, system administrator;

Protocol : verify the design flaws in service oriented computing schema.

logic attack : check the main flow, sub flows and exception flows as per business rules of the application;

cross site scripting: check whether all parameters of the web application are validated properly; check the

risk of phishing attack;

injection flaws : check whether user data modify the meaning of command and queries sent to any

interpreters invoked by web application;

malicious file injection : check the use of dangerous application programming interfaces by testing and

code review;

insecure direct object reference : check through code review whether the web application allows direct

object references;

cross site request forgery : check whether web application generates authorization token that is not

automatically submitted by the web browser;

information leakage and improper error handling: check whether web application leaks any data through

error messages; check whether the application builds a trusted computing environment;

broken authentication and session management: check through code review whether the web application

properly authenticates users and protects their identities and credentials;

insecure cryptographic storage: check whether web application properly encrypts sensitive data; check

configuartion of the web server;

insecure web communication: check whether the web application ensures private communication

between the sending and receiving agents; assess the risk of snooping;

failure to restrict URL access : check whether proper access control is enforced at the presentation layer

and business logic for all URLs in the web application;

Figure : Cloud Security Verification Mechanism (CSVM)

CSVM verifies service oriented cloud computing schema to mitigate the risk of common

vulnerabilities.


CSVM addresses a set of dangerous attacks against web enabled distributed computing system. The basic

objective of CSVM is to protect the healthcare information system from phishing attacks, privacy

violations, identity theft, system compromise, data alternation, data destruction, financial and reputation

loss. Cross site scripting (XSS) flaw allows an attacker to execute malicious code in the web browser of

the user that can hijack user session, deface websites, possibly introduce worms or insert hostile content

or conduct phishing attack and take over the browser of the victim through malware. The best protection

of XSS is a combination of validation of all incoming data and appropriate encoding of all output data.

Validation allows the detection of XSS attacks and encoding prevents injection of malicious script into the

browser. Cross site request forgery (CSRF) forces the web browser of the logged on user to send a

request to a vulnerable web application which forces the victim’s browser to perform a hostile action.

Web applications rely solely on automatically submitted credentials such as session cookies, basic

authentication credentials, source IP address, SSL certificates or windows domain credentials. CSRF is

applicable to any web application that has no authorization checks against vulnerable actions.

Injection flaws allow the attacker to create, read, update or delete any arbitrary data available to the

application. Even, it may compromise the web application completely bypassing firewalled protection.

SQL injection occurs when the data input of the user is sent to an interpreter as part of a command and

query. The hostile data of the attack forces the interpreter to change the data or execute unintended

command. The common protection measures are to use strong and safe interpreters, do input validation,

use strongly typed parameterized query APIs, enforce least privileges, avoid detailed error messages, use

stored procedures, do not use dynamic query interfaces and do not use simple escaping functions.

Web application developers often trust input files improperly and the data is checked insufficiently.

Arbitrary, remote and hostile content may be processed or invoked by the web server. It allows an

attacker to perform execution of malicious code, installation of tool kit and system compromises

remotely. Flawless design is required during the construction of system architecture, design and

software testing. The application developers should use indirect object reference map, check errors,

validate user’s input and implement firewall rules appropriately. Another critical problem is insecure direct

object reference; a direct object reference occurs when a reference is exposed to a file, directory,

database records or key as a URL or form parameter. A malicious agent can manipulate these references

to access other objects without authorization. The web application should avoid exposing direct object

reference to the users by using an index, indirect reference map or other indirect validated method that

is easy to validate.

An web application can unintentionally leak information about their configuration, internal state or violate

privacy through error messages and it can launch dangerous attacks. The application should get support

from a standard exception handling mechanism to prevent the leakage of unwanted information; detailed

error handling should be limited; errors should be properly checked and should not be exploited by the

intruders. Broken authentication and session management is caused due to the failure of protection of


credentials and session tokens. It can hijack user’s or administration’s accounts, undermine authorization

and accountability controls and cause privacy violations. The common protective measures are the

adoption of efficient authentication mechanisms, secure communication and credential storage, use of

efficient session management mechanisms; invalid session identifiers should be rejected.

Insecure cryptographic storage is caused due to the failure in encrypting sensitive data; it leads to

disclosure of sensitive data and compliance violation. It is required to avoid inefficient weak cryptographic

algorithms and check whether sensitive data are encrypted properly. An web application may fail to

encrypt network traffic to protect sensitive communications. The adversary can sniff traffic from the

communication network and access sensitive data, credentials, authentication or session token. The

application should properly encrypt critical data. The only protection for a URL is that links to a page are

not presented to unauthorized users. The adversary may get access to these pages and view private

data. All URLs and business functions should be protected by an effective access control mechanism.

Web security is a very broad topic; some common critical issues have been discussed above very briefly.

There are several open issues in the design of service oriented computing schema. It is an interesting

option to interview Internet experts, web developers and programmers and analyze the complexities and

challenges in web programming issues.

6.3 Access Control

Biometrics are used for automated recognition of the users and system administrators based on their

biological and behavioral traits such as finger prints, face image, iris and voice. Traditional authentication

methods like passwords and identity documents may fail to meet reliable security and performance of

identification systems. Some physical and behavioral attributes of human beings are uniquely associated

with an individual. Biometrics capture these traits with sensors; represent them in digital format; compare

the recorded data with the data acquired from the same user previously and performs recognition.

Biometrics are applicable to the access control of enterprise solutions.

Healthcare digital technology should be protected by a robust access control mechanism. Access control

is the process of receiving the requests of the users for specific resources and data and determining

whether the request should be granted or denied. The access control system is a combination of access

control policy, model and mechanism. Access control may be based on user’s identity or role or the

regulatory constraints as defined by the system administrator. Credential based access control grant or

deny access to the resources by exploiting digital certificates and make access decisions on the basis of a

set of properties that the client should have fulfilled. This trust negotiation process may suffer from

privacy problem since the server discloses its access control policy entirely and the client exposes its

credentials certificates to gain access to a resource. An efficient negotiation strategy should restrict the


disclosure of information. The service accessibility rules specify the necessary and sufficient conditions for

accessing a resource while credential disclosure rules define the conditions that govern the release of

credentials and declarations. The server should discloses the minimal set of policies for granting access

while the client releases the minimal set of certificates to access the resource. Prerequisites are the

conditions that must be satisfied for a service request. Requisites are conditions that allow the service

request to be successfully granted. The server should not disclose a requisite rule until the client satisfies

a prerequisite rule. Biometrics can be also used for credential based access control of distributed

computing systems.

Agents: Client (C), Healthcare system server (S);

check the correctness of enrollment and recognition mechanisms for biometric access control;

C requests S for the access to a resource r such as data or application;

S requests C for prerequisites;

C informs prerequisites to S;

S requests for requisites to C;

C informs requisites to S;

S verifies the credentials provided by C;

if the verification is true, then S grants C the access to r;

else S asks C the required credentials;

C selects the requested credentials (if possible) and informs S;

S verifies the credentials of C;

if the verification is true, then S grants C the access to r;

else S rejects the request of C;

intrinsic failure: check false match, non-match and failure to enroll or acquire biometric data;

adversary attacks: check collusion, coercion, negligence, enrollment fraud, exception abuse;

infrastructure attacks: check sabotage overloading, attacks on user interface, system modules, databases

and interconnections, modification of data and information leakage, spoofing, impersonation, man in the

middle attack, replay and hill climbing.

Figure : Biometric Access Control Mechanism

Credential based access control strategy grants or denies access to the resources based on

biometric prerequisites and requisites as specified by the client during trust negotiation

process.

The biometric access control mechanism verifies the security intelligence of a biometric access control

system associated with healthcare information system. It basically explores the risks of various threats on


biometric access control. A user presents his or her biometric identity to a biometric system for the

purpose of being recognized. Biometric systems can be used efficiently for authentication, nonrepudiation

and identity recognition claim. Biometric recognition is the science of establishing the identity of the user

based on his or her physical and or behavioral characteristics either in fully automated or a semi-

automated way. A biometric system measures one or more physical or behavioral traits such as finger

print, palm print, face, iris, retina, ear, voice, signature, gait, hand vein, odor or DNA information of an

individual to determine or verify his identity. These characteristics are known as traits, indicators,

identifiers or modalities. The biometric mechanism has two phases – enrollment and recognition. During

enrollment, biometric data is acquired from the individuals and stored in a database along with the

person’s identity. During recognition, biometric data is acquired from the individual and compared with

the stored data to determine the identity of the user.

The failure to a biometric system is basically a security threat - denial of service (DoS), intrusion,

repudiation and function creep. The legitimate users may be prevented from obtaining access to the

information assets. An unauthorized user may gain illegitimate access to the system and this intrusion

affects the basic integrity of the system. A legitimate user denies the usage of system or data after

having access to it. Corrupted users may deny their actions. An adversary may exploit the biometric

system for different function. The biometric system may fail due to flaws in enrollment and recognition

mechanisms. It may also fail due to manipulation by adversaries which could either be insider or external

entities. External entities may be imposters and attackers. Insiders may be system administrators or

legitimate corrupter users. Insider attacks may be collusion, coercion, negligence, enrollment fraud and

exception abuse. Infrastructure attacks may be due to sabotage overloading; it may be attacks on user

interface, system modules, interconnections and template databases. Attacks on user interface result

impersonation spoofing alternation. Attacks on system modules cause modification and exploit faults.

Attacks on interconnections cause man-in-the-middle, replay or hill climbing. Attacks on template

database result modification and leakage of critical sensitive data.

An adversary may attack human element or system infrastructure associated with a biometric system.

The system administrators may do mistakes in enrollment, disenrollment of users or in adjustment of

security parameters controlling the performance of a biometric system such as threshold on match scores

and minimum limits on the quality of acquired biometric sample. The administrator may do mistakes and

breach the security of biometric system. In case of collusion, an authorized user willingly turns malicious

and attacks the system either individually or in collaboration with external adversaries. A coerced user

does not carry out any attack willingly. An authorized user is forced to turn malicious through physical

threat or blackmail. External attackers can also exploit the negligence of authorized users such as log out

of the system after completing transactions. In case of enrollment fraud, an adversary may be able to

enroll into the biometric system illegally with a false identity and credentials. The system administrator

should detect a duplicate identity by matching the biometric traits of a new user against the traits of all


enrolled users. Another critical issue is exception abuse where exceptional situations may cause denial of

service to legitimate users. It may be the failure of hardware and software components of a biometric

system or poor quality of data (e.g. noise, missing data) during enrollment phase.

An adversary may attack the functional modules of a biometric system infrastructure such as sensor,

extractor, template database, matches or attacks at the interface of the modules and decision modules.

The common types of attacks are overloading and sabotage. A malicious agent may cause physical

damage to one or more components of the biometric infrastructure such as putting off power supply,

damaging of sensor interfaces or introducing excessive noise that affects the normal operation of

biometric system. An imposter may attempt to intrude the biometric system by posing himself as an

authorized user either casually or targeted way. The imposter does not modify his biometric traits in the

first case. In the second case, the imposter may target an identity whose biometric characteristics are

known to be similar to its traits. The imposter may execute mimicry attack by modifying his biometric

characteristics. It may adopt the strategy of obfuscation by changing biometric characteristics to avoid

detection. It is mainly applicable in negative recognition applications. Obfuscation can be done by

presenting a poor quality image or noisy biometric sample. The solution is to improve the robustness of

biometric algorithm.

Spoofing is the most common attack at user interface level and it involves the presentation of spoof

biometric trait. A spoof is any counterfeit biometric that is not obtained from a live person. It includes the

presentation of fake or artificial traits such as gummy finger, thin film on the top of a finger, recorded

voice or mask of a face. If the sensor is unable to distinguish between spoofed and genuine biometric

traits, an adversary can easily intrude the system under a false identity. Spoof detection is done through

liveness detection by checking the signs of human vitality or liveness through blood pulse. Spoofing can

be done by directly colluding with or coercing an authorized user, covert acquisition, hill climbing attacks

or stealing the biometric template from the database. For spoof detection, common psychological

properties used include pulse rate, blood pressure, perspiration, spectral or optical properties of human

skin, electrical conductivity of human tissues and skin deformation. A malicious agent can subvert

biometric processing by directly undermining the core functional modules of a biometric system such as

signal processing or pattern making algorithms or by manipulating the communication between these

modules. Template database can be hacked or modified by an adversary to gain unauthorized access or

to deny access to legitimate users. There may be leakage of stored biometric template information due to

lack of strict database access control.

The biometric system is a costly option in information security management; it requires complex data

schema in terms of data warehousing and data structure. It ensures non-repudiation authentication and

integrity, only legitimate or authorized users are able to access physical or logical resources protected by

it. The imposters can not access the protected resources or information. Another important issue is

availability where authorized users must have timely and reliable access to the protected data. It also


ensures confidentiality; it must be used for the intended functionality i.e. credential based access control.

A user can be recognized by what he knows (e.g. passwords, PIN or cryptographic key), what he

possesses (e.g. passport, driving license, mobile phone, ID card) and who he is intrinsically (e.g. inherent

physical and behavioral characteristics). The proliferation of web based services and deployment of

distributed computing systems have led to the risks of identity theft significantly. Facial recognition

software, voice recognition system and digital fingerprint or palm scanning are emerging trends of

biometrics. The traits such as fingerprints, retina, vein patterns and facial dimensions are generally

considered unique user profile but these features may be associated with a fake user ID intentionally or

by mistake during registration process. Biometric data management should take care of user privacy and

institutional convenience simultaneously.

6.4 Inference Control

Agents: Client (C), Healthcare system administrator (A);

Input: Query for sensitive patient data (q);

Output : Private data (dps);

CA: q;

A: Retrieve patient data (ds); Call move (Mi) for privacy preserving data mining;

M1: Suppress ds partially;

M2: Randomize ds;

M3: Achieve k-anonymity through generalization, suppression, de-identification;

M4: Summarize or aggregate ds;

M5: Replace ds with a small sample;

A C: dps ;

Verify the performance and efficiency of algorithms: encryption, decryption, digital signature, digital

certificate, signcryption;

Verify the degree of information leakage in inference control.

Figure : Inference Control Mechanism

A client interacts with the healthcare information system administrator through enterprise applications or

web; submits simple or complex queries and searches for intelligent information. A malicious agent may

be able to attack the server during this communication between sending and receiving agents. The

inference control mechanism tries to protect sensitive data from unsolicited or unsanctioned disclosure of

patient’s medical data by calling different statistical disclosure control and privacy preserving data mining

techniques. The privacy of sensitive patient’s data may be preserved by suppressing the data intelligently

before any disclosure or computation. Specific attributes of particular records may be suppressed


completely. In case of partial suppression, an exact attribute value is replaced with a less informative

value by rounding or using intervals. K-anonymity is achieved through generalization, suppression and

de-identification. The attribute values are generalized to a range to reduce the granularity of

representation. Quasi-identifier attributes are completely or partially suppressed. De-identification is

achieved by suppressing the identity linked to a specific record or altering the dataset to limit identity

linkage. Summarization releases the data in the form of a summary that allows approximate evaluation

of certain classes of aggregate queries while hiding individual records. The sensitive data set may be

replaced with a small sample. Aggregation presents data in the form of sum, average or count.

Randomization perturbs the data randomly before sending them to the server and introduces some noise.

The noise can be introduced by adding or multiplying random values to numerical attributes. The system

administrator generally preserves the privacy of sensitive data through encryption, decryption, digital

signature and certificates and signcryption. PVM checks whether different statistical disclosure control

techniques are really able to preserve the privacy of sensitive DCS data from the adversaries during

communication with the client through web or different enterprise applications.

The mechanism allows the service consumer and healthcare service provider to verify the

fairness and correctness of transactions through an efficient dispute resolution protocol.

Dispute resolution is a critical issue of patient care, strategic sourcing, accounts payable and receivables

management and contracts negotiation in healthcareflow mechanism. If the trading agents violate the

regulatory compliance of the mechanism, a trusted entity should resolve the issues of dispute and ensure

the credibility, reliability and robustness of the mechanism. The service consumer verifies the fairness

and correctness of invoice computation before clearing the payment to the service provider. The disputes

may occur among multiple tiers of the healthcare supply chain such as between tier 1 and tier 2 or tier 2

and tier 3 or tier 3 and 4/5/6 (Figure 1).

In case of accounts payable management, the receipt of an invoice from a vendor triggers the invoice

verification process. The procedure involves a three way match between purchase order, goods receipt

note and invoice. If the quantity and price of the three documents match, the payment will be paid to the

vendor as per payment terms. If there is any mismatch, the invoice will be blocked. The account payable

associate investigates the disputes; takes the necessary corrective action and unblocks the invoices. If

the vendor does not accept the recommendations of accounts payable management system, a third party

trustee should review the fraud case and should verify the contract between the healthcare service

provider and the vendor. The rating of the vendor may be reevaluated on the basis of such disputes and

the vendor may be blacklisted for any malicious business practice.

In figure 8, Alice sends a contractual message m to Bob. Bob can verify that the message is sent by Alice

since the public key of Alice is used for verification. The public key of Alice can not verify the signature


signed by the private key of any other malicious agent. The scheme also preserves the integrity of the

message. If a message is altered during communication, the receiver can detect this change. Another

important issue is non-repudiation. If Alice signs a message and then denies it, Bob can prove that Alice

signs the message. A trusted center (TC) resolves any dispute. Alice creates a signature from her

message and sends the message, her identity, Bob’s identity and the signature to TC. TC verifies the

source of the message using Alice’s public key. TC saves a copy of the message with the identity of Alice,

the identity of Bob and a timestamp. TC generates a new signature from the message using its private

key and sends the message, the new signature, Alice’s identity and Bob’s identity to Bob. Bob verifies the

message using the public key of TC and his private key. In future, if Alice denies that she is the sender of

the message, TC can show a copy of the saved message. Alice will lose the dispute if the message

received by Bob is the duplicate of the message saved by TC.

Figure 8. Dispute resolution protocol

The healthcare information system is expected to be a resilient system. The resiliency measures the

ability to and the speed at which the system can return to normal performance level following a

disruption. Real-time security management involves high cost of computation and communication. The

vulnerability of HIS to a disruptive event should be viewed as a combination of likelihood of a disruption

and its potential severity. The HIS administrator must do two critical tasks: assess risks and mitigate the

assessed risks. To assess risks, the system administrator should explore basic security intelligence: what

can go wrong in HIS operation? what is the probability of the disruption? how severe it will be? what are

the consequences if the disruption occurs? A HIS vulnerability map can be modeled through a set of

expected risk metrics, probability of disruptive event and the magnitude of consequences. For example,

the map has four quadrants in a two dimensional space; the vertical axis represents the probability of

disruptive event and the horizontal axis represents the magnitude of the consequences.


The system administrator faces a set of challenges to solve the problem of resiliency: what are the critical

issues to be focused on? what can be done to reduce the probability of a disruption? what can be done to

reduce the impact of a disruption? How to improve the resiliency of the healthcare information system?

The critical steps of risk assessment are to identify a set of feasible risk metrics; assess the probability of

each risk metric; assess severity of each risk metric and plot each risk metric in HIS vulnerability map.

The critical steps of risk mitigation are to prioritize risks; do causal analysis for each risk metric; develop

specific strategies for each cell of vulnerability map and be adaptive and do real-time system monitoring.

The security consultant has proposed a roadmap for digital defense of healthcare information system.

Figure 9: Digital Transformation Security Roadmap

E-health system faces critical legal, ethical and psychological issues from the perspectives of security,

privacy, confidentiality and organizational policy. Security and privacy of data is important from the

perspectives of access control, data storage, version control of critical applications, accountability,

traceability and transparency E-healthcare information should be managed in a digital environment

through efficient security principles, privacy laws and policies in the domain of shared and managed care.

Shared care is a healthcare service that is delivered at multiple locations and by multiple service providers

through sharing of the medical information of the patients. Managed care is characterized by cost

reduction and quality enhancement techniques practiced by either healthcare service providers or

insurance companies. Both paradigms require secure exchange of patient’s private data through internet.

Pseudonymisation and anonymisation may be good techniques for distributed e-health system.

Compliance requires a good security policy for a set of standards for data acquisition, storage,

communication, authentication and authorization. The CIO and security analysts have pointed out the

critical challenges of security schema such as law, policy, standards, human factors and data exchange.

It is really complex to manage the issues of mandatory disclosure, mapping to formal technical

specification, legal and compliance factors, trust, patient’s consent, identity theft, confidentiality

breaches, theft of hardware, electronic interception of exchanged data, accidental disclosure and

dissemination. Patient’s data privacy and the sharing of healthcare data may result disputes. The law

seeks to protect patient privacy. Many standards support exchange of patient’s data. Law and standards

should cooperate and complement each other in privacy protection.

Identify the scope of digital defense, define objectives, constraints and allocate optimal budget

Maintain and upgrade security schema for a resilient healthcare information system

Deploy security solutions for trusted computing, data, networking and application schema

Develop a set of verification mechanisms for security intelligence

Call threat analytics: assess risks, mitigate risks and define security policy

Identify digital technology assets and computevaluation of the assets


Chapter 7 : Information Management Schema

7.1 Organization Structure

The business analysts have developed intelligent organization structures for digital transformation. The

digital technology department is governed by the Chief Manager. The managers of information,

communication and biomedical engineering report to the Chief Manager. The analysts of application,

data, security, computing and system maintenance report to the information technology manager. The

system department is responsible for management of digital technology i.e. information, communication

and biomedical instrumentation, DT investment analysis and DT portfolio optimization. The Chief

Manager coordinates with finance, innovation and HR departments.

The whole organization is governed by the Chief Executive Officer (CEO) who looks after corporate

strategy and policy formulation and overall coordination among various departments. The Chef Managers

of digital technology (CIO), finance (CFO), healthcare operations, HR and Innovation departments report

to the CEO. The Mangers of registration, admission and discharge, healthcare consultants and surgeons,

supply chain coordination, test lab, nursing, billing and payment processing report to the Chief Manager,

Healthcare Operations. The finance department is responsible for financial and cost accounting, pricing,

revenue management budget planning, capital allocation and project management. The innovation

department has separate cells for business consulting, technology consulting and research on medical

science. The medical science cell manages the administration of academy of medicine. The supply chain

manager controls supply chain planning, collaboration and execution, purchasing, warehousing, quality

control and inspection and transportation functions. The HR department is responsible for talent

acquisition, training, performance evaluation, career growth planning, reward and retirement planning.

Figure 10 : Organization Structure of Healthcare Service Provider

The Chief Executive(CEO)

The Chief Manager Digital

Technology

The Chief Manager

Innovation(R&D)

The Chief Manager Human

Resources

The Chief Manager

HeathcareOperations

The Chief Manager Finance(CFO)

Billing & Payment

ProcessingManager

Test Lab & Nursing Manager

Supply chain Manager

HealthcareConsultants &

Surgeons

Registration Admission &

DischargeManager


Figure 11 : Organization Structure of Digital Technology Department

7.2 Investment Analytics for Digital Technology Portfolio Optimization

The healthcare service provider needs financial investment analytics for digital technology

portfolio optimization.

The CIO and CFO have jointly discussed various options of financial investment for digital transformation.

The options are transformation, renewal, process improvement and experiment. The drivers for

transformation are the core technology schema not suitable for modern healthcare business model.

Executive level fund allocation is required for ERP and business intelligence system implementation and

the whole enterprise may be the owner of the project. The drivers of system renewal are obsolete

outdated technology, threat of new technology, cost reduction and improvement of quality of service.

Business case based funding approach is required by CIO for the replacement old obsolete technology

and purchasing of new technology. The owner of the project is a specific service unit. The drivers of

process improvement are the opportunities to improve business performance and operational excellence.

Strategic business unit and process owner own the project through business case based funding

approach for automation and streamlining of business processes. The drivers of various types innovative

experiments are the new technology (e.g. SMAC), product, process and business model. IT unit and

functional head own these projects through business level and executive level allocation. The system and

business analysts have identified the priority of various types of projects. Experimental projects are

needed for SMAC technology, HCI and smart home; ERP, E-health and m-health projects are important

for digital transformation and process improvement. The old word processing and spreadsheets systems

should be renewed to manage large amount of complex transactional data.

The Chief Manager Digital Technology

Manager InformationTechnology

Manager CommunicationTechnology

Manager Biomedical Engineering

ApplicationAnalysts

DataAnalysts

SecurityAnalysts

ComputingAnalysts

SystemMaintenance


Figure 12: IT investment analysis

7.3 Strategic Roadmap of Digital Transformation Project

The top management are interested in investment on value adding digital technology and

bioinstrumentation. They are interested to adopt a rational fund allocation approach through systematic

project management, planning, monitoring and effective coordination among various units and

departments. The fundaments steps of any digital technology project involve scope analysis, business

process mapping in terms of analyze as-is process, gap analysis and design to-be process, program

planning and project team formation, selection of application schema like products, modules, vendors

and consultants, selection of computing schema, hardware sizing and networking schema, master

database configuration, customization of reports, screens and interfaces, system and user acceptance


testing, user training, migration to the new system, system monitoring and performance optimization.

The CIO has proposed a cross functional project team for digital transformation comprising business and

technical analysts, consultants, researchers and users. There are various options of system

implementation approaches such as big bang, phased, selective modular and pilot implementation. The

top management would like to adopt phased approach for digital transformation. The CIO has presented

a list of critical success factors of digital transformation projects to the top mangement.

Understand corporate culture in terms of readiness and capability for change.

Begin business process changes prior to implementation.

Communicate continuously with all levels of new users in business, not only technical terms. Set

reasonable expectations.

Obtain top executive sponsorship for the project.

Ensure the project managers are capable of negotiating equally between the technical, business

and change management requirements.

Choose a balanced team and provide it with clear role definitions.

Select a good proven project methodology with performance measurements.

Evaluate vendors and consultants carefully. Be sure that the software more-or-less fits your

organizational requirements and the consulting firm has delivery capabilities.

Train users and provide support for job changes.

Remain alert for political influences on the project and deal with them appropriately.

Ensure process team’s ownership of the process during implementation.

7.4 Rural Healthcare

Digital transformation is not only applicable to urban healthcare system, but also important for rural

healthcare. Rural healthcare faces various types of constraints such as non-availability of drugs in time

due to lack of supply chain coordination, old and obsolete information and communication technology

infrastructure, poor quality of service and outcome due to operational and administrative failure,

malnutrition of mothers and children, poor healthcare programme management, flawed HR model with

poor incentives, nonavailability of knowledge management system and performance scorecard and lack

of skilled healthcare experts. Rural healthcare system may fail to deliver quality of service due to lack of

proper infrastructure, skill, medical errors, hospital acquired infection and suffering from injury illness as

a consequence of treatment and surgical operations. Regularity compliance and economic incentives can

improve the commitment of the rural healthcare service providers. The rual healthcare system needs

efficient mechanism which can reward the health specialists based on patient’s outcome instead of

number of patients treated. The system requires improvement in lowering infections, primary care,

nursing care, medication administration and the improvement of clinical and nonclinical processes. It has


direct impact on safety, quality, efficiency, reliability and timeliness of healthcare. The system also

requires good coordination mechanisms for complex treatment procedure and good performance of the

healthcare workforce. They need good medical practice and standards. They should be clear about their

tasks that must be done; who should be doing what and how to perform that task. Typically, care is

organized around different functions and those function need proper coordination and integration. The

rural healthcare system needs a group of bright, dedicated and skilled workforce. The rural healthcare

also needs disruptive innovations through proper integration among insurers, regulators, managed care

organizations, hospitals and health specialists. Instead of following old practice, the system

administrators should ask how they can enable or facilitate disruptive innovations to emerge.

Digital transformation is an innovative approach to ensure fairness, correctness and good outcome in

rural healthcare system. The top management have asked the CIO and his team and also innovation cell

to explore critical problems of their rural healthcare units. Is it possible to organize care into integrated

practice units around patient medical conditions, measure outcomes and costs, reimburse flexibly through

combinatorial pricing scheme for care cycles, integrate care delivery across separate facilities, expand

areas of excellence across villages and create an enabling information and communication technology

platform?

Conclusion

The algorithmic mechanisms and protocols presented in this work assumes that the agents act rationally

to achieve their objectives and follow the protocols correctly with correct inputs. They are effective in a

trusted service oriented computing environment. It is an emerging cross-disciplinary paradigm of

distributed computing that is changing the design pattern and architecture of complex information

system. A set of autonomous service components act in a collaborative computing environment. The

mechanisms and protocols do not study any malicious behavior of the trading agents and specific types

of administrative inefficiencies which can disrupt normal healthcare service. It includes the collusion of

the trading agents against regulatory compliance, financial fraud in e-transactions, quality problems in

testing and sourcing, non-availability, poor performance and failure of medical equipments, malicious

work culture, medical negligence, unauthorized absence (excluding casual leave, earned leave and

medical leave), excessive work load, strikes and physical security problem of healthcare service provider.

The healthcare workforce expect to work freely in a collaborative, flexible and ethical work culture

without any financial, physical, mental and cultural constraints and pressures.

Globally healthcare organizations are undertaking massive business process reengineering initiatives and

many of these reforms are supported by the strategic use of advanced information and communication

technology. The proposed outline of digital transformation should provide better integration and

improved coordination of flows of material, information and funds within and across healthcare firms,


experts and patients. This results improved patient care, greater accuracy, cost efficiency, ease of

processing, increased productivity and fast response time in healthcare service. Service oriented

computing results improved interoperability, increased federation, and organizational agility through a

standardized, flexible, reliable and scalable architecture. An intelligent mechanism should explore other

strategic moves such as medical education technology, corporate social responsibilities, integrated

healthcare networks, childcare, improved monitoring system, RFID, GPS, video-conferencing, virtual

patient visit, telemedicine, real-time human computer interaction, bio-sensors, biotechnology, bio-

instrumentation, bio-informatics and effects of environmental pollution (e.g. air, water, soil, sound,

sunlight) and climate change for improved quality of service at reasonable cost.


References

A.K.Jain. Biometric recognition. Nature, 449:38-40. 2007.

B.Schneier. Applied Cryptography. John Wiley, New York,1996.

C.Ferran and S.Watt. Videoconferencing in the field: A heuristic processing model. Management Science,

volume 54, no. 9, September, 2008, 1565 - 1578.

C.McGregor and J.M.Eklund. Real-time Service-oriented architectures to support remote critical care:

trends and challenges. Annual IEEE International Computer software and applications conference,2008.

D.B.Leake (editor). Case based reasoning experience, lessons and future directions. AAAI Press / MIT

Press,1996.

D.Kim. An integrated supply chain management system: a case study in healthcare. volume 3590,

Lecture Notes in Computer Science, Springer,2005.

D. Seifert. Collaborative planning, forecasting and replenishment. Galliers Business,2002.

F.Kart, G.Miao, L.E.Moser and P.M.Melliar-Smith. A distributed e-healthcare system based on the service

oriented architecture. IEEE International Conference on Services Computing, 2007, pp.652-659.

G.Anandalingam, R.W.Day and S.Raghavan. The landscape of electronic market design. Management

Science, 51(3), 2006, pp. 316-327.

G.Ateniese, R.Curtmola, B. Medeiros and D.Davis. Medical information privacy assurance: Cryptographic

and system aspects. Technical Report, John Hopkins University,2003.

G.Ateniese and B.Medeioros. Anonymous E-prescription, Proceedings of ACM Workshop on Privacy in the

Electronic Society,USA,2002.

G.Ateniese, M.Joye, J.Camenish and G.Tsudik. A practical and provably secure coalition resistant group

signature scheme. Advances in cryptology, Crypto’00, Volume 1880, LNCS, Springer Verlag, 2000, pp.

255-270.


G.Kramer, I.Meric and R.D.Yates. Cooperative communications. Foundations and trends in networking,

volume 1, no. 3-4, 2006, 271- 425.

G. Peterson. Service oriented security architecture. Information Security Bulletin, vol.10,2005.

J.L.Kolodner. Case based reasoning. Morgan Kaufmann. CA.1993.

J.L.Kolodner. An introduction to case based reasoning. Artificial Intelligence Review, 6(1):3-34,1992.

J.L.Kolodner and W.Mark. Case based reasoning. IEEE Expert, 7(5):5-6,1992.

http://www.owasp.org accessed on 15.08.2008.

I.Watson. Applying Case-based reasoning: Techniques for enterprise systems. CA. 1997.

J.Emanuele and L.Coetter. Siemens Medical Solutions, USA. Workflow opportunities and challenges in

healthcare. www.usa.siemens.com/medical. 2007.

J.Kalvenes and A.Basu. Design of robust business-to-business electronic marketplace with guaranteed

privacy. Management Science, 11, 2006, pp. 1721-1736.

J.Liebowitz. Knowledge management handbook. CRC Press,1999.

J. Y. Kim, P. Farmer, M. E. Porter (2013). Redefining global healthcare delivery, The Lancet. 2013

May 20, 2013

K.Althoff, R.Bergmann and L.K. Branting. Case based reasoning research and development. Proceedings

of 3rd International Conference on Case Based Reasoning, Germany, 1999.

K. Ramdas, E. O. Teisberg, A. L. Tucker. Four Ways to Reinvent Service Delivery. Harvard Business

Review. December, 2012.

K. Sayood. Introduction to Data Compression. 3rd ed. Morgan KauVman Publishers, 2006.

M.Alavi and D.E.Leidner. Review: Knowledge management and knowledge management systems:

Conceptual foundations and research issues, MIS Quarterly Review. Volume25, March’2001


M. Armburst et al. A view of cloud computing, Communications of the ACM, 53(4), 50-58. 2010.

M.Beyer, A.Kuhn, C.Meiler, S.Jablonski and R.Lenz. Towards a flexible process oriented IT architecture for

an integrated healthcare network. Proceedings of ACM Symposium on Applied Computing, 2004, pp. 264-

271.

M.C.Reddy, S.Purao and M.Kelly. Developing IT infrastructure for rural hospitals: A case study of benefits

and challenges of hospital-to-hospital partnerships. Journal of American Medical Inform Association, vol.

15, 2008,pp. 554-558.

M. Fitzgerald, N. Kruschwitz, D. Bonnet and M. Welch. Embracing Digital Technology A New Strategic

Imperative, MIT Sloan Management Review, Research report, 2013.

M. E. Porter, E. A. Pabo and T.H.Lee. Redesigning Primary Care: A Strategic Vision To Improve Value By

Organizing Around Patients' Needs. Health Affairs. 2013.

M.E.Porter and E.O.,Teisber. Redefining healthcare Creating Value-Based Competition on Results.

Harvard Business School Press, 2006.

M.K.Bourke. Strategy and architecture of healthcare information systems, Springer,1994.

M.K.Franklin and M.K.Reiter. The design and implementation of a secure auction service. IEEE

Transactions Software Engineering, 22(5), 1996, pp.302-312.

M.Gertz and S.Jajodia. Handbook of database security applications and trends. 2008.

M. Rosen, B.Lublinsky, K.T. Smith and M.J. Balcer. Applied SOA Service oriented architecture and design

strategies. Wiley India,2008.

M.Subramanian, A.S. Ali, O. Rana, A. Hardisty and E.Conley. Healthcare@Home: Research models for

patient centered healthcare services. Proceedings of International symposium on Modern Computing,

2006, pp. 107-113.

O. Goldreich. Foundations of Cryptography, Basic Applications. Volume 2. Cambridge University Press.

2004.


P.Bonatti and P. Samarat. A unified framework for regulating access and information release on the web.

Journal of Computer Security 10(3) (2002) 241-272.

P.N.Tan, M.Steinbach and V. Kumar. Introduction to data mining. Pearson, Addison-Wesley. 2006.

P. Weill and S. L. Woerner, Optimizing Your Digital Business Model, MIT Sloan Management Review,

Spring 2013, Volume 54, No. 3.

R.Buyya, R., C.S.Yeo, S.Venugopal, j. Broberg,J. and I.Brandic. Cloud computing and emerging IT

platforms: Vision, hype and reality for delivering computing as the 5th utility. Future generation computer

systems. 2009.

R.Bottle, J.Konnell, S.Pankanti, N.Ratha and A.Senior. Guide to Biometrics. Springer. 2003.

R.McAdam and S.McCreedy. A critical review of knowledge management models. The Learning

organization, volume 6, No. 3, 1999, 91-100

R.S.Sriram, V. Arunachalam and D.M.Ivancevich. EDI adoption and implementation an examination of

perceived operational and strategic benefits and controls. Journal of Information Systems Spring, 14(1),

2000, pp. 37-52.

S. Chakraborty. A study of several privacy-preserving multi-party negotiation problems with applications

to supply chain management. Doctoral dissertation (unpublished), Indian Institute of Management

Calcutta. 2007.

S. Chaudhuri. An overview of query optimization in relational systems. ACM PODS 1998.

S.Chaudhuri, S. and U.Dayal. An overview of data warehousing and OLAP technology. SIGMOD Record

26, 1 (1997).

S.Chaudhuri, S., U. Dayal, U. and V. Ganti. Database technology for decision support systems. IEEE

Computer 34, 12 (2001).

S. Chaudhuri, S. and V.Narasayya. Self-tuning database systems: a decade of progress. In Proceedings of

VLDB 2007.


S.G.Stubblebine, P.F. Syerson and D.M.Goldschlag. Unlinkable serial transactions: protocols and

applications. ACM Transactions Information System Security, 2(4), 1999, pp. 354-389.

S.Johnson. Modeling security concerns in service oriented architecture, 2004.

S.K.Sharma, H. Xu, N.Wickramsinghe and N.Ahmed. Electronic healthcare: issues and challenges.

International Journal Electronic Healthcare, 2(1),2006.

S.Prabhakar, S.Pankanti and A.K.Jain. Biometric recognition: security and privacy concerns. IEEE security

and privacy magazine. 1(2):33-42, March - April. 2003

T. Earl. SOA Principles of service design. Prentice Hall,2007.

T.J.Parenty. Digital defense what you should know about protecting your company’s assets. Harvard

Business School Press. 2003.

W.M.Omar and A.Taleb-Bendiab. Service oriented architecture for e-health support services based on grid

computing. Proceedings of IEEE International Conferences on Service Oriented Computing, 2006, pp.

135-142.

W. Mao Modern Cryptography Theory & Practice. Pearson Education,2007.

Y. Lindell and B. Pinkas. Privacy preserving data mining. In Advances in Cryptology - Crypto 2000, LNCS

1880. 2003.

Y. Lindell. Composition of secure multi-party protocols a comprehensive study. Springer. 2003

Y.Zheng. Digital signcryption or how to achieve cost (signature & encryption) << cost (signature) + cost

(encryption). Lecture Notes in Computer Science, vol. 1318, Springer-Verlag.

Book price : Rs. 5000

Healthcare System Innovization through Digital Transformation

Documents

Transcript of Healthcare System Innovization through Digital Transformation