Privacy and security of electronic patient records – Tailoring multimethodology to explore the socio-political problems associated with Role Based Access Control systems

Multimethodologies are now an established area of ‘soft’ operations research (OR). Adopting appropriate OR methods to tackle unstructured and complex problems is a promising field of inquiry and potential application. Research in the areas of energy and utilities, education, UK public services, and healthcare has demonstrated the success of applying multimethodologies to practice. This research focused on the socio-political and socio-cultural issues associated with the specification and design of a Role Based Access Control (RBAC) system as a precursor to the adoption of an electronic health and patient record system in an English National Health Service (NHS) hospital Trust. Although being a local hospital Trust initiative, there were many complex requirements and constraints from UK NHS policies, strategies and standards, as well as from government contracted IT company vendors, consultancy companies and software consortia (termed Local Service Providers). This research develops a multimethodology, using SSM in combination with process modelling and technology management (referred to as TMSSMXL), in order to tailor problem structuring methods to a healthcare hospital context. The research concludes that by adopting methods that are compatible with an organization's culture, stakeholder perspectives and professional working, a suitable mix of OR methods may be combined and deployed that can enable, and enhance, stakeholders’ knowledge and learning about the unforeseen organizational consequences of complex technology introduction. It is argued that this leads to more effective technology systems requirements definition and greater project implementation success.