Operational disruption in healthcare associated with software functionality issue due to software security patching: a case report

IF 3.2 Q1 HEALTH CARE SCIENCES & SERVICES

Frontiers in digital health Pub Date : 2024-03-14 DOI:10.3389/fdgth.2024.1367431

M. S. R. Jabin

{"title":"Operational disruption in healthcare associated with software functionality issue due to software security patching: a case report","authors":"M. S. R. Jabin","doi":"10.3389/fdgth.2024.1367431","DOIUrl":null,"url":null,"abstract":"Despite many benefits, the extensive deployment of Health Information Technology (HIT) systems by healthcare organizations has encountered many challenges, particularly in the field of telemetry concerning patient monitoring and its operational workflow. These challenges can add more layers of complexity when an unplanned software security patching is performed, affecting patient monitoring and causing disruption in daily clinical operations. This study is a reflection on what happened associated with software security patching and why it happened through the lens of an incident report to develop potential preventive and corrective strategies using qualitative analyses—inductive and deductive approaches. There is a need for such analyses to identify the underlying mechanism behind such issues since very limited research has been conducted on the study of software patching. The incident was classified as a “software functionality” issue, and the consequence was an “incident with a noticeable consequence but no patient harm”, and the contributing factor was a software update, i.e., software security patching. This report describes how insufficient planning of software patching, lack of training for healthcare professionals, contingency planning on unplanned system disruption, and HIT system configuration can compromise healthcare quality and cause risks to patient safety. We propose 15 preventive and corrective strategies grouped under four key areas based on the system approach and social-technical aspects of the patching process. The key areas are (i) preparing, developing, and deploying patches; (ii) training the frontline operators; (iii) ensuring contingency planning; and (iv) establishing configuration and communication between systems. These strategies are expected to minimize the risk of HIT-related incidents, enhance software security patch management in healthcare organizations, and improve patient safety. However, further discussion should be continued about general HIT problems connected to software security patching.","PeriodicalId":73078,"journal":{"name":"Frontiers in digital health","volume":null,"pages":null},"PeriodicalIF":3.2000,"publicationDate":"2024-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Frontiers in digital health","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3389/fdgth.2024.1367431","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}

引用次数: 0

Abstract

Despite many benefits, the extensive deployment of Health Information Technology (HIT) systems by healthcare organizations has encountered many challenges, particularly in the field of telemetry concerning patient monitoring and its operational workflow. These challenges can add more layers of complexity when an unplanned software security patching is performed, affecting patient monitoring and causing disruption in daily clinical operations. This study is a reflection on what happened associated with software security patching and why it happened through the lens of an incident report to develop potential preventive and corrective strategies using qualitative analyses—inductive and deductive approaches. There is a need for such analyses to identify the underlying mechanism behind such issues since very limited research has been conducted on the study of software patching. The incident was classified as a “software functionality” issue, and the consequence was an “incident with a noticeable consequence but no patient harm”, and the contributing factor was a software update, i.e., software security patching. This report describes how insufficient planning of software patching, lack of training for healthcare professionals, contingency planning on unplanned system disruption, and HIT system configuration can compromise healthcare quality and cause risks to patient safety. We propose 15 preventive and corrective strategies grouped under four key areas based on the system approach and social-technical aspects of the patching process. The key areas are (i) preparing, developing, and deploying patches; (ii) training the frontline operators; (iii) ensuring contingency planning; and (iv) establishing configuration and communication between systems. These strategies are expected to minimize the risk of HIT-related incidents, enhance software security patch management in healthcare organizations, and improve patient safety. However, further discussion should be continued about general HIT problems connected to software security patching.

查看原文本刊更多论文

软件安全补丁导致的软件功能问题引发的医疗保健业务中断：案例报告

尽管医疗机构广泛部署医疗信息技术（HIT）系统有许多好处，但也遇到了许多挑战，尤其是在有关病人监护及其操作工作流程的遥测领域。当计划外的软件安全补丁执行时，这些挑战可能会增加复杂性，影响患者监护并导致日常临床操作中断。本研究通过事件报告的视角，对与软件安全补丁相关的事件及其原因进行了反思，并采用定性分析--归纳和演绎的方法，制定了潜在的预防和纠正策略。由于对软件修补的研究非常有限，因此有必要进行此类分析，以确定此类问题背后的潜在机制。该事件被归类为 "软件功能 "问题，其后果是 "有明显后果但未对患者造成伤害的事件"，其促成因素是软件更新，即软件安全补丁。本报告介绍了软件补丁规划不足、医护人员缺乏培训、计划外系统中断的应急规划以及 HIT 系统配置如何影响医疗质量并给患者安全带来风险。我们根据补丁程序的系统方法和社会技术方面，提出了 15 项预防和纠正策略，分为四个关键领域。这些关键领域包括：(i) 准备、开发和部署补丁；(ii) 培训一线操作人员；(iii) 确保应急计划；(iv) 建立系统之间的配置和通信。这些策略有望最大限度地降低与 HIT 相关的事故风险，加强医疗机构的软件安全补丁管理，提高患者安全。不过，还应继续讨论与软件安全补丁相关的一般 HIT 问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊