A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes

This paper addresses two critical challenges faced by healthcare organizations: significant personnel shortages and mandates to safeguard patient safety and information security. We develop a two-stage decision making methodology to optimize the healthcare workflow task assignments and mitigate information disclosure risks. While the first stage throughput optimization formulation maximizes operational efficiencies, it can expose organizations to information disclosure risks that can be exploited to violate patient safety and information security. To address the ensuing privacy and fraud concerns we define task-based conflict sets to assess disclosure risks with optimal task assignments. In the second stage of the solution methodology, various security control strategies – task based and employee based – are incorporated into a decision support model to help decision makers to effectively manage and achieve workflow efficiency and meet information security requirements. For practical settings where certain parameters are not obtainable or the problem is computationally intractable, we provide a sequential-decision approach that could yield approximate partial solutions. We conduct an extensive computational analysis of a clinical workflow process to illustrate the practical benefits of the proposed methodology.

► The paper addresses quality care delivery, cost reduction, and patient privacy.
► Our methodology optimizes workflows and mitigates information disclosure risks.
► Task/employee based control mechanisms are developed to manage security threats.
► We enable focus on particularly problematic and pertinent security threats.
► Detailed analysis of a clinical workflow highlights practical benefits of our work.