MENU
The Nordic eHealth group forms the basis for ongoing knowledge sharing across the Nordic countries regarding strategic issues within digitalisation in healthcare. Digitalisation is increasingly becoming a central means for supporting the delivery of healthcare services around the globe. The Nordic region is regarded as a frontrunner when it comes to the implementation and use of digital solutions. As part of the Nordic eHealth group work is being carried out regarding indicators and standardization. This report is the result of the indicator work carried out by the subgroup called the Nordic eHealth Research Network (NeRN). The aim of the work of the group is to provide a foundation for benchmarking across the Nordic countries and support policymaking in the countries, hence the subtitle “towards evidence informed policies”.
We hope you will find the report interesting. The work of the group continues building on top of the knowledge gathered in this report.
On behalf of the Nordic eHealth group.
Kenneth B. Ahrensberg, chairman of the group 2017-2019
The Nordic eHealth Research Network (NeRN) was established by the Nordic Council of Ministers (NCM) eHealth group in 2012. The objective was to develop, test, and evaluate a common set of indicators for monitoring eHealth in the Nordic countries, Greenland, Faroe Islands and Aaland, for use by national and international policy makers and scientific communities to support the development of Nordic welfare.
The results of the network’s first Mandate period (2012–2013) were published in the Nordic Council of Ministers report (1). It contained a methodology for generating eHealth indicators by combining top-down and bottom-up approaches. It also tested the methodology with four common Nordic Indicators, measuring the availability of certain eHealth systems/functionalities and the use of particular functionalities.
The results of the network’s second Mandate period (2013–2015) were also published in a Nordic Council of Ministers report (2). The publication extended the list of common Nordic eHealth indicators, reported lessons learned and recommendations to achieve efficient and easy-to-use benchmarking information. Benchmarking results were presented in the report on altogether 49 common eHealth indicators.
The network’s third mandate period (2015–2017) delivered recommendations for the long-term management of earlier work (3). The research network proposed a system for collecting, analyzing and publishing the effects and benefits of the investment in eHealth and the comparisons between the Nordic countries. Furthermore, the research network analyzed how the network outcomes can be used in a European, WHO, and OECD context. As a third task common indicators that can be used to analyze and compare patients’ and citizens’ use and experiences of eHealth services was identified and presented.
This publication reports the outcomes of the following five tasks
The national eHealth strategies were analyzed and compared in the previous report and as not all countries have issued new strategies on eHealth it has not been suitable to perform a new comparative analysis of strategy documents. Instead an analysis of the impact of policies and governance efforts in the Nordic countries has been performed. An institutional theory approach is applied in the analysis and national representatives for all the countries have been interviewed about key issues. Such a comparative analysis has never been performed before and a significant result is that the institutions behind the national strategies – despite an ambition accelerate the innovation and renewal process - does not contain description or indication about the time perspective or how the achievements will be analyzed, or which institution will be responsible of follow up procedures. The results of the analysis give an overview of issues that need to be solved and improved to reach innovation and sustainability in the area, both at the country level and at the macro level.
Developing a list of common indicators for monitoring availability, use and outcome of health information technologies in the Nordic countries has been one of the central efforts of the Nordic eHealth Research Network. The approach has been to create a list of indicators mainly based on survey questions used in the individual Nordic countries. The report from this mandate period develop a framework for the indicators to accommodate for the shift of focus in the national policies and contributes to further the development of indicators that can be practically monitored in all the Nordic countries. The update is based on a theoretical model for describing clinical adoption of health information systems. This model defines a set of basic dimensions which are here used to describe aspects that can be monitored by a set of indicators. To each aspect a concrete example of an indicator is presented as well as examples of survey questions where some of them has been used in earlier monitoring activities.
It is concluded that the application of a coherent theoretical framework provides an opportunity to align the surveys done in the Nordic countries to obtain comparable and consistent measures.
An initial mapping of citizen surveys within the field of e-health in the Nordic countries was conducted during the period 2015–2017.
During the current mandate period 2017–2019 this work has been followed up through a more detailed examination and comparison of previous national surveys; their content and organization.
And in this chapter a thorough understanding is provided of how and why citizens surveys are conducted in the different partner countries. It is revealed when surveys have been conducted, how they were organized and who the most important stakeholders were. Furthermore, it is considered how the surveys were financed and how sustainable they are.
With regards to future studies it is recommended that the citizen surveys should be coordinated to a higher degree than it is to-day as well as the timing should be aligned. Three overall topics for the structure is recommended: use/nonuse, consequences of use, and expectations for the future. It is important to ensure that the surveys are based in recognized scientific methods and finally a discussion of funding models are desirable.
The digital infrastructures in all Nordic countries continue to expand and deepen their entanglement with society. The aim is to offer substantial benefits through deeper, wider, and more reliable coverage of data sources. Consequently, the utilization of information technology in the healthcare sector is just as pervasive as in rest of society. However, almost all healthcare data is highly sensitive, and as delivery of health services depends on the integrity, availability, and confidentiality of data – ensuring information security is vitally important.
The aim of this chapter is to establish an understanding of the national and healthcare sector specific security strategies across the Nordic countries. Comparing initiatives at a strategy level can serve as inspiration for strengthening national and local initiatives and may aid in establishing cyber security insight in the Nordic countries.
In the effort to develop indicators for measuring availability, use and outcome of eHealth a recurring question is: Who can benefit from the indicators we develop? The target group for policy strategies and evidence of status is very broad and complex. It is a real challenge to ensure that data and information is communicated to the right persons in a comprehensible form. Developing fictional personas can be a way of improving the way we work.
(1) Hyppönen et al. (2013). Nordic eHealth Indicators. Organisation of research, first results and the plan for the future. TemaNord 2013:522. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2013-522
(2) Hyppönen et al. (2015). Nordic e-health Benchmarking. Status 2014 TemaNord 2015:539. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2015-539
(3) Hyppönen et al. (2017). Nordic e-health Benchmarking. From piloting towards established practice. TemaNord 2017:528. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2017-528
Institutional theory has traditionally been used to study the impact of policies in public administration (Thoenig 2003; Frumkin and Galaskiewicz 2004; Rigg and O’Mahony 2013; Sorensen 2014) and in organizational fields. Characteristics of these fields include (i) that they adopt similar logic and routines for organizing services to citizens, (ii) that they undergo and gradually adopt a process of institutionalization, (iii) that they perform similar changes and routines for organizing the delivery of innovative services to citizens, and (iv) that they introduce new structures that support the innovation and renewal of the area.
At a macro-level, institutional changes are supposed to be a consequence of the action of regulative, normative and cultural mechanisms that operate at different levels (Di Maggio and Powell 1983; Scott 1995). However, forces that influence and determine the level of impact or changes in an organizational field are: (i) formal and informal rules,(ii) monitoring and enforcement mechanisms, and (iii) systems of meaning that define the organizational context within which individuals, corporations, labor unions, governmental and non-government organizations (NGOs), consulting organizations, professional associations, academic institutions, operate and interact with each other (Campbell, 2004, Scott 1995).
One criticism against institutional theory has been that it serves solely to illuminate or describe institutional structures rather than to critique how power may operate within them and/or how their structures may be steeped in any forms of bias. Institutional theory does consequently not provide insights into the individual motivation that lead people/organizations to behave outside prescribed norms or changes in case that happens.
The e-health area (in which health and social care are included) is a complex industry with practices embedded in various institutional networks and characterized by their own rules, regulations and forms of authority. Furthermore, most health and social care organizations cannot operate independently. The adoption of e-health services is consequently influenced by institutional forces resulting from the relationships that occur between different institutions at different levels (hospitals, nursing homes, labs, pharmacies, consulting specialties etc.) and from the normative pressures from partnering organizations. As such, the e-health area can be considered an institutional environment in which socially defined norms occur and prescribe how to behave and interact with each other in an efficient manner. Moreover, institutional environments in e-health are not static and actors belonging to different institutions have the ability to create change to and within those environments (Coburn, 2004; Woulfin, 2016). Leading consequently to changes in the institutional order of the area (i.e. new comers: entrepreneurships that offer alternative channels of access to the services) and pushing actors to make decisions of a) division of labor and/or division of power, b) reallocation of resources, and c) establishing legitimacy of new institutions of entrepreneurships.
Over the time, norms, policies and praxis become “institutionalized” as they are gradually established via sets of formal rules, programmes for action and implementation of systems. This process of institutionalization gives rise to the formation of institutions, which are primarily associated with stability and establishing rules, beliefs and routines that describe and prescribe reality for organizations (Rigg and O’Mahony 2013). The process of institutionalization can be further influenced by the institutional entrepreneurs and the perception of their value in the innovation and renewal process and on the value of their contribution to the implementation of the policies.
In the e-health area to succeed in integrating services with systems, requires that services and system integration has a positive impact in the quality of care, leaders’ commitment to stimulate organizational learning and acceptation of changes as well as a clear description of the impact and outcomes. Policies and strategies in the area have consequently a strong influence on (i) how actors organize their work (Meyer & Rowan, 2006), (ii) how external actors, as for instance, technology companies’ entrepreneurs influence them, (iii) how organizations that interact in an institutional field, interact with each other and /or (iv) how organizations in an institutional field to some extent are dependent upon each other (Scott, 2001). It seems, consequently, that we pay attention to the e-health institutional contexts if we want to see e-health strategies efforts flourish. Moreover, e-health is in a unique context of pressures, developmental expectations, policy gaps, and infrastructure. This context matters in how successfully health and social care organizations implement large-scale changes as the ones described in the e-health strategies (Buchanan, 2015; Datnow, Park, & Kennedy-Lewis, 2013; Elmore, 2005).
E-health policies and/or strategies, which are enacted in the Nordic countries within the same institutional field, aim to innovate health and social care improving quality and facilitating safe and secure access to health and social care services through digital services that innovate and renew the area. In this report, we identify institutional actors, as well as regulative, normative and cultural mechanisms that play an essential role in the realization of the e-health strategies in the Nordic countries.
A descriptive case study as described by Yin (2014) was performed aiming to elicit better understanding, and to compare and identify the different institutions and actors as well as regulative, normative and cultural mechanisms that play a key role in the institutionalization process of the e-health strategies within the Nordic countries.
Data have been sampled in several steps and from different sources. Besides reviewing of the existing reports or previous publications (policy analysis) related to the case and published in previous reports (Hyppönen et al. (2013), Hyppönen et al. (2015), Hyppönen et al. [2017]), interviews with representatives from the Nordic countries in the Nordic e-health Stakeholder Group (“eHealth Group”) were conducted. The interviews were performed with the representatives of the “Nordic Ministers eHealth Group” by the co-authors of this report. The interviewers used a guide in which a total of 20 questions were asked. Institutional theory principles were used to develop the interview guide. The interviews were performed either by Skype or in situ. The interview guide comprised questions related to regulative, normative and cultural mechanism that contribute to realize core and main issues described in the strategies.
The analysis process of the gathered data followed a comparative case study analysis as described by Yin (2014). Statements from the interviewees were listed in a matrix that allowed comparison of similarities and differences of the findings.
For the purpose of this chapter, we outline some key concepts of institutional theory, while focusing on the role of institutions that operate as agents of changes, as a consequence of the national strategies, and establish a shared responsibility among organizations in charge to provide and make services accessible for people, there:
In this section we present first the knowledge acquired from the analysis of the policy documents performed in previous studies (Hyppönen et al. (2015), Hyppönen et al. [2017]). Then we present the outputs obtained from the interviews with the representatives of the Nordic Ministers eHealth Group”.
Previous analyses of the national strategies for e-health in the Nordic countries (2012 and 2017) have shown that all policy documents contained goals and statements about how to empower and activate patients/ citizens in the management of their own health. Furthermore, the documents contain, in general, a large number of statements, and sections about general aims or goals to be achieved grouped into two main sub-groups: 1) healthcare services, 2) health-IT services.
The strategic policies also contain plans, purposes and goals to be achieved as well as descriptions/suggestions of measures to be used. They do not, however, indicate if some of all of the plans and goals will be achieved at the short or in the long run, or if they focus on health or social care. Nevertheless, plans and goals, as described in the policy documents, have shown a correspondence between identified goals and expectations and included questions and aims such as: 1) establish IT architectures and IT-services, 2) standardization activities, 3) enhance information security and privacy, 4) improve access to data for secondary use, 5) establish law and regulatory frameworks, and 6) other country specific goals to be achieved, as for instance, innovation, quality of software, etc. 7) focus on equal access to services, empowerment of citizens, usability and e-health literacy.
An interesting observation is that all strategies identify the importance of different stakeholders for the realization of the strategies. Clinicians and patients are described as key stakeholders in almost all policy documents. Healthcare leaders and health policy makers are specially identified and mentioned as stakeholders in the policy document from Sweden, Denmark, Norway, Iceland and Finland. IT-service operators and vendors of e-health systems are only mentioned as stakeholders in the Danish and Finnish policy documents, and private vendors of healthcare services are only mentioned in the documents from Sweden and Denmark. Social care service providers (joining the national IT-services) are only mentioned in the Finnish policy documents.
Since 2017 and further it is possible to see that, in addition to describe a series or plans and measures to be developed and implemented, the e-health policies from the Nordic countries reflect the large accomplishments of Nordic e-health policy work in the past. The policies reflect, consequently a growing awareness of the huge enabling and transformative power that lies within well-designed and integrated e-health services, while at the same time recognizing that the largest benefits from e-health are still to be reaped, as for instance:
Regulative, normative and cultural mechanisms that push and pull the institutionalization process of thee-health strategies are described in tables 1 to 3. The Nordic countries are listed in alphabetical order.
Table 1: Regulative mechanisms: indicators and descriptions
POLITICAL AND INSTITUTIONAL STRUCTURE | REGULATIVE MECHANISMS |
Indicators | Description |
Policies or strategies. | A national policy or strategy in place in all countries. |
Denmark: has had e-health strategies since 1996. They have been updated 2000–2002, 2003–2007, 2008–2012, 2013–2017 and 2018–2022. Finland: has had e-health policies since 1995. Updated on 2007, 2011 and 2015. Finland has also other documents as for instance the Ministry of Social Affairs and Health Digitalization Guidelines 2025. The e-health Strategy and Action Plan of Finland for the period 2011–2016 focused on eAccess for citizens, an eArchive, ePrescribing, and the patient care summary. Iceland: The current strategy spans the years 2016–2020. Norway: Has an e-health strategy since 2013. Current strategy has a five-year perspective, from 2017 to 2021. Sweden: Has had e-health strategies since 2005. In 2016, a common vision for ehealth has been endorsed by the Swedish Government and the Swedish Association of Local Authorities and Regions valid up to 2025. | |
Major focus of the strategy. | Denmark: Citizen involvement, prevention, quality, data security, interoperability. Finland: Digitalization of Public Services and Creating a Digital Business Growth Environment. Iceland: Improving access to information and health services, patient safety and quality of care, with efficient use of financial resources, and emphasis on the security of health information. Norway: Empowering and activating citizens, making services more inte-grated and available (One citizen — one health record). Sweden: Common endorsement of utilizing e-health and digitization (digital tools) to achieve holistic perspectives of good and equal health. |
Laws, policies and regulations of importance for the implementa-tion of e-health services. | Denmark: - Health act (Sundhedsloven), Act of altering the Health act (Lov om ændring af Sundhedsloven) - Yearly financial agreements in healthcare (økonomiaftalerne) - Minister of Health has the authority to set Standards (not used in practice) - Collective agreements with General Practitioners (GP) and other private providers (e.g. specialists). Finland: - The e-health and eSocial Strategy 2020 (launched in 2015) - Digitalization to support health and well-being. Ministry of Social Affairs and Health Digitalization Guidelines 2025 - KanTa laws (2007) Secondary data usages (2019) - Legislation on handling electronic patient/client information (2007) - Electronic prescriptions (2007) - Secondary use of patient data (2019). Iceland: - Law, policy and regulations on a national level. Norway: - Data Protection Act and privacy regulations including GDPR - Patients’ Rights Act (1999) - Health Register Act and Patient record act (2014) - Health Personnel Act (1999): regulates the right to obtain information for health care personnel. Sweden: - Patient Data Act Patientdatalag 2008:355) - GDPR - The Patient Safety Act (Patientsäkerhetslag 2010:659) - E-health is also generally concerned in other healthcare acts/laws. |
Ownership of resources to achieve the goals of the strategy or policy (systems, platforms, portals, record systems, apps etc.). | Denmark: The involved parties (mainly State, Regions, Municipalities, GP) and private service providers. As many resources cross several organizations, ownership can lie with different stakeholders and has historically been negotiated. Finland: The national KanTa services provides and own the national KanTa-platform. Hospital Districts, regional service providers, municipalities and even private sector providers own the resources needed to implement different applications. Funds are scattered. Iceland: Government funding for national e-health projects. The healthcare institutions pay some licensure fee to the vendor for using the EHR system. The Directorate of Health, through government funding, pays for national licensure and development of the national patient portal. The Directorate of Health owns and runs the Icelandic HealthNet, which is free of use for healthcare institutions. The Directorate of Health owns and runs the ePrescription database and the immunization database and those are integrated into the EHR system. Norway: Public organizations, State and private service providers. Sweden: Since the responsibility for health care is divided between the national government, regions and municipalities in Sweden, the national government does not own systems, platforms, records systems, etc. The national government does sometimes give out grants/funds to county councils for projects regarding e-health. However, the national government (specifically the national e-health agency, E-hälsomyndigheten) does own one system/infrastructure, which is the ePrescription system/infrastructure. This is due to the history of monopoly on pharmacy. |
Beneficiaries from saving re-sources. | Denmark: The financial agreement (2011) between the State and the Danish Regions states that any gains go to the Regions. Generally, resource benefits are not managed nationally: up front budget costs based on business cases are not applied or intended for nationally management (although sometimes seen done regionally/locally). Finland: Beneficiaries from saving resources are Health care organizations, patients and citizens due to possibilities to reallocate resources. Iceland: No actual information at this point if savings come up. Norway: Health care organizations, patients and citizens Sweden: The regional level (county councils and municipalities) |
Organizations that benefit. | Denmark: Regions may keep and redistribute resource savings. Finland: Hospitals, healthcare services county councils, patients etc. Iceland: None. Norway: Regional and national level, hospitals, healthcare organizations. Sweden: The regional level (county councils and municipalities). |
Laws, policies or praxis that regulate the re-allocation of saved resources? | Denmark: - Financial agreements (2011) - Extended Total Balance Principle (DUT-princip): If the Government charges e.g. a municipality with extra tasks, funding needs to follow. Opposite, removing tasks will result in a cut back in funding. Finland: - National principles (case by case, depends on the situation) - Municipalities (and Hospital Districts) decide according to their own decision process. Iceland: -None at this time. Norway: - None at this time. Sweden: - There are general laws but no specific one for e-health . - The re-allocation of saved resources should be up to the regional level (county councils and municipalities). |
Formal structures created as a consequence of the implementa-tion of the e-health strategy. | Denmark: - National Board of Health IT was established in 2010 with representatives from State, Regions and Municipalities - Regional Health IT (RSI) (established 2010) - National Health Data Authority (established 2015) - Steering committee for shared public system governance of Health IT (Styregruppen for Fællesoffentlig Systemforvaltning af Sundheds-it [FSI]) - Health Data Programme - Numerous steering committees on regional or local levels. Finland: - Kela Information Department responsible for KanTa platform THL Unit for Operational guidance in e-health and eWelfare services - Also a new business based national organization SoteDigi Ab to facilitate digitalization - A new Data Authorization Authority established in THL to govern information requests from across registrars or when data is stored in the Kanta-services or private social or health care provider data are requested. Iceland: - The National Centre for e-health within the Directorate of Health in 2018. Norway: - The Directorate of e-health was established in 1 January 2016 with two main aims a) National governance, Coordination and standardization b) Catalyst and driver of National e-health solutions for Citizens, health providers, and data. Sweden: - No formal structures created as a consequence of the implementation of the e-health strategy. However, the latest e-health vision is a joint agreement between the national government and the SALAR, and implies a closer collaboration between these organizations. |
Table 2: Innovation and institutional renewal: Normative mechanisms
POLITICAL AND INSTITUTIONAL STRUCTURE | REGULATIVE MECHANISMS |
Indicators | Description |
Changes related to the role of the institutions. | Denmark: National Board of Health IT governs the implementation strategies and follow up on progress. Finland: The strategy has strengthened the understanding of the importance of data management among stakeholders in healthcare and social welfare services. Iceland: The structure is the same, i.e. on national level. Norway: The Directorate of Health is an important actor for the development of the e-health strategy and identification of goals to be achieved.The Norskhelsenett: national as the service provider. Sweden: Closer collaboration/cooperation between the national government and the SALAR that has been formed since the latest e-health vision came into place. Thus, no specific changes in the role of the national government or the regional level (county councils and municipalities) have been observed. |
Who controls that the strategy is implemented? Who decides to allocate resources? | Denmark: The Regions and municipalities are charged with implementing and supporting e-health in their organizations, as it is with other administrative and clinical systems and services. Digitalization is however increasingly (has been over the years) generating more responsibilities for e-health in the Regions and Municipalities. Finland: Partly national organizations (follow-up) and partly e.g., hospital districts, municipalities. The division of responsibilities between different actors is not coordinated by any official actor. Iceland: On a macro level it is the Directorate of Health and the Ministry of Health. On a micro level it is the healthcare organizations themselves. Norway: Some evaluations project have been supported by the Directorate of Health. Sweden: The national government and the SALAR have the shared control/responsibility for the implementation of the e-health vision. The national government assigns tasks to national agency, such as the national e-health agency (eHälsomyndigheten) and the national board of health and welfare (Socialstyrelsen), and allocates some funds. SALAR and the regional level (county councils and municipalities) have their own responsibility and allocate their resources. |
Influencers: organizations that influence the level of innovation and renewal of the e-health area. | Denmark: The State/Government is not the main drivers of innovation. Innovation and renewal of e-health often comes from Danish Regions (Danske Regioner DR) and Local Government Denmark (Kommunernes Landsforening KL). The regions and municipalities have an innovation agenda that includes, i.e. the Idea Clinic (Idéklinikken) in the Northern Region or the “South Danish Health Innovation” in Region South Denmark. Locally and small scale there is a lot of innovation. Some of these are then lifted to regional or national level through Danish Regions and Local Government Denmark. Finland: Several different actors at different levels influence the level of innovation and renewal both directly and indirectly. For instance: Professional associations, foremost Nursing Ass. and Medical Associations Industry, companies and organizations (public and private) Academia. Iceland: Reference groups, representatives from medical associations, suppliers, academy, health professionals, etc. Norway: Working groups, reference groups with representatives from the sector, medical associations. Suppliers. health professionals. Sweden: The national government (Ministry of Health), and the SALAR. Professional associations and patient organizations through their involvement as reference groups for the development of the latest e-health vision. |
Interest organizations that influence innovation patient organizations, interest organizations other? | Denmark: Patient organizations, unions, interest groups and professional bodies (e.g. Danish Society for Digital Health, CIMT, DaCHI etc.). Finland: Associations both professional organizations, patients’ organizations. Iceland: N/A. Norway: Patient and use organizations, groups and professional bodies, business. Sweden: Professional associations and patient organizations involved as reference groups for the development of the latest e-health vision. |
Institutional entrepreneurs or private owned healthcare that contribute to create a new institutional order in the area. | Denmark: The Danish health care system is mostly public. The private market forces do not play a significant role in the Danish health care system due to the public nature of it. Finland: Not too many actors can be identified at this time. Iceland: No, the same EHR system that has been on the market in Iceland since the 1990’s. Another system emerged around 2005 but is only used in a few private practice settings. One company started a pilot with a hospital in the Northern part of Iceland on telehealth in 2018. Norway: N/A. Sweden: The reference groups for the first two strategies (2005/2006–2010 and 2010–2016) included private actors. Also, e-health services provided by new private actors, such as digital health visit service (net doctor), have been purchased by the county councils. |
Which new actors (entrepreneurs, private owned healthcare centers, and specialist) have appeared in the market during the last 3 years? | Denmark: The private health care market is limited and has not expanded even the opposite, after the public health care sector has been able to shorten waiting lists (there are guaranties regarding how long time a patient should wait for diagnostics and treatment. If the public healthcare system cannot uphold these guaranties, patients are offered diagnostics and treatment at private hospitals). Netdoktor, LIVA healthcare and similar services might be the considered a new actor, however it does not alter the institutional order per se, as the clinical part is supposed to be used by the health care system. The patient focused parts (self-management and online communities) are present in several health apps available. Finland: There are several small companies that provide e-health services in the Finnish market (apps, portals, software etc.). There are also new large vendors providing EHR services, e.g., Epic Information Systems. Iceland: Very few new actors on the market in Iceland in the past three years. Norway: None. Sweden: New private actors providing e-health services regarding digital health visit (net doctor), artificial intelligence, and clinical decision support have appeared lately. The growth of new actors providing digital health visit (net doctor) service, such as KRY, doktor.se, Doktor24, Min Doktor, etc., has been prominent in the Swedish market. |
Level of influence of new comers to the market (for instance net doctors, private clinics etc.). | Denmark: No significant influence. Finland: Big international companies have influenced the market. Finnish companies don´t have a large market to share. These big companies have possibly accelerated the development of EHRs within some smaller providers. Iceland: Too soon to tell at this point in time. Norway: N/A. Sweden: The national government does not support or finance private actors. However, private actors do influence the e-health organizational market and the regional level (county councils and municipalities). An example is the implementation and use of services provided by private actors such us (KRY, doktor.se, Doktor24, Min Doktor, etc.). at different county councils. |
Official leaders that exercise the strategic choices that the e-health strategy demands. | Denmark: - Ministry of Health - Danish Regions (the 5 Danish Regions are responsible for implementing in regional settings) - The Danish Municipalities (the 98 Danish Municipalities are responsible for implementing in the municipal settings). Strategies are negotiated in collaboration – common agreements on implementation are made between the involved parties (e.g. regions and municipalities). Local implementing is the responsibility of the local actors. Finland: Professional organizations, universities and other institutions that have received funding to accelerate the implementation of the strategy. Iceland: The Directorate of Health is responsible for early stages of national implementation. The CEO is responsible for eHealth implementation in their own organization in later stages. Norway: National government (Ministry of Health), The Directorate of Health, The directorate of e-health, The Norwegian health network. Sweden: The national government (Ministry of Health) and the SALAR and their members, the same collaboration/cooperation as mentioned previously, are in charge of deciding and exercising the strategic choices. |
Licences or credentials that suppliers need to apply to deliver e-health services? | Denmark: There is no certificate or licensing that a supplier needs to obtain. However, every supplier needs to adhere to the Danish reference architecture, standards, security regulations etc. GDPR, contracts and the Standards catalogue regulate this. Inspections/supervisions are made to ensure that standards and regulations are met. The Danish model is built as an ecosystem where all suppliers build on the same standards and reference architecture. Finland: Suppliers need to be certified vendor (to fulfill criteria for national eHealth and eWelfare Services KanTa). Iceland: Suppliers need to receive licensure from the Directorate of Health. Norway: N/A. Sweden: There are no specific licenses or credentials that need to be applied by the suppliers. Only the ePrescription system/infrastructure requires some credentials that can be acquired from the national e-health agency (eHälsomyndigheten). At the regional level (county councils and municipalities)/providers/suppliers have to fulfill requirements in the acts, laws, data regulations in order to deliver eHealth services. |
Groups/organizations responsible for enforcing legitimation. | Denmark: MedCom certifies solutions to verify that they adhere to MedCom standards – but it is voluntary (MedCom is a non-profit organization financed and owned by The Ministry of Health, Danish Regions and Local Government Denmark. MedCom facilitates the cooperation between authorities, organizations and private firms linked to the Danish healthcare sector). Finland: Kela (National Social Insurance Institute) enforces KanTa-legislation, THL (National institute for welfare and health) enforces secondary use legislation. Authorized assessment organisations certifiy and audit IT systems for Kanta-integration. Valvira (National supervisory Authority for welfare and health) keeps a list of certified systems. Iceland: All legislation related to healthcare is at the Government level. Norway: N/A. Sweden: No specific licenses or credentials that need to be applied by the suppliers. Only the ePrescription system/infrastructure requires some credentials that can be acquired from the national eHealth agency (eHälsomyndigheten). The regional level (county councils and municipalities)/providers/suppliers have to fulfill requirements in the acts, laws, data regulations in order to deliver e-health services. |
Table 3: Structural and institutional changes; Cultural mechanisms
POLITICAL AND INSTITUTIONAL STRUCTURE | REGULATIVE MECHANISMS |
Indicators | Description |
Legislation that take into account and address the structural or institutional changes that the e-health strategies demand. | Denmark: The new Act of altering the Health act (Lov om ændring af Sundhedsloven) was made to take into account the new ways of working and sharing data (i.e. paper records converted to data repositories etc.). Finland: None specific current legislation is actual. Iceland: The law and regulations support e-health implementation. The law on Patient records was put in act in 2009 but will be reviewed soon. Norway: None specific current legislation is actual. Sweden: The new national e-health vision does not demand any structural or institutional changes, or changes in legislation or creation of new legislation, since responsibilities for the national government, the SALAR, and the regional level (county councils and municipalities) remain the same as before. |
Institutions or organizations or organization which are assigned the task of evaluating the institu-tional impacts of the implementa-tion of the e-health strategy? | Denmark: None. Finland: The Ministry of Finances ordered an evaluation of this particular strategy. Iceland: The Directorate of Health monitors the implementation of e-health services i.e. by the use of Nordic indicators recommended by the Nordic e-health Research group. The institutions themselves can also make their own evaluations. Norway: The directorate of e-health develops indicators for monitoring the impact of e-health strategies. Sweden: Not for the institutional impacts of implementing the e-health vision/strategy. But there is a group including people from the national e-health agency (eHälsomyndigheten) and the national board of health and welfare (Socialstyrelsen), etc., working on capturing e-health indicators and following up the implementation of the national e-health vision. |
Organizations that influence the level of e-health innovation (re-gions/county council, municipali-ty, e-health authority or equiva-lent). | Denmark: The Regions and Municipalities are the main influencers of innovation. (See Normative Mechanisms Question B). The main strategic focus of e-health in Denmark has not been on innovation. The reason for this is that “things weren’t changing”. Especially since 2013 the focus of the national strategies has been on ‘making things work’ and using the systems and technology already there. A strong focus on implementing and consolidating. Finland: Foremost University Hospitals and in the future possibly the SoteDigi Ab. Iceland: The Directorate of Health, the Ministry of Health, and the healthcare organizations themselves. Norway: Regions and Municipalities, professional associations. Sweden: Various professional associations and patient organizations are involved as reference groups for the development of the latest e-health vision. The national government and the SALAR are well aware of what these organizations think is important regarding the innovation and renewal of the e-health area. Outside of the scope of the national e-health vision/strategy, there are organizations, such as Vinnova, RISE, and the European Union, which give out funding and influence e-health innovation. |
Changes in the habit of the organizations. | Denmark: A shift from synchronous (and often face-to-face) communication towards asynchronous digitally supported communication has occurred. Examples of this are: - Online booking of appointments - eConsultations (asynchronous – where the GP answers within a couple of days) - Online prescription renewals – Telepsychiatry – Telemedicine X Also shifting of responsibilities are made: e.g. specialised nurses being front line respondents instead of doctors (i.e. 1813 emergency service, where it can be a nurse answering the call first line). Shifting in cooperation between Regions and Municipalities, with patients being treated at home (e.g. telemedicine). Finland: Changing the way to interact with people. Shifting cooperation between different health providers to offer services Iceland: Some re-organization and changes of clinical workflow. No changes in the current role of the healthcare institutions Norway: The national e-health strategy has influenced public and private organizations, educational organizations etc. Sweden: The national e-health vision has influenced organizations as for instance, Inera, as they referred to the vision in their work and documents. However, we cannot be certain that it is only the implementation of the vision that has driven these changes. The implementation of the e-health vision could be one factor for the example. |
Introduction of new channels to deliver e-health services that have changed their business models? (reallocate resources or charge services in different ways). | Denmark: Telemedicine is a good example. The patient can be treated at home and unnecessary hospital contacts can be avoided. Finland: International examples which e.g. Sitra Fund and Business Finland promote. Iceland: Healthcare services are channeled through the National Patient Portal. This requires a change in business models. Additional funds are being allocated to primary healthcare providers who offer services via the patient health portal. Telehealth services are also being offered in the South of Iceland Norway: No. Sweden: The digital health visit service. The number of visit they can do has increased. These services have been driven by private actors since the beginning influencing the market in some way. |
Generic adoption of the systems, services, applications and /or portals offered to innovate the area? | Denmark: All parties are obligated to adopt and use the National systems. No opt-out. Examples are: - Shared Medication Record (FMK) - Sundhed.dk (shared national health platform) - My Doctor (app to contact GP). There can be additional regional or local portals and services. But all National services are obligatory. Finland: The KanTa services have been adopted widely because it is demanded by law. Otherwise the adoption varies a lot between institutions. Iceland: All primary healthcare clinics in Iceland offer e-health services via the National Patient Health portal. Currently, there are pilot projects in place in the hospital setting using the patient portal, which will change the way follow-up will be provided by increasing the quality of care and access to services. Furthermore, EHR´s are shared on a national level and ePrescription has been adopted by all. Norway: ePrescription, Health record, infrastructures and systems. Sweden: The ePrescription system/infrastructure is adopted by all. X NPÖ, as an example, and other national systems/services are adopted based on the decision at the regional level (county councils and municipalities). |
Increasing of the demand of services provided by external actors. | Denmark: The external pressure for services and the technological development has fulfilled the innovation and implementation of citizen-centred eHealth, e.g. My Doctor (the Doctor in your pocket – national app). But still, the services are provided from within the public health care system. Finland: External actors and private clinics have grown (i.e. cancer clinics etc). A future with structural changes can be expected due to the possibility patients have to choose private or public healthcare. Iceland: No. Norway: No. Sweden: Some county councils purchase digital health visit services from external/private actors. The market seems to be saturated as there are fewer and fewer providers. |
Major drivers of the changes? (national boards, county councils, regions, municipalities, others). | Denmark: The major forces of change lie within the public health care system. There is a trusting cooperation with a common goal. Grass root movements are a major part of driving the changes – as are the Regions and Municipalities supporting these movements. Professional bodies, especially the Doctors’ Association (liberal trades within the health sector) are influencers of change. When it comes to national adoption of services, the National Board of Health IT are the coordinating organ. Finland: National board, municipalities, healthcare Iceland: The Directorate of Health in collaboration with the healthcare institutions and vendor of the EHR system with full support from the Ministry of Health and the Icelandic government. Norway: National government (Ministry of Health), The Directorate of Health The Norskhelsenett, actors interested in the e-health area. Sweden: There are many drivers, including the national government, the SALAR and the regional level (county councils and municipalities), and private actors, as everyone is interested in the e-health area |
The e-health strategies in the Nordic countries do not only aim at the connection of public providers to a working health system, they also describe plans, purposes and goals to be achieved to innovate and renew the e-health area and to reflect the large accomplishments on the policy work in the past at the country level.
Previous studies of e-health advancement have focused on the incompleteness of the reforms carried out, and the need to re-organize and reform the organizations to become a dynamic, decentralized, and market-oriented sector. In contrary to use reforms as a driving force, the e-health strategies developed in the Nordic countries describe visions and missions, opening a series of alternatives that stimulate innovation, renewal and collaboration of stakeholders from the private and from the public sector. The digitalization of services, the use of telemedicine, the implementation of e-prescriptions, the development and implementation of portals, the generic use of health records, the explicit goal to cooperate on the cross sectoral and cross border level by developing standards and synchronized different systems, and the openness for private healthcare providers are some of the initiatives taken in the Nordic countries that have contributed to initiate the development of a coherent synchronized e-health system.
Digitally-enabled service transformations in e-health normally aim to improve service delivery for citizens and patients. Nevertheless, in reality, the complex structure of government institutions, and coevolution of interactions between health and social care organizations and the integration of resources are often identified as the reasons underpinning the inability of the healthcare organization to evolve with the pace of social and technology changes.
In this study we have compared and described the current strategies’ main goals. The comparison of the strategies has shown that even when the strategies, in general, strive after to accelerate the innovation and renewal processes, they do not contain any description or indication about (i) the time perspective of the changes (ii) if some of the goals are expected to be achieved at the short or in the long run, (iii) how the achievements will be analyzed, (iv) which institution will have the responsibility to follow up, evaluate or made the analysis of effects of changes (Except for the Finnish strategy that states that national criteria will be prepared in specific areas and be accounted for in the procurement) (v) which indicators will be used to capture the innovation and renewal of the area. The Icelandic policy has a strategic plan that is updated every year where goals are set in place and means on how to measure those goals to achieve the objectives of the national eHealth strategy. However, that document only exists in Icelandic.
We have also captured the impact of regulative, normative and cultural mechanisms that influence the e-health area, providing deeper insights of the importance and impact of institutionalization processes that actually occur both at the micro and macro level. From these results it can be concluded that there are a series of institutions, formal, as well as informal that influence the e-health context and the organizational field and at the same time contribute to accelerate the innovation and renewal of the area. Furthermore, the existence of institutional entrepreneurships, the existence of organizations in charge to develop and review the strategies as well as the continued involvement and close collaboration with professional organizations, patient organizations and representatives from the industry and from academy, have been an important contribution to achieve if not all, at least some of the major goals described in the strategies.
The outputs from this study, suggest further, evidence on structuration process across various stages, where actors and structures are inherently related in series of interplays that happened through time and space, and that play an important role in the innovation process of the e-health area. The findings are consequently important to complement the existing studies that have been largely focused on technological imperatives and strategic choices. In addition to this, the results of this study show the importance of the e-health strategies and their capacity of being the driving forces behind the expansion of and the transformation of the e-health area in the Nordic countries.
The study provides, in addition to information to analyze the level of advancements reached in the Nordic countries, a tool for comparison and a body of knowledge on the expansion of the goals identified in the strategies. Further, the results give an overview of issues that need to be solved and improved to reach innovation and sustainability in the area, both at the country level and at the macro level.
New goals and new reforms are expected to continue to be carried out to transform the e-health area into a dynamic area in which public and private actors collaborate and deliver e-health services to an active population that has the capacity to manage his/her own health. Consequently, the results obtained in this study can contribute to learn from the experiences achieved, at the moment new goals are developed or before new updates of the current strategies are done at the country level.
There are some methodological limitations in this study. The sampled data are based on interviews with the official representative of the Nordic Ministers e-health group from each country. It can be possible that a large number of interviews with representatives from reference groups, professional associations, patients, representative from the industry and academy, give complementary outputs or possibilities to find alternative interpretations of the outcomes. Despite this restriction, this study gives an overview of the importance of regulative, normative and cultural mechanisms to achieve the goals identified in the strategies.
In future studies it will be necessary to measure the level of goals achievements in relationships with the strategies in each country. It will be also necessary to identify how organizations work to support the organizational communication and interaction challenges that a new and more dynamic institutional order demands. Furthermore, in future studies, it will be necessary to analyze how regulative, normative, and cultural issues contribute to achieve the institutionalization of the policies and its goals and the subsequent stabilization of the area of e-health in each country.
Further, future studies will need to expand the institutional theory perspective and sample data and knowledge on how organizational motives can be transmitted into the inter-organizational field thereby influencing normative pressures for change. The results of this study show that it is imperative that future studies focus on how or if the Nordic countries can develop collaborative efforts, generic goals and strategies that can contribute to transform and innovate the e-health into a modern and dynamic Nordic sector. For this, it will be necessary to develop tools to compare and analyze the level of advancement of the area, as well as to identify indicators to capture constraints and push factors that reduce passivity to institutional pressures for change in the different countries. Because of the publicly financed health care systems in the Nordic countries, the changes will be of high coverage on a national basis. Issues as side effects and unintended consequences of changes and reforms, business models that include payment and reimbursement issues, effects of pluralism in the welfare system, the importance for the micro and macro level of the mechanisms behind the expansion of reforms, as well as ethical and security issues are some examples of the key issues that need to be analyzed in future studies aimed to compare outputs, level of advancement, and effects of the implementation of e-health strategies.
Battilana, J., Leca, B. and Boxenbaum, E. (2009), How actors change institutions: Towards a theory of institutional entrepreneurship, The Academy of Management Annals, 3,1: 65–107. Available at: https://doi.org/10.1080/19416520903053598
Björck, F. (2004) “Institutional Theory: A New Perspective for Research into IS/IT Security in Organizations,” Proceedings of the 37th Annual Hawaii International Conference on System Sciences, Hawaii. Available at: https://doi.org/10.1109/HICSS.2004.1265444
Buchanan, R. (2015). Teacher identity and agency in an era of accountability. Teachers and Teaching, 21(6), 700–719. Available at: https://doi.org/10.1080/13540602.2015.1044329
Campbell, B., Thomson, H., Slater, J., Coward, C., Wyatt, K., and Sweeney, K. (2007) “Extracting Information from Hospital Records: What Patients Think About Consent,” Quality and Safety in Healthcare, 16, 6, 404–408. Available at: https://doi.org/10.1136/qshc.2006.020313
Coburn, C. E. (2004). Beyond decoupling: Rethinking the relationship between the institutional environment and the classroom. Sociology of Education, 77(3), 211–244. Available at: https://doi.org/10.1177/003804070407700302
Covaleski, M.A., Dirsmith, M.W., and Michelman, J.E. (1993) “An Institutional Theory Perspective on the DRG Framework, Case-Mix Accounting Systems and Healthcare Organizations,” Accounting, Organization & Society, 18, 1. Available at: https://doi.org/10.1016/0361-3682(93)90025-2
Datnow, A., Park, V., and Kennedy-Lewis, B. (2013). Affordances and constraints in the context of teacher collaboration for the purpose of data use. Journal of Educational Administration, 51(3), 341-362. Available at: https://doi.org/10.1108/09578231311311500
De Corte, J., Roose, R., Bradt, L. and Roets, G. (2018). Service Users with Experience of Poverty as Institutional Entrepreneurs in Public Services in Belgium: An Institutional Theory Perspective on Policy Implementation SOCIAL POLICY &ADMINISTRATION ISSN 0144-5596 DOI: 10.1111/spol.12306 VOL. 52, NO. 1, January 2018, 197–215. Available at: https://doi.org/10.1111/spol.12306
DiMaggio, P. J. (1988), Interest and agency in institutional theory, In L. Zucker (ed.), Institutional Patterns and Organizations, Cambridge, MA: Ballinger, 3–21.
DiMaggio, P.J. and Powell, W.W. (1983) “The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields”, American Sociological Review, 48, 147–160. Available at: https://doi.org/10.2307/2095101
Frumkin, P. and Galaskiewicz, J. (2004). Institutional isomorphism and public sector organizations. Journal of Public Administration Research and Theory 14(3), 283–307. Available at: https://doi.org/10.1093/jopart/muh028
Hyppönen et al. (2013). Nordic eHealth Indicators. Organisation of research, first results and the plan for the future. TemaNord 2013:522. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2013-522
Hyppönen et al. (2015). Nordic e-health Benchmarking. Status 2014 TemaNord 2015:539. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2015-539
Hyppönen et al. (2017). Nordic e-health Benchmarking. From piloting towards established practice. TemaNord 2017:528. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2017-528
Meyer, J. W. and Rowan, B. (1977). Institutionalized organizations: Formal structure as myth and ceremony. American Journal of Sociology 83(2), 340–363. Available at: https://doi.org/10.1086/226550
Oliver, C. (1991) “Strategic Responses to Institutional Processes”, Academy of Management Review, (16), 145–179. Available at: https://doi.org/10.5465/amr.1991.4279002
Yin RK. Case study research: design and methods. Thousand Oaks, CA: Sage Publications, 2014.
Rigg, C. and O’Mahony, N. (2013), Frustrations in collaborative working. Public Management Review 15(1), 83–108. Available at: https://doi.org/10.1080/14719037.2012.686231
Thoenig, J-C. (2003), Institutional theories and public institutions: Traditions and appropriateness. In G. Peters and J. Pierre (eds), Handbook of Public Administration, London: Sage.
Scott, R. (1995), Institutions and Organizations, Thousand Oaks, CA: Sage.
Selznick, P. (1957), Leadership in Administration, New York, NY: Harper & Row.
Tolbert, P. S., and Zucker, L. G. (1999). The institutionalization of institutional theory. Studying Organization. Theory & Method. London, Thousand Oaks, New Delhi, 169-184. Available at: https://doi.org/10.4135/9781446218556.n6
Woulfin, S. L. (2016). Duet or duel? A portrait of two logics of reading instruction in an urban school district. American Journal of Education 122(3), 337-365. Available at: https://doi.org/10.1086/685848
This chapter presents the results of the third task set to the NeRN network: Updating a list of common indicators in accordance with the new policy goals.
The eHealth indicators used until now form a good basis for monitoring, however there is a need to develop a framework for the indicators to accommodate for the shift of focus in the national policies, and to further the development of indicators that can be practically monitored in all the Nordic countries.
The update is based on a theoretical model for describing clinical adoption of health information systems. This model defines a set of basic dimensions which are here used to describe aspects that can be monitored by a set of indicators.
The national surveys that earlier have been presented have not been updated with a frequency that allows for further comparison among the Nordic countries. It is therefore hoped that the indicators and the example of questions presented here can be the core of future national evaluations. Furthermore, it is important to note that several of the proposed questions have been validated in earlier studies.
According to Price and Lau (2014), any effect of an e-health system hinges upon the adoption of the system. They describe adoption as the process that “involves the multitude of activities, decisions, and evaluations that encompass the broad effort to successfully integrate an innovation into the functional structure of a formal organization”. According to the same researchers, an adoption model provides a simplified and limited explanation of the complex process of integration over time. They have developed a Clinical adoption meta-model (CAMM) with four dimensions that relates to the situation after a system has been implemented.[1]This model has been discussed in an earlier report from the Nordic eHealth research network (Hyppönen et al. [2013]). The dimensions also depend on each other: An e-health system must be available before it can be used. Likewise, use is needed before we can hope that the system has an impact on clinical or health behaviors which only then can begin to impact clinical outcomes (Price and Lau 2014).
Figure 1: The Clinical Adoption Meta-Model (Price and Lau 2014)
The Electronic Medical Record Adoption Model (EMRAM) from HIMSS is a widely used metrics for the adoption of e-health in hospitals. Currently HIMSS is also developing an adoption model for use in non-hospital/ambulatory settings. The model put emphasis on IT-systems and functionalities, but focuses less on use, clinical behavior or healthcare outcomes. Even if the EMRAM model has become a widely used tool for benchmarking and setting targets when implementing health information systems, the use of EMRAM has contributed little to the understanding of the effect of e-Health systems on healthcare organisations.
From IT-research outside the healthcare domain, we know that many IT-systems and services have a network effect. This means that the value of a system lies in its ability to establish relations between the users. Now that IT-services are distributed across the internet, we see a consolidation and a “the winner takes it all” effect at the same time as the home-grown / in-house systems gradually disappear. Also, large vendors increasingly seek to create value from all the data that is being generated. This tendency is likely to spill over to the health-it industry.
Given that e-health services increasingly are becoming available through the internet, that Nordic e-health policy makers wish to engage and empower the patients/citizens and that they want the patients/citizens to engage with their healthcare providers via the internet, we have the following indicator development questions:
The CAMM model defines four dimensions for clinical adoption of health information systems over time. The four dimensions availability, system use, clinical behavior, and outcomes are presented in the following. From the experience of monitoring the development in the Nordic countries supplementary aspects and sub-aspects are elaborated and described. For each sub-aspect a number of specific exemplary questions are proposed. Many of these questions have been used in specific surveys in one or more Nordic countries and some have even been validated in specific studies (Hyppönen et al. 2019).
Price and Lau (2014) define the Availability dimension as “ability for the end users to interact with a health information system (HIS)”. Availability includes user access, system availability and availability of content in the system.
If we adopt the CAMM model to assess the impact of e-health policies in the Nordic countries, indicators on availability will be most relevant to systems and services that are to be implemented as a result of the policies. Aspects could include availability for clinicians, patients/citizens as well as for researchers. Aspects could include access to information as well as to knowledge (e.g. terminology services, decision-support and other knowledge-based services). More detailed aspects and potential indicators are outlined in the table below.
Table 4: Aspects, sub-aspects and indicator examples for the availability construct
Aspects | Sub-aspects | Indicator example | Examples of survey questions |
Information and knowledge infrastructures | |||
Terminology sevices | Classification system(s) used | Which of the following classifications are availa-ble on the health care code server used by your organisation in its patient record systems? (list). | |
Availability of EHR front-end tools | Use of specific nursing (separate) documentation | Do you use electronic nursing documentation (this does not mean entering “other information” in the EHR)? | |
Number of supportive functionalities | What supportive functionalities is integrated in the EHR system? 1) guiding follow-up in daily patient work 2) quality control 3) following the set objec-tives of the organisation (amount of patients, times etc.) 4) following usage of resources ([Or-ganisational Availability]). | ||
Access to incident report-ing system | Does your organisation have access to an elec-tronic incident reporting system? | ||
Decision-support services | Level of decision support system | Do you have you some level of 1) Diagnosis support systems (e.g. warnings about pathologi-cal laboratory results) 2) Drug-drug interaction warning 3) Drug allergy warning 4) Care pathway support systems (e.g. regional and national data-bases and guidelines, reminders about lab results or referrals). | |
Level of integration with other systems | How are the decision support systems integrated with other systems? 1) A standalone online data-base on the same desktop as the EHR (e.g. links to an external database on the computer desktop) 2) An online database with access by navigating from the HER 3) A system that automatically dis-plays selected items on the desktop and is inte-grated with the EHR but offers no patient-specific suggestions (e.g. reminders or colorful fonts), or 4) An automatic integration of the EPR system and a knowledge database that includes patient-specific suggestions (e.g. reminders of medica-tions based on patient condition). | ||
Other knowledge-based services | |||
New technologies for knowledge handling | Utilization of machine learning and AI tech-niques | I use digital systems for automatic prediction of patient scenarios. | |
Management functionalities | |||
Management and quality improvement services | Efficient use of re-sources | I can use EHR systems to follow the use of per-sonnel, equipment and room resources. | |
Automation of error detection | My EHR system automatically discover incidents. |
System use is defined as “the interactions with the HIS by intended end-users” (Price and Lau 2014). System use has two aspects: Use of the system and user experience.
In the context of NeRN, we have access to a set of true and tested indicators through the usability and user experience surveys that have been developed and validated in Finland (Viitanen et al. 2011, Kaipio et al. 2017, Hyppönen et al. 2019). Surveys including many of the same measures have also been conducted recently in Denmark and Iceland. Translation of the same indicators for use in the other Nordic countries will allow for a structured cross-country comparison and a continuation of the study can contribute to knowledge of how usability and user experience develops over time. The same relates to the citizen surveys that have been conducted in Denmark, Norway, and Finland and that are to be developed and conducted in Iceland and Sweden as well (see chapter 4). Nordic e-health policies put great emphasis on making systems more usable. This includes making systems more useful, trustworthy and pleasant to use for the health professionals as well as the patients and the citizens.
Table 5: Aspects, sub-aspects and indicator examples for the System Use construct
Aspects | Sub-aspects | Indicator example | Examples of survey questions |
Primary use of data | |||
Hardware or systems used | Technical quantity | How many monitors do you use at your workstation? | |
System integration | How many work-related passwords do you use on a typical day? | ||
Technical quality | The systems are stable in terms of technical functionality (does not crash, no downtime). | ||
Faulty system function has caused or has nearly caused a serious adverse event for the patient. | |||
In my view, the system frequently behaves in unexpected or strange ways. | |||
Information entered/documented occasional-ly disappears from the information system. | |||
The system responds quickly to inputs. | |||
Making decisions | |||
Executing decisions | |||
Ease of use | UI present data and ele-ments in a usable way? | The arrangement of fields and functions is logical on computer screen. | |
Terminology on the screen is clear and understandable (for example titles and labels). | |||
Entering and documenting patient data is quick, easy and smooth. | |||
The systems keep me clearly informed about what it is doing (for example saving data). | |||
Routine tasks can be performed in a straight forward manner without the need for extra steps using the system. | |||
It is easy to obtain necessary patient infor-mation using the EHR system. | |||
The information on the nursing record is in easily readable format. | |||
It is easy to perform searches with the sys-tems used for following up activity. | |||
The patient’s current medication list is pre-sented in a clear format. | |||
The EHR system generates a summary view (e.g. on a timeline) that helps to develop an overall picture of the patient’s health status. | |||
Health Information Exchange | Information on medications ordered in other organizations is easily available. | ||
Obtaining patient information from another organization often takes too much time. | |||
Patient data (also from other organizations) are comprehensive, up-to-date and reliable. |
The CAMM model defines clinical/health behavior as “meaningful adaptation of clinical workflows or health behaviors that are facilitated by the HIS”. According to Price and Lau, aspects of clinical behavior change include productivity changes and changes in specific clinical activities. Impacts on productivity can be both positive and negative and can relate to healthcare organizations as a whole. Clinical activities behaviors relate to clinicians as well as to patients.
In the context of NeRN, the usability and user experience surveys that have been developed and validated in Finland (Viitanen et al. 2011, Kaipio et al. 2017, Hyppönen et al. 2019) also encompass questions about clinician’s behavior. The Nordic e-Health policies all include great emphasis on making systems more usable in order to change the behavior of the clinicians. The clinical behavior includes aspects on primary use of data as well as secondary use of data. In particular the secondary use of data can be evaluated on macro-, meso-, and micro level. This includes the clinicians input of data for monitoring quality and productivity issues as well as making use of the data to monitor personal performance.
Table 6: Aspects, sub-aspects and indicator examples for the Clinical/health behavior
Aspects | Sub-aspects | Indicator example | Examples of survey questions |
Primary use of data | |||
Co-operation | Support of co-operation | EHR systems support co-operation and communication between physicians work-ing in different organizations. | |
EHR systems support co-operation and communication between physicians and nurses. | |||
EHR systems support co-operation and communication between physicians in your own organization. | |||
EHR systems support co-operation and communication between provider and patients. | |||
Measurement results provided electronical-ly by the patient (e.g. via patient portal) help to improve the quality of care. | |||
The EHR system provides me with infor-mation about the need for and effective-ness of treatment of my patients. | |||
The system monitors and notifies when the orders given to nurses have been com-pleted. | |||
Follow-up data provided by the systems is reliable and faultless. | |||
I use some systems facilitating follow-up of activity every day. | |||
Primary use of CDS front-end-tools | Alert fatigue / burn-out | ||
Out of context | |||
DSS Knowledge outdated | |||
Positive DSS experiences | I find CDS alerts helpful. | ||
Secondary use of data | |||
Macro-level | Incident reporting | ||
The quality of the input of data? | |||
Terminology-related is-sues | |||
Meso-level | Monitoring functionalities (e.g. quality, performance, …) | What supportive functionalities have been integrated in the EHR system? a) Research b) Innovation c) Business activities d) Clinical performance e) Quality performance d)... | |
EHR system automatically report to nation-al quality registers. | |||
EHR systems facilitate measurement and monitoring of functional quality. | |||
EHR systems help me to monitor the achieving of the targets set by my unit (e.g. numbers of patients, periods of treatment, types of operations). | |||
Timeline in reuse of data? | |||
Micro level | "Clergy" work | I have to collect information needed for management from several EHR systems. | |
End users' use of second-ary data | I am able to compare the quality of my hospital to other hospitals. | ||
I use some systems facilitating follow-up of activity every day. | |||
I can use EHR systems to guide daily activ-ity. | |||
I can correlate my post-surgical infection rate with that of other. | |||
Available data support research, innova-tion and business activities. | |||
Contributing to further development | I can contribute/engage in quality im-provement work. | ||
I can engage in new CDS-rules-developing. |
In the CIMM model, clinical outcomes are defined as “the impacts attributable to the adoption of the HIS”. The model defines five aspects of clinical outcomes: patient level outcomes, provider level outcomes, organization level outcomes, population level outcomes, and cost outcomes (Price and Lau 2014).
In the earlier NeRN activities outcome measures have not played a significant role, mainly due to the methodological challenges in establishing causal relations or even correlation between eHealth initiatives and reliable outcome measures. This specifically relates to patient level outcomes and provider level outcome. Patient level outcomes are more specifically discussed in chapter 4. In terms of organizational level outcomes, a few issues can be pointed out e.g. improved documentation quality, integration of clinical information and management data. However, it is at the same time complicated to obtain reliable data to characterize the improvement or express the benefits of enhanced data-integration.
Table 7: Aspects, sub-aspects and indicator examples for the clinical outcome
Aspects | Sub-aspects | Indicator example | Examples of survey questions |
Patient level outcome | |||
Provider level outcome | Monitoring of targets | EHR systems help me to monitor the achieving of targets set by my unit (e.g. numbers of patients, periods of treatment, types of operations). | |
Care quality | Information systems help to improve quality of care. | ||
Care continuity | Information systems help to ensure continuity of care. | ||
Guideline adherence | Information systems support compliance and adherence with the treatment recommendations. | ||
Medication errors | Information systems help in preventing errors and mistakes associated with medications. | ||
Duplicate tests | Information systems help to avoid duplicate tests and examinations. | ||
Patient-provided info | Measurement results provided electronically by the patient (e.g. via patient portal) help to improve the quality of care. | ||
Organizational level outcomes | Improvement of produc-tivity | EHR systems have helped to improve the produc-tivity of my unit in the last few years. | |
I use EHR systems to follow the use of personnel, equipment and room resources. | |||
Improvement of efficacy | EHR systems have helped to improve the efficacy of my unit in the last few years. | ||
Population level outcomes | Mortality | ||
Readmission rates | |||
Cost outcomes |
The third task set to the NeRN network was to update a list of common indicators in accordance with the new policy goals. However, only one country has in the past period repeated a survey-based measurement of a number of indicators for availability and use. Hence there are no new data on the indicators to present and compare.
An update of the list of indicators has been achieved by applying a theoretical framework to evaluate the availability, system use, clinical behavior, and outcome of the situation after a system has been implemented. Many of the aspects outlined by the theoretical framework have been a part of the monitoring activities in the Nordic countries. However, the application of a coherent theoretical framework provides an opportunity to align the surveys conducted in the Nordic countries to obtain comparable and consistent measures.
Hyppönen et al. (2013). Nordic eHealth Indicators. Organisation of research, first results and the plan for the future. TemaNord 2013:522. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2013-522
Hyppönen, H., Kaipio, J., Heponiemi, T., Lääveri, T., Aalto, A.M., Vänskä, J. and Elovainio, M. (2019). Developing the National Usability-Focused Health Information System Scale for Physicians: Validation Study. Journal of medical Internet research, 21(5), 21(5):e12875. Available at: https://doi.org/10.2196/12875
Kaipio, J., Lääveri, T., Hyppönen, H., Vainiomäki, S., Reponen, J., Kushniruk, A. et al. (2017). Usability problems do not heal by themselves: National survey on physicians’ experiences with EHRs in Finland. International Journal of Medical Informatics. 2017 Jan 1;97:266–81. Available at: https://doi.org/10.1016/j.ijmedinf.2016.10.010
Price, M. and Lau, F. (2014). The clinical adoption meta-model: a temporal meta-model describing the clinical adoption of health information systems. BMC Med Inform Decis Mak. 2014 May 29;14:43. Available at: https://doi.org/10.1186/1472-6947-14-43
University of Victoria. eHealth observatory: The Clinical Adoption Meta-Model http://ehealth.uvic.ca/methodology/models/CMM.php
Viitanen, J., Hyppönen, H., Lääveri, T., Vänskä, J., Reponen, J. and Winblad, I. (2011). National questionnaire study on clinical ICT systems proofs: Physicians suffer from poor usability. International Journal of Medical Informatics. 2011 Oct 1;80(10):708–25. Available at: https://doi.org/10.1016/j.ijmedinf.2011.06.010
eHealth services for citizens are electronic services and applications used by citizens/patients for promoting health, welfare and selfcare; for improving access to healthcare services; and for enhancing information flow between healthcare services and citizens (Hyppönen, 2018). The aim of conducting a citizen survey is to evaluate the eHealth services for citizens regarding availability, use, barriers, benefits, needs, perceptions and attitudes towards e-Health/welfare services now and in the future.
To our knowledge, surveys on eHealth in a citizen perspective are project based, scattered, and conducted with irregular frequency in the Nordic countries as well as internationally.
An initial mapping of citizen surveys within the field of e-health in the Nordic countries was conducted by the Nordic e-Health Research Network during the third mandate period 2015–2017 (Hypponen et.al. 2017).
During the current mandate period 2017–2019 this work has been followed up through a more detailed examination and comparison of previous national surveys; their content and organization.
To provide an understanding of how and why citizens surveys are conducted in the different partner countries we have agreed on a number of questions during our meetings, and asked all countries to answer the following questions:
As it will be stated, the Nordic countries have different practices regarding frequency, topic of the citizens surveys, as well as how the surveys are organized, owned and financed. By disseminating and making these differences visible we hope to encourage discussion of whether more synergy among the Nordic countries’ citizens surveys are expedient to bring knowledge that can further the future design and planning of eHealth in the Nordic countries to the needs of its citizens. Obviously, we may also be able to encourage international discussions on how eHealth affects citizens. As for now three different ownership constellations can be identified.
Denmark
The National surveys on Danish citizens’ expectations and perspectives on eHealth are conducted bi-annual. The first was done in 2013, and its design was inspired by Canadian and Australian studies of consumer experience with eHealth. The second survey in 2015 and the third in 2017 were further inspired by questions posed in national surveys from Norway and Finland. The fourth survey is planned to take place in autumn of 2019.
Norway
National surveys on use of eHealth in the Norwegian population were conducted in 2000, 2001, 2003, 2005, 2007, 2013 and 2019.
Sweden
The first national survey on use of e-health in the Swedish population is planned to be conducted in autumn of 2019.
Finland
National citizen surveys on eHealth have been conducted in 2014 and 2017 in Finland, and the third national survey will be conducted in 2020
Iceland
National surveys on citizens´ use and experience of using eHealth services have not been conducted yet in Iceland. However, plans have been made to conduct the first national citizen survey on the use of eHealth in the fall of 2019. The questionnaire will build on recommended indicators by NeRN.
Denmark
The survey is a research-based activity, designed by the Danish eHealth Observatory researchers from Aalborg University. The administration is done by a private Danish poll agency (Megafon). The questionnaires were pilot tested each year. The surveys are combinational using both email and telephone. The selected respondents are part of Megafon’s citizens’ panel reflecting the Danish adult population with respect to age, education and geographic distribution.
Norway
In the period 2000–2013 the first six surveys were conducted by an independent research institute (Norwegian centre for e-health research, former Norwegian centre for telemedicine), whereas the last survey in 2019 was designed and conducted by the national authorities (eHealth Directorate).
All surveys were conducted by national poll agencies.
In the first five surveys samples were representative of the Norwegian population, interviews were conducted by telephone and questionnaires were validated through piloting and international research collaborative practices, including translations by dual-focus approach.
In the 6th and 7th surveys samples were reduced to including internet users only.
In the 7th survey a new questionnaire was developed by national authorities in collaboration with a private consultancy agency.
Sweden
The first National Citizen Survey on eHealth usage is planned to be conducted in the fall of 2019. The questionnaire was developed by Karolinska Institutet and Linköping University on behalf of the Swedish eHealth Agency. This work was based on the previous work within the NeRN network. The Swedish eHealth Agency will be responsible for the survey. Data collection and analysis will be done by Statistics Sweden. The target population will sample from the whole population of citizens 18 years and older.
Finland
The surveys were conducted on national level (representative sample of 4,000 citizens) in 2014 and 2017 as mail surveys + digital reply option. The next survey will be conducted in 2020. The surveys have been validated through piloting and via using questions from international surveys. The 2014 (first) survey was conducted as a stand-alone survey, THL commissioned a national polling agency. A questionnaire was developed using as background variables questions from the THL national citizen health, welfare and service use survey. The eHealth variables were developed in collaboration with the citizen and patient association and exploiting national and international research. The (2017) second eHealth survey was integrated as a module into the health, welfare and service use survey, conducted by THL. This collaboration is foreseen to continue in 2020.
Iceland
The first National Citizen Survey on eHealth usage will be conducted in the fall of 2019. The National Centre for eHealth unit within the Directorate of Health will be responsible for the survey. It has yet to be decided whether the target population will only include users of the National Citizen Health Portal or a sample from the whole population of citizens 18 years and older.
Denmark
The survey data are owned by the Danish E-health-observatory and the researchers that have been involved in designing the survey questions. The Danish E-health Observatory comprise of researchers from Aalborg University and the University of Southern Denmark.
Norway
The first six surveys were conducted and owned by an independent research institute, the Norwegian Centre for e-health research (NSE). The 2019 survey is owned by the public health authorities, the Norwegian Directorate of e-health.
Sweden
The survey data are owned by the Swedish eHealth Agency but can be used by Karolinska Institutet for research purposes.
Finland
The survey data are owned by the National Institute for Health and Welfare.
Iceland
The Directorate of Health will be the owner of the survey.
Denmark
The surveys are financially supported by the Danish E-health-observatory, which has monitored eHealth implementation in Denmark for many years e.g. the national implementation of the Electronic Health Record (EHR) and the national monitoring of clinicians use of health informatics in their daily practices. The Danish E-health-observatory generates funds to do research activities from the surplus from the conference fee payed by participants attending an annual conference. This is possible because the Danish E-health-observatory is a non-profit organization following the public sector regulation of university activities.
Norway
Five out of seven surveys were financed internally by the institutions conducting them, two of the surveys conducted by NSE (2005 and 2007) were financed by external research funding (EU research funding).
Sweden
This first survey is funded by the Swedish eHealth Agency. Further surveys and sustainability of both content and organization are under discussion.
Finland
One of the projects in the program Ministry of Finance program developing public e-services in Finland (SADe 2010–2015) was targeted at public social and healthcare e-service development SADe-SoTe (Hannele Hyppönen, Päivi Hämäläinen, Jarmo Reponen (eds.) (2015). Funded by this project, a national survey of citizens’ views of e-health and e-welfare was conducted in 2014 for the first time in Finland (Hyppönen et al. 2014). The survey was conducted as a stand-alone survey, using selected variables from citizen surveys in other countries.
The second citizen survey on eHealth was conducted in 2017, co-funded by the Ministry of Social affairs and Health and National Institute for Health and Welfare (THL) as a mid-term assessment of the strategy. The eHealth survey scales were integrated into an ongoing Finnish survey related to citizens health, wellbeing and service use. The survey will continue in 2020, with permanent funding from the Ministry. (Vehko et al. 2019) as the assessment of strategy goals and as steering a way ahead.
Iceland
There will not be any extra funding for the Directorate of Health for conducting the national citizen survey.
Denmark
Financially the Danish surveys are sustainable as longs as the Danish E-health-observatory gains a surplus on its conference activities and as long as researchers involved do have research time to allocate to the activity. Or to put it differently, the surveys depend on very vulnerable funds.
Norway
The surveys have been organized as separate projects, funding has been a mix of internal funds from the NSE and external research funding, and for the last survey the Directorate of e-health has funded the project.
Finland
Financially the survey has been project-based, relying on the funding from the Ministry of Social affairs and Health. A project contract for funding 2020 data collection and reporting has been made with the Ministry of Social Affairs and Health, with a stipulation to prepare shift to make the project-based eHealth surveys as a permanent activity of THL.
Iceland
The Directorate of Health will be funding the national citizen survey. There is no specifically earmarked governmental funding for the survey.
Denmark
The Danish E-health-observatory has financed the survey, meaning that it is an independent semi-formal organization as described above. Designing and planning the survey has been attended to Danish Universities and university researchers.
Norway
There has been a change in ownership of the surveys in Norway, going from independent research to state owned surveys.
Finland
The Finnish surveys have been planned and conducted by THL.
Iceland
The Directorate of Health will be responsible for conducting the survey and hence be the sole owner of the citizen survey in Iceland.
Denmark
The surveys have been designed by eHealth researchers using scientific standards for social science methodology. All surveys have repeated basic indicators, but it has been important to add new indicators and omit others to comply with the development in digitalization. E.g. we no longer ask about availability of internet connection and we have started to ask for experience with patient generated health data. Selected survey results have been disseminated at conferences and in scientific journals.
Norway
The first six surveys were designed by researchers and conducted according to scientific standards, i.e., social science methodologies, including a standard validation of questionnaires and analysis. The design, from questionnaire to analysis and dissemination, was anchored in three research questions underpinning all surveys; (i) what are the patterns of use and non-use? (ii) what are the consequences of such use? and (iii) what are the populations expectations with regard to provision of e-health services? The scientific validity is reflected in the dissemination of the survey results, which included scientific journals quality controlled by peer review.
The 2019 survey draws from previous surveys in Norway and other Nordic and European countries. The survey was designed by a consultancy agency in collaboration with national authorities.
Sweden
The survey questionnaire will build on surveys conducted in the other Nordic countries and indicators recommended by NeRN.
Finland
The citizen eHealth survey is conducted as a module in a national health, wellbeing and service use survey. The eHealth researchers have a limited impact on change in the background (independent) variables. The dependent variables (outcome variables, eHealth variables) focus on eHealth use, barriers of use, benefits of eHealth and eHealth service needs. These variables are kept as constant as possible, with additions/omissions of well-argued selected items.
Iceland
The survey questionnaire will build on surveys conducted in the other Nordic countries and indicators recommended by NeRN.
Denmark
The Danish survey was initiated back in 2013 as a research activity, financially supported by the Danish eHealth Observatory. The results have been disseminated at the annual Observatory meeting (+600 participants) as well as in papers in journals, at international conferences, book chapters, university teaching etc. In addition, selected results from the first two surveys (2013–2015) were additionally published as technical reports at the Danish Center for health informatics web page.
Norway
The first surveys were initiated by researchers and authorities (the 1999 Directorate of health and social affairs) in collaboration. The results from the first 6 surveys followed a dissemination plan which included targeted dissemination to selected multiple audiences; the scientific community were reached through scientific publications and presentations (journals, conferences, seminars, teaching), national and local health authorities, practitioners in the sector and patient organizations were reached through a combination of scientific channels (papers, conferences), popular science channels (conferences, commentaries in media) and inclusion of results in seminars, meetings and relevant intervention- and evaluation projects where these target groups participated. The wider audience (i.e., the Norwegian population) were reached through the press (press releases, commentaries in national and local newspapers).
The 2019 survey was published by the owner (e-health directorate) on their website and presented in meetings and conferences.
Finland
The first survey was requested by the Ministry of Finance, the next surveys by the Ministry of Welfare and Health. The first survey impacted the Social and Health care digitalization strategy in form of the publication and consultation requests. The second survey results have generated requests for presentations in multiple seminars and Ministry working groups. The databased results have raised a lot of interest, and are used in the national and regional decision making and in universities as training material for social and health care students.
Iceland
The aim is to publish the results from the citizen survey on the website of the Directorate of Health, in journals and give presentations. The results could be used to further improve the National Citizen Health Portal and its user experience.
Denmark
Statistic Denmark
Danish Health Data Directorate
The Danish Consumer Council
Sundhed.dk
Norway
Difi (Directorate of public management and eGovernment)
Dips (private vendor of e-health services)
Finland
In Finland, there are at present two online systems that host at least some eHealth indicator data. The first current host for eHealth indicator data is the national health information system (Kanta). This hosts statistics on the diffusion and use of national health information services. The data are real time and available in Finnish, Swedish and English.
The second reporting system is the online database reporting system of the National Institute for Health and Welfare (THL). The system is hosting an increasing amount of statistical and survey data and making it available for flexible use online. One set of statistics directly relevant for monitoring eHealth outcomes is the AvoHILMO statistics (Hyppönen et al 2017).
Iceland
The Directorate of Health conducts surveys on health every 3rd year but has not yet conducted a survey on citizens use of eHealth.
Based on our work on summarizing and discussing the initiatives within the area of citizen e-health surveys across the Nordic countries the Nordic e-Health Research Network has the following recommendations:
Hyppönen et al. (2017). Nordic e-health Benchmarking. From piloting towards established practice. TemaNord 2017:528. Copenhagen: Nordic Council of Ministers. Available at: https://doi.org/10.6027/TN2017-528
Hyppönen, H. (2018). Citizen experiences of e-health services: Willing and able? eHealth and Telemedicine conference 15.-17.3.2018, Viking Mariella. Available at: https://www.slideshare.net/THLfi/citizen-experiences-of-ehealth-services.
Hyppönen, H., Hämäläinen, P. and Reponen, J. (eds.) (2015). E-health and e-welfare of Finland - Check point 2015. Report 18/2015. FinnTelemedicum and National Institute for Health and Welfare. Available at: https://www.julkari.fi/bitstream/handle/10024/129709/URN_ISBN_978-952-302-563-9.pdf?sequence=1
Hyppönen, H., Hyry, J., Valta, K., and Ahlgren, S. (2014). Sosiaali- ja terveydenhuollon sähköinen asiointi - Kansalaisten kokemukset ja tarpeet. Raportti 33/2014, Terveyden ja hyvinvoinnin laitos, Helsinki. Available at: http://urn.fi/URN:ISBN:978-952-302-410-6
Vehko, T., Ruotsalainen, S. and Hyppönen, H. (eds.) E-health and e-welfare of Finland: Check Point 2018. Report 7/2019, FinnTelemedicum and National Institute for Health and Welfare. Available at: http://urn.fi/URN:ISBN:978-952-343-326-7
Publications based on the Danish survey data:
Bertelsen, P. and Tornbjerg, K. (2014) Undersøgelse af borgernes anvendelse af sundheds-it i 2013, DaCHI, Aalborg Universitet.
Petersen, L.S. and Bertelsen, P. (2016) Undersøgelse af borgernes perspektiv på sundheds-it i 2015, DaCHI, Aalborg Universitet.
Bertelsen, P. and Tornbjerg, K. (2015) Danish Citizens' Expectations to the Use of eHealth, p. 78–82 Studies in Health Technology and Informatics, Vol. 208. IOS Press.
Bertelsen, P. S. and Petersen, L. S. (2015) Danish Citizens and General Practitioners' Use of ICT for their Mutual Communication, p. 376–379 Studies in Health Technology and Informatics, Vol. 216. IOS Press.
Petersen, L. S. and Bertelsen, P. S. (2016) Patients perception of Clinicians use of ICT during patient consultation in the different sectors of Danish healthcare, Exploring Complexity in Health: An Interdisciplinary Systems Approach., p. 680–684 Studies in Health Technology and Informatics, Vol. 228. IOS Press.
Petersen, L. S. and Bertelsen, P. S., (2017) Equality Challenges in the Use of eHealth: Selected Results from a Danish Citizens Survey, p. 793–797 5 s. Studies in Health Technology and Informatics Vol. 245. IOS Press
Publications based on the Norwegian survey data:
Andreassen, H., Bujnowska-Fedak, M. M., Chronaki, C. E., Dumitru, R. C., Pudule, I., Santana, S., . . . Wynn, R. (2007). European citizens' use of E-health services: A study of seven countries. BioMed Central Public health. Retrieved from http://www.biomedcentral.com/1471-2458/7/53 or https://doi.org/10.1186/1471-2458-7-53
Andreassen, H. K., Wangberg, S. C., Wynn, R., Sørensen, T., and Hjortdahl, P. (2006). Helserelatert Internettbruk i den norske befolkningen. Tidskrift for den norske legeforening, 126 2950–2952.
Andreassen, H. K. W., Silje C, Wynn, R. S., Tove, and Hjortdahl, P. (2006). MEDISIN OG VITENSKAP-Aktuelt-Helserelatert bruk av Internett i den norske befolkningen. Tidsskrift For Den Norske Lægeforening, 126(22), 2950–2953.
Kummervold, P. E., Chronaki, C. E., Lausen, B., Prokosch, H. U., Rasmussen, J., Santana, S., . . . Wangberg, S. C. (2008). eHealth trends in Europe 2005-2007: a population-based survey. J Med Internet Res, 10(4), e42. Available at: https://doi.org/10.2196/jmir.1023
Sørensen, T., Andreassen, H., & Wangberg, S. (2014). Prosjektrapport. E-helse i Norge 2013. Retrieved from
Wangberg, S., Andreassen, H., Kummervold, P., Wynn, R., and Sørensen, T. (2009). Use of the internet for health purposes: trends in Norway 2000–2010. Scandinavian journal of caring sciences, 23(4), 691–696. Retrieved from http://onlinelibrary.wiley.com/doi/10.1111/j.1471-6712.2008.00662.x/abstract.
Wangberg, S. C., Andreassen, H. K., Prokosch, H. U., Santana, S. M., Sorensen, T., and Chronaki, C. E. (2008). Relations between Internet use, socio-economic status (SES), social support and subjective health. Health Promot Int, 23(1), 70–77. Available at: https://doi.org/10.1093/heapro/dam039
The digital infrastructures in all Nordic countries continue to expand and deepen their entanglement with society, aiming to offer substantial benefits through deeper, wider, and more reliable coverage of data sources. Consequently, the utilization of information and communication technology (ICT) in the healthcare sector is just as pervasive as in rest of society. However, as almost all healthcare data are directly classifiable as highly sensitive, and because delivery of health services depends on the integrity, availability, and confidentiality of those data – ensuring information security is vitally important.
Information security is the term used for addressing all issues related to ensuring the safeguarding of information – regardless of how this information is stored, managed, and utilized. Cyber security focuses on protecting information and systems against threats posed through its availability through information and communication technology. Thus, cyber security not only focuses on protecting data, but also on defending technology in itself. To simplify terminology, we use the term “cyber security” in this chapter to cover both information and cyber security.
Not all cyber security incidents are a product of criminal intent. Thus, cyber security not only deals with malicious actions, but also with safeguarding against unintended consequences accidentally induced by suppliers or end-users. Furthermore, recent incidents with large-scale cyber-attacks such as WannaCry and NotPetaya have shown that although health services may not be the intended targets, their broad threat exposure through employees and diverse information systems mean they are easily caught in the line of fire and fall victim to untargeted network attacks.
Internet-based network attacks have been around for many years. However, the growing pervasiveness, connectedness, and reliance of information technology has bolstered public awareness in the importance of information and cyber security. In recent years, we have seen this awareness emerge at a policy level as information security strategies become more widespread, and increasingly mandatory.
One such initiative is the directive on security of network and information systems, known as the NIS Directive, from the European Commission which entered into force in 2016, and requires member states to include the directive into national legislation by 2018 [1]. Most notably, the NIS Directive obligates member states to define a national strategy for the security of network and information systems, establish a Computer Security Incident Response Team (CSIRT), a national NIS authority, and appropriate security measures for a number of identified essential services – including the health sector.
This growing awareness and attention to information security at all levels in society, in a networked and borderless world, poses a relevant case for comparing national security initiatives in the Nordic countries. Thus, the aim of this chapter is to establish an understanding of the national and healthcare sector specific security strategies across the Nordic countries. Comparing initiatives at a strategy level can serve as inspiration for strengthening national and local initiatives and may aid in establishing cyber security insight in the council.
As cyber security is a new addition to the NeRN work, the preliminary goal of the working group was to establish a common understanding of issues pertaining to this field. To establish a shared understanding of the security landscape, and aid in the identification of relevant content for comparative analysis, several cyber security presentations were delivered during network meetings. Strategies, reports, and additional documents were collected by the working group, and used as a corpus for analysis.
To conduct the analysis, first a coding framework was devised based on a review of the evaluation framework for national cyber security strategies by the European Union Agency for Network and Information Security (ENISA – wwww.enisa.europa.eu) [2]. Furthermore the strategies were assessed using guidelines from the International Telecommunication Union’s Guide to developing a national cybersecurity strategy [3]. These sources comprised the aspects by which we assess the various national and sector specific strategies as depicted by Figure 2. This analysis is conducted on a backdrop consisting of the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity [4], and the Cybersecurity Capacity Maturity Model for Nations (CMM) by the Global Cyber Security Capacity Centre, evaluate the cybersecurity capacity from five dimensions [5].
Figure 2: Analysis framework
The national strategies were first evaluated based on codes devised from the ENISA framework by coding strategies according to occurrence of the following four objectives:
After an initial round of coding, sub-groups where added to the four objectives to enable a deeper understanding of the nuances of each objective.
Figure 3: Objective sub-groups
Additionally, strategies were coded to highlight input resources made available for the implementation of the strategy, core activities through which the outputs and outcomes are pursued. Outputs as direct results of program activities such as reports, improved frameworks, capabilities, response plans and training programs. Depending on the perspectives of the initiatives, results can be classified either as outcomes on a short to medium term, or as long term (10+ years) as impacts.
Initially, a map of national strategies, health sector specific strategies, relevant secondary reports, and threat assessments was compiled by the research network
Table 8: Overview of strategic corpus
National strategy | Sector strategy | Supporting material | Threat assessments | |
Denmark | “Danish Cyber and Information Security Strategy” (2018) | “A strengthened collective cyber and information security effort” (2019) | “Målepunkter for informations- sikkerhed” (2013) | “Cybertruslen mod sundhedssektoren” (2018) |
Finland | “Finland’s Cyber security strategy” (2013) | “Implementation programme for Finland’s Cyber Security Strategy for 2017–2020” (2017) | “Tietoturvan vuosi” (2018) | |
Iceland | “Icelandic National Cyber Security Strategy 2015-2026” (2015) | |||
Norway | “National Cyber Security Strategy for Norway” (2019) | Bransjenorm for informasjons- sikkerhed og personvern i helse- og omsorgstjenesten (2018) | “Vurdering av indikatorer for informasjons- sikkerhet” (2017) XX”List of measures – National Cyber Security Strategy for Nor-way” (2019) XX “Nasjonal e-helsestrategi 2017–2022” | “Situasjonsbilde 2018” (2018) |
Sweden | “Nationell strategi för samhällets informations- ock cybersäkerhet” (2016) [6] | “Vision e-hälsa 2025” (2016) | “En bild af landstingens informations- säkerhetsarbete 2018” (2018) |
It was not possible to identify and retrieve all types of material for all the Nordic countries. This does not necessarily indicate that a given type of document is non-existent, although it does point to the difficulty in acquiring the information.
The aim of national cyber security strategies (NCSS) is to inform society of its position in a complex information dependent landscape, and to make a statement of how to face the challenges on a political, governmental, and societal level. One intended effect is to establish an awareness of the potential consequences of threats, thereby incentivizing pre-emptive actions and adequate responses [1]. The globalized nature of information technology results in a homogenous treat landscape. Still, different capabilities and circumstances renders variances in risk. The NCSS’s are therefore developed on the basis on each Nordic country’s own security objectives and national interests.
In general, the purpose of NCSS’ is to induce trust amongst participants in digital markets by raising awareness, strengthening collaboration, and boosting resilience. Thereby strengthening the nation’s overall level of security to become more competitive and attractive markets for business, and to further the continuation of the technologic development. As strategies go, the cyber security strategies are often statements of intent and aim, rather than dissemination of specific initiatives and activities.
As the Nordic countries are in the forefront of societal digitalization, their ICT infrastructures are highly dependent on existing in a secure and well-functioning digital arena. An important part of the strategies is therefore the identification of vulnerabilities and threat assessments in the existing cyber domains and establishing a better understanding of the consequences of breaches and breakdowns. However, they also act as ethical guidelines, support statements for businesses, research and innovation, and assurance of compliance with international standards and legislation.
A general tendency in the NCSS’s, is that each nation has formulated a few, very broad, overall benchmarks as the foundation of their strategy. All the initiatives, inputs, outputs, objectives, activities, outcomes and impacts supports one and/or more benchmarks. A comparative analysis of the NCSS benchmarks for the five countries showed, in the same manner as the threat landscape, that they are predominantly homogenous. The benchmarks vary among the nations in frequency and emphasis, but overall, they can be summarized into the following dimensions: strengthening competencies, collaboration, everyday safety, resilience and legislation.
Table 9: Mapping of benchmarks
Country | Denmark | Finland | Iceland | Norway | Sweden |
Number of Benchmarks | 3 | 3 | 4 | 5 | 6 |
Strengthening Competencies | Better competencies through research, public awareness, partnerships, and organizational culture. | Everyone can effectively utilize a safer cyber world and the competencies arising from cyber security measures. | Capacity building by equipping the public, enterprises and government with knowledge, skills and equipment. | Improved cyber security competence is aligned with the needs of society. | Increase knowledge and promote development of competences. |
Collaboration | Joint efforts combining initiatives from each sector, management of outsourcing, better coordination, and emphasis on data ethics and protection. | Become a global forerunner through investment in cyber security research, development, and management of service disruptions. | A stronger cooperation between the business community and authorities. | Secure a systematic and joint approach to working with information and cyber security. Strengthen international collaboration. | |
Everyday safety | Everyday safety by establishing sector specific cyber security coordination, better regulation, improved monitoring, and easier reporting and shar-ing of security incidents. | Critical societal functions are supported by robust and reliable digital infrastructure. Businesses can digitalize in a secure manner and be able to protect themselves against cybercrime. | Increase security in products, networks and systems. | ||
Dealing with cybercrime /Resilience | Secure vital functions against cyber-attacks/threats in all situations. | Improve police forces ability to tackle cybercrime and improve the resilience of national information systems. | The Police have strengthened their ability to prevent and combat cybercrime. | Preventing and combat cyber related crimes. Strengthen the ability to prevent, detect and dealing with cyber accidents and other incidents. Development of a cyber defense for sensitive activities. | |
Legislation | Strengthened legislation to match international demands, while supporting innovation. | Ensure that legislation meets the changing demands of protective security. |
All NCSS’s are founded on the basis of EU’s directives and the strategies all emphasizes on the importance of external collaboration. The incentives for the countries collaboration in the ICT domain can be explained by the facts that there are no country borders on the internet and therefore if one EU-country has been hacked, it can have a “spill-over” effect of negative consequences on the other EU-countries.
The balance between safeguarding and utilization of confidential citizen and healthcare information has always been closely tied to ethical considerations. We observe that this issue is addressed somewhat differently by individual countries. Sweden greatly emphasizes the importance of maintaining democratic values in the digitalized society, while also protecting population health, rule of law, human rights and individual freedom. A similar tone is found in the strategies from Finland and Iceland which highlight human rights as basic rights, but also point to the fact that a well-functioning ICT infrastructure is a mean to promote freedom of speech. The Norwegian and Danish approaches are slightly different, with more focus being placed on the matter of ensuring citizens that the digital solutions and services are trustworthy and safe to use.
The benchmarks reviewed in Table 9 map well with the Objectives metric from the ENISA framework we utilized for coding the strategies. The objectives are shown in Figure 4 for each country, with each objective type as a ratio of total code registrations for the country, e.g. 30% of all code highlights for the Norwegian strategy belonged to the Collaboration category. As the publication date of the strategies span more than five years, a direct comparison is not feasible. However, we observe that across all countries and objectives; Collaboration and Support are the two objectives most strongly weighted, followed by Awareness. Monitoring, of both assets and threats, are the least mentioned objective.
Figure 4: Ratio of coded objectives in national strategies
This is likely because monitoring is the most tangible objective, and thus also the most dynamic aspect of all four objectives. Monitoring is instead addressed in implementation plans and security requirement specifications. Furthermore, although network attacks and threats know no borders, the NCSS should be read into the context and history of each nation. I.e., in both Sweden and Finland, the strategies are a piece of a broader preparedness plan.
Due to the different target audiences and recency, the distribution of the remaining codes used in the strategy analysis are very diverse. Regarding activities listed in the strategies, some are of establishing character, e.g. in Denmark the strategy intends to “establish a single digital solution for the reporting of ICT security incidents”. While other activities seek to standardize, e.g. in Sweden; “there is a need to carry out activities such as performing risk assessments, mapping security-sensitive assets and determining levels of protection with associated security measures based on and supported by a common model for systematic cyber security efforts”.
Looking at the distribution of phrases coded as either outcomes (short-term effects) or impacts (long-term effects), all countries balance short and long-term outcomes. Of all countries, the Swedish strategy most strongly emphasized long-term effects. This is stated as intent to safe-guard Swedish interests in the “context of a large number of processes encompassing political, legal and technical aspects. It also requires better coordination and dialogue between relevant stakeholders nationally”.
The NCSS varies substantially with regards to how directly they address resource allocation. In Denmark, Norway, and Finland this is partly specified as sectoral responsibilities, while also being supported by financial resources nationally. E.g., the Danish strategy states that 1.5 Bn. DKK will be invested in strengthening information and cyber defenses.
Across all NCSS’, responsibility to maintain safety and security is explicitly stated as being shared across all participants, both private and public. Thus, the private sector/business community have a responsibility to conducts assessments, implement, uphold, and invest in cyber security. How much this effort is supported by government, or directly includes the business community varies.
Utilizing the CMM tool [5], the general state of maturity of the strategy development across NCSS’ is deemed to be established[1]Maturity stages ranges from; Start-up, Formative, Established, Strategic, and Dynamic. as all strategies mention objectives that to varying extent are being realized by specific initiatives. More consideration regarding allocation of resources, and more specific declaration of performance indicators would lift the maturity level.
In this regard, it is important to differentiate between the maturity of strategies, and the actual maturity of national cyber security and resilience. E.g., all Nordic countries have national Computer Security Incident Response Team (CSIRT) and have established international partnerships to share knowledge of incidents.
All NCSS’ touch on the CMM strategies as well, but with different emphasis. In Denmark, a lot of attention is given to developing cyber security knowledge and encouraging a culture of responsibility. An example of this is through “Initiative 2.2 – Information Portal” that promise to establish a dynamic resource and information platform for citizens, businesses and authorities alike. Whereas the Swedish strategy is more specific with regards to supporting enforcement of legislative frameworks.
Health care stands out amongst the six other sectors defined in the NIS directive due to its inherent openness, as its very nature is to embrace and service public needs through open institutions. Furthermore, the majority of health care workers have direct access to the core information systems that are essential to the daily operation of health care services. This is necessary as availability of information is crucial, but it also poses one of the major jeopardies as the risks of compromising integrity and confidentiality is amplified.
In this section, we compare the reports and guidelines intending to improve information and cybersecurity in the Nordic countries. Unfortunately, it was not possible to identify publications from all countries; leaving us with a review of Sweden, Norway and Denmark (see Table 8). The three publications from these countries are vastly different in their scope, intent, and targeted audience. Nevertheless, we strive to provide a comparison of their stated objectives as these direct us toward the overall aim of each publication.
Comparing format and intended audience, “Bransjenorm for informasjonssikkerhet og personvern i helso- og omsorgstejenesten” from Norway is more akin to a continuously revised guideline, more than a strategy report. One of Bransjenormen’s intended uses is as a document of agreement between suppliers and the health sector. Thus, we find recommendations for how to correctly handle information security while safeguarding the integrity of citizens through a number of requirements such as establishment of data life cycle and classification protocols for handling sensitive information. E.g., “The company must maintain a list of all ICT equipment. This includes desktop computers, laptops, cell phones, servers, networking equipment etc”.
From Denmark, the strategy “En styrket, fælles indsats for cyber- og informationssikkerhed”, is considerably more oriented towards the policy level through its listing of four tracks each including initiatives related to prediction, prevention, detection, and response. E.g., all members of staff in the healthcare sector are required to receive training in cyber- and information security. This strategy report is structured to convey complex and far reaching initiatives, of which many remain financially unsupported. Finally, the Swedish health care vision for e-health from 2016, is less operational than the Danish strategy, but conversely provides a more value-driven approach with more emphasis on the importance of safeguarding the confidentiality of citizen health data. E.g. “The starting point in regulatory work in e-health, is to balance rights or interests such as protection of personal integrity, quality, security, and efficiency”.
Figure 4 plots the ratio of codes assigned to each category for Denmark, Norway and Sweden. Here we clearly see the impact of the temporal scope of each publication as the long-term vision set forth by Sweden foregoes any focus on the aspect of awareness, as this is pointless in a 10-year timespan where technology diffusion is hard to grasp.
Figure 5: Ratio of coded objectives
Another obvious characteristic from Figure 5 is the low frequency of Collaborative objectives in the Norwegian guideline. However, referring to the purpose of Bransjenormen as an information security guideline for requirements between a technology supplier and a provider of health services, collaboration can be stated as the principle underlining the entire document. The operational aspects of Bransjenormen is also evident through its extensive references to legislation and standards, both internally nationally, and at an international level, e.g., with references to the General Data Protection Regulation from the European Union. The safeguarding of personal sensitive information is also referred to as a key component in future initiatives (Nasjonal e-helsestrategi 2017–2022).
The extent of the Danish strategy in terms of scope and audience is best exemplified through the even distribution of code categories, but also its focus on the entire stakeholder group consisting of citizens, clinicians, IT professionals, local and national Computer Security Incident Response Teams. The latter is currently receiving substantial focus and support in Denmark, both in terms of support for the top-level National Center for Cybersecurity, and with regards to the establishment of a decentralized cyber- and information security unit.
Provider-patient confidentiality has always been a fundamental part of health care. Still, ICT related security concerns might not be at the forefront of clinicians’ daily agenda. To remediate this, training and campaigns seek to boost awareness. Still, dedicated support structures are needed to fully secure the ICT environment. This aspect is elaborately covered in the Danish sector strategy with an illustration of management, roles and responsibilities in case of a cyber security crisis. Similar initiatives is mentioned in the Norwegian e-Helse strategy for 2017–2022, but less detailed.
In parallel to the policy and management driven initiatives seeking to formulate strategies for information and cybersecurity, there is a need to gauge the depth and effectiveness of the initiatives. To achieve this, several countries have published reports on indicators for measuring information and cyber security. These indicators are typically grouped in a number of top-level categories, e.g., in the Danish report “Målepunkter for informationssikkerhed” with three groups:
These groupings have their offset in the ISO 27001 standard, which guides the standardization of information security management systems.
Another frequently used framework for structuring initiatives is the Confidentiality, Integrity, Availability heuristics. In the Swedish report “En bild av landstingens informationssäkerhetsarbete 2018” by Myndigheten för samhällskydd och beredskab (MSB) [7], these three traits are rooted in the utilization of various technical support tools: Domain Name System Security Extension (DNSSEC – Integrity) to reduce the risk of phishing attacks, Transport Layer Security (TLS – Confidentiality) to encrypt traffic properly, version 6 of the Internet Protocol (IPv6 – Availability) to ensure capacity for continued network growth. These three areas were assessed on selected web-sites for all Swedish regions using automated testing. This approach was found to be an effective mapping of the overall state of information security in the regions. Although a few regions scored high despite spending few staff resources on information security, the general picture is that results from the automated test is positively associated with allocated resources.
Turning our attention to the threat landscape, in addition to measuring security capabilities, trends in threat perception point not only to external hazards, but also to internal risks through weak points and shortcomings.
In Norway [8] the recommended countermeasures largely seek to improve preventive capacity through segmentation, access control, and application whitelisting. Awareness and a more widespread culture of security, and deeper insight into the software, hardware and information inventory, is recommended as the main approach to reducing the risk of unintended disclosure and exposure. Similar proposals are present in Finland where the annual Information security (Tietoturvan vuosi) report by the Finnish Transport and Communications Agency and the National Cybersecurity Centre. Here outsourced services or other 3rd party dependencies is emphasized as a main threat – similar to the threat posed by lacking of visibility into one’s own information systems.
In July 2018, the Danish Center for Cyber Security published an assessment of the threats facing the health sector – focusing on the threat from cyber espionage, crime, activism, and terror. While the risk of targeted destructive attacks is deemed low, risk of intentional breach of research and treatment data is very high. This assessment is in line with the current political climate with few offensive military engagements and a high focus on research and innovation. Espionage campaigns, on the other hand, are typically driven by financial incentives, and can have long-term negative effects on public opinion in the trustworthiness of participating in sharing their personal health data.
Although there are substantial differences in how the national assessments of threats, strengths and weaknesses are presented to the public in general, all assessments and reports stress the importance of improving risk and threat awareness through education and persistent everyday focus on adversarial actions.
During the last mandate period, cyber- and information security was included as a new dimension of relevance to the Nordic eHealth Research Network. As such, one of the main aims of this work has been to identify future actions and initiatives of relevance to the research network.
In this chapter, we have presented the main aims and points of the available national cyber- and information security strategies. A table of strategies, assessments, and supporting documents has been compiled. It is possible that some material may have been missed, especially from Iceland and Finland. Future work should seek to rectify this concern.
In conclusion, we observe a trend towards cyber security strategies becoming more substantial and tangible. Consequently, national strategies are broadening their recipient scope by becoming more oriented towards citizens as well as decision makers. In evaluating health sector specific approaches, we found considerably different approaches from Norway, Denmark and Sweden. These differences may serve as inspiration in every national council and strategic working group. The coding framework used in the strategy analysis can be used as an offset for investigations into the operationalization of strategies through interviews with decision-makers and managers. Common to all the reviewed threat assessments and indicator suggestions, it is evident that the majority of challenges are related to the aspect of humanity. Tightening the line requires an unwavering and continuous focus on education and a heightened awareness on a daily basis.
Additionally, as a part of the Danish indicator survey of clinician use of health IT systems, three new questions were added to investigate how clinicians relate to IT security through their awareness, attitude, and behavior towards information security awareness. Results from the survey are currently being analyzed to establish the validity of the questions, and to probe for any correlations between clinical profession, region of employment, overall satisfaction, and information security awareness. These questions can be refined and adjusted to be included in the surveys in other countries.
[1] E. Parliament, DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, 2016.
[2] "European Union Agency for Network and Information” Security", An evaluation Framework for National Cyber Security Strategies, 2014.
[3] I.T. Union, GUIDE TO DEVELOPING A NATIONALCYBERSECURITY STRATEGY, 2018.
[4] N.I. of S. and Technology, Framework for Improving Critical Infrastructure Cybersecurity, 2018.
[5] G.C.S.C. Centre, Cybersecurity Capacity Maturity Model for Nations ( CMM ), 2016.
[6] Sweden, Nationell strategi för samhällets informations- och cybersäkerhet, 2016.
[7] M. för samhällsskydd och Beredskap, En bild av landstingens informationssäkerhetsarbete 2018, 2018.
[8] N. Helsenett, Situasjonsbilde 2018, 2018.
In the effort to develop indicators for measuring availability, use and outcome of eHealth a recurring question is: Who can benefit from the indicators we develop? The target group for policy strategies and evidence of status is very broad and complex. It is a real challenge to ensure that data and information is communicated to the right persons in a comprehensible form. Developing fictional personas can be a way of improving the way we work.
Personas are fictional characters, that we created based upon our knowledge in order to represent different types of users. This can help us to direct our research to develop indicators of eHealth availability, use, and outcome in the Nordic countries. The creation of the personas will help us to better understand the users’ needs, experiences, behaviors, and goals. The process can help us to step out of our own narrow outlook and point out the aspects of indicator development that we must encompass. Furthermore, it will help us to choose the most effective channels of communicating the results that we produce.
In the following, we outline the characteristics of the personas currently identified.
The characters are:
The personas and their characteristics were developed over a long period of time. They are the result of many years of experiences from research, brainstorming, discussions and workshops. The workshops helped enable the alignment of the personas use in the Nordic countries, because the NeRN researchers all took turns on working on and added their knowledge to each of the personas created.
For personas to be a helpful tool in identifying indicators, is it important to make a detailed characteristic of the personas, which makes it easy for the user to imagine how this specific persona is as a whole. The personas are therefore described by their demography, biography, questions asked, technological abilities, goals, and fears/challenges. Demography is a short description of their age, education, occupation and family situation. This provides the basic foundation of the persona. The biography goes a bit deeper into the persona and provides us with more information about their personalities. The next paragraph, Questions asked, contains questions that the persona could pose in different situations and in relating to different matters. They have been added to personas, to provide an extra dimension to the persona-design, to make the user pay attention to any possible conflicts that could occur both short and long term. The next section, technological proficiency, describes how proficient the personas can use different kinds of technology and tells us something about how much they are using it. This gives the user an idea how and which channels to use in order to communicate with the specific persona.
Goals and fears are incorporated as a way for the persona-design user to identify how and where their research/policies align and/or differentiate from the end-users (Arthur McCay [2017]). Lastly, each persona is associated with a number of relevant current, or future, indicator aspects. The number of indicators identified varies among the personas e.g. we have identified zero-two indicators for the Patient Greta. Which tells us that there is not necessary any indicators what she would be interested in.
As mentioned in the introduction, the persona design helps widening the perspective of the researcher when they are taken into consideration both in order to encompass and target the research in an effective manner.
The persona design also functions as a great tool for policy making. Not only do the personas offer a more concrete way of focusing a specific policy to a segment, it also helps the policy makers to be aware of possible pitfalls that could occur in the implementation process or the policy´s practical function. Or put in another way, making policies with a design thinking approach, such as Personas, may help the policies to become more user-centered and applicable (Beatrice Andrews [2013]).
In a practical manner, the persona-design is done by asking the following questions: “If the system/technology/research/policy are to be successful, which persona is most essential/critical to please? And where/with whom does it conflict?” (Jeff Patton (2010)
The design of personas is a dynamic and agile process. As the work with developing indicators and writing strategies new issues emerge and add new aspects to the personas. In this report we have included nine different personas. However, we have further discussed e.g. different patient- or citizen groups with chronic diseases or with family carer obligations. New personas with other roles can be developed in the future.
Name: | Silje |
Age: | 35 years old |
Education: | Biochemist |
Occupation: | Works full time as a biochemist |
Status: | Married |
Children: | Two under the age of 10 years old |
Her mother has Alzheimer's disease |
Silje Works as a controller in the pharma industry and lives a busy life. While managing the daily needs of her closest family, Silje also engages with the caretaking of her extended family. Generally, Silje is satisfied with the healthcare system, but she values access, control, and transparency. She categorizes herself as having a generalized trust towards authorities and the society, but at the same time she is not afraid to ask question and double checking the answers afterwards.
- How do I make sure that my family gets the best possible care?
- Something about data security.
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Strong |
Social media: | Medium |
Fears missing valuable information concerning the treatment of family members.
Name: | Greta |
Age: | 86 years old |
Education: | Teacher |
Occupation: | Retired |
Status: | Widowed |
Children: | Two daugthers, Silja and Anna |
Disease(s): | Alzheimer/dementias |
She lives in her own home. Had a fall accident and was hospitalized.
Greta cannot manage her appointments on her own.
With respect to Greta’s legal competence the two daughters do not agree. Anna thinks her mother should be legally in charge, and that she should continue to live in her own home.
Silja thinks that Greta should not be legally in charge and that she should move to a nursing home in her neighborhood. She can manage her radio and TV set, and a land line telephone, but not mobile or smart phone, computer or tablet. Greta has a high level of trust in authorities.
- What services are available for me?
- What is going to happen?
- Who can help me at this point?
- How do I and my daughters get information? Via which channels?
Technology proficiency: | |
Radio and TV | Good |
IT and internet: | None |
Software: | None |
Mobile/tablet apps: | None |
Social media: | None |
Name: | Sigurd |
Age: | 56 years old |
Education: | MD Cardiology |
Occupation: | Practical patient contact on the floor level as well as departmental administration "office". Includes viewpoints from nurses, midwives, therapists. |
Status: | Married |
Children: | None |
Sigurd has spent many years perfecting his skills in cardiology. Doing so, he has worked at a number of hospitals, larger as well as small ones. Sigurd has management responsibilities in his department and is engaged in a number of smaller research projects on the side. When he is not on duty, Sigurd often works from home to get things done. Sigurd is slightly skeptical of information systems in health care, and often experiences frustration with communication channels.
- How good and efficient is our department compared to similar departments in other hospitals?
- How do I engage with patients when they are not admitted or in direct treatment?
- Are my patients getting better? What are the latest guidelines? How do I access clinical data nationally for my research?
- Can I trust the data and results I’m getting?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Strong |
Social media: | Low |
Name: | David |
Age: | 40 years old |
Education: | M.Sc. Political Science |
Occupation: | Policy maker in a small-to-middle sized town |
Status: | Divorced |
Children: | One teenager |
He has good analytical skills; he drafts policy papers and needs data to compare.
He could use a good monitoring database with annual assessments of reporting of data (nationally and regional).
He is process focused and pragmatic, but subject to regulatory framework (limitations and obstacles). He is a policymaker for more places: Local, regional, and national levels. David is very detail oriented in every aspect of his life. He would rather have too much information than too little. In his spare time, he likes to spend time with his child and go fishing.
- Do the institutional frameworks put constraints on political and legal issues?
- Policy evaluations and follow-ups?
- Are we lagging behind?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Medium |
Mobile/tablet apps: | Medium |
Social media: | Medium |
He wants clear messages and needs focused information.
Outcome focused on:
He has a big need for knowledge about things that work.
He requires knowledge-based facts – e.g. knowledge about international trends.
Indicators would support him with data on:
Name: | Alice |
Age: | 51 years old |
Education: | Computer Scientist |
Occupation: | CEO of large software development company. |
Status: | Married |
Children: | A grown up son |
Alice lives in a non-European country but travels a lot to Scandinavia as several of her business clients are situated there. During her travels she spends her time reading up on the latest developments and business-related challenges within her markets. Alice is driven and works long hours. Only uses private healthcare.
- What new opportunities do I see in the immediate and far future?
- What are the overall trends of the market?
- Are there any risks we should be aware of in particular?
- How is my system performing in relation to other systems? (benchmarking), how can I improve my competitiveness?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Strong |
Social media: | Strong |
Name: | Herlof |
Age: | 56 years old |
Education: | B.Sc. in Political Science – never completed his M.Sc. degree |
Occupation: | Minister of Health, potential Prime Minister |
Status: | Married |
Children: | No children |
Herlof has been the minister of Health for the last two terms that his party has been in government. He went into politics twenty years ago with a main interest in the field of labour market politics. But after some years his interest moved towards the health sector and health in general. He believes in the good in people but also that they need a push in the right direction. Despite of his idealistic beliefs, he still knows that there is a need for making the health sector more efficient to deal with the future challenges. In his spare time, he likes to spend time with his wife and go hiking.
- How can I get the fastest possible results with a minimum cost?
- Knowing how national health data are relevant for international research projects?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Medium |
Mobile/tablet apps: | Medium |
Social media: | Medium |
Wish to initiate changes in the use of ICT in a good way. Engaged in promotion of family values and healthy living.
Name: | Nette |
Age: | 53 years old |
Education: | Master's degree in public administration |
Occupation: | Hospital CEO |
Status: | Married |
Children: | Three, two adults and one teenager. |
Nette is very thorough, competitive and ambitious as a person. She is relatively new in the position as a CEO, but she has been working as CEO at another hospital for many years, which has made her familiar with the daily challenges present at a hospital. She has a natural flair for numbers and a great interest in the process of optimization workflows.
- What are the needs for services within my region?
- How are our services meeting the needs, what is the performance level of my institution in relation to other organizations/ national level (cost and effectiveness) how do clients use the services?
- How can the services be developed further to improve their competitiveness?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Medium |
Social media: | Strong |
Name: | Gunnar |
Age: | 48 years old |
Education: | Ph.D in Medical Informatics |
Occupation: | Professor in medical informatics |
Status: | In a relationship |
Children: | Two step-children from his partner |
Gunnar is involved in multiple research projects within eHealth services. He utilizes his engagement in research for teaching as well as for networking with fellow researchers nationally and internationally.
- What are the most recent findings within my research fields? How can I make my own contributions visible and accessible to my peers?
- Where and how do I get access to data about patients?
- What threats and risks should I be aware off in my work?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Strong |
Social media: | Low |
Name: | Magnus |
Age: | 31 years old |
Education: | B.Sc. in computer science |
Occupation: | Project manager in Regional health Organization |
Status: | Single |
Children: | None |
- How is my system performing in relation to other systems?
- How can I improve my system?
- What is state of the art within the areas of my IT projects?
Technology proficiency: | |
IT and internet: | Strong |
Software: | Strong |
Mobile/tablet apps: | Strong |
Social media: | Strong |
Arthur McCay (2017): How to Create A Persona In 7 Steps – A Guide With Examples. Available at: https://uxpressia.com/blog/how-to-create-persona-guide-examples (Last read 31/7-2019)
Beatrice Andrews (2013): Using personas to make better policy. Policy Lab Blog. Available at: https://openpolicy.blog.gov.uk/2013/08/08/using-personas-to-help-improve-policy-making/ (Last read 31/7-2019)
Jeff Patton (2010): How Pragmatic Personas Help You Understand Your End-User. Available at: https://www.stickyminds.com/article/how-pragmatic-personas-help-you-understand-your-end-user (Last read 31/7-2019)
In Chapter two, the analysis with the offset in Institutional Theory has proven to provide useful insight into the differences in the governance of eHealth in the Nordic countries. There is good reason to continue this path and expand data collection in individual countries with multiple interviews so that more details can be found in the analysis. Ehealth in the Nordic countries are still in the startup phase, but many practices have found to be deeply incorporated in the system already. A more detailed continuation of the institutional approach, can help in establishing an evidence based baseline for making concrete political decisions in each of the Nordic countries.
In Chapter three, the model-based approach to developing indicators has the advantage of improving the sustainability and utility of indicators. This may also improve the ability to compare indicators measured in individual countries better. Future work should focus on the continuation of enabling the indicator framework to also support the monitoring of individual countries’ specific national strategies, thereby also helping to make the start-up strategies “evidence informed”.
In Chapter four, it was outlined that an important step has been taken to harmonize the surveys across countries – there are now many parameters that are measured in the same way in each country. It is still desirable to find a solution to who will be responsible for the collection of data and how it should be financed nationally. Longevity is crucial in this field, and addressing the challenges of sustainability is important in order to secure the future work of e-health monitoring and development in the Nordic countries.
Chapter five is the first step in working towards a better understanding of the cyber security landscape in the Nordic countries from a political strategic outset. The main objective was to identify future initiatives in this field by clarifying the status quo. The comparison of the Nordic countries cyber security strategies revealed distinct differences, and similarities, in how each country emphasized the same objectives. Future work should focus on the implementation challenges objectives, and how each country prioritize their cybersecurity effort.
Towards evidence informed policies
Christian Nøhr, Arild Faxvaag, Chen Hsi Tsai, Guðrún Auður Harðardóttir, Hannele Hyppönen, Hege Kristin Andreassen, Heidi Gilstad, Héðinn Jónsson, Jarmo Reponen, Johanna Kaipio, Maja Voigt Øvlisen, Maarit Kangas, Pernille Bertelsen, Sabine Koch, Sidsel Villumsen, Thomas Schmidt, Tuulikki Vehko and Vivian Vimarlund
ISBN 978-92-893-6524-6 (PDF)
ISBN 978-92-893-6525-3 (ONLINE)
http://dx.doi.org/10.6027/temanord2020-505
TemaNord 2020:505
ISSN 0908-6692
© Nordic Council of Ministers 2020
This publication was funded by the Nordic Council of Ministers. However, the content does not necessarily reflect the Nordic Council of Ministers’ views, opinions, attitudes or recommendations.
This work is made available under the Creative Commons Attribution 4.0 International license (CC BY 4.0) https://creativecommons.org/licenses/by/4.0.
Translations: If you translate this work, please include the following disclaimer: This translation was not pro-duced by the Nordic Council of Ministers and should not be construed as official. The Nordic Council of Ministers cannot be held responsible for the translation or any errors in it.
Adaptations: If you adapt this work, please include the following disclaimer along with the attribution: This is an adaptation of an original work by the Nordic Council of Ministers. Responsibility for the views and opinions expressed in the adaptation rests solely with its author(s). The views and opinions in this adaptation have not been approved by the Nordic Council of Ministers.
Third-party content: The Nordic Council of Ministers does not necessarily own every single part of this work. The Nordic Council of Ministers cannot, therefore, guarantee that the reuse of third-party content does not in-fringe the copyright of the third party. If you wish to reuse any third-party content, you bear the risks associ-ated with any such rights violations. You are responsible for determining whether there is a need to obtain per-mission for the use of third-party content, and if so, for obtaining the relevant permission from the copyright holder. Examples of third-party content may include, but are not limited to, tables, figures or images.
Photo rights (further permission required for reuse):
Any queries regarding rights and licences should be addressed to:
Nordic Council of Ministers/Publication Unit
Ved Stranden 18
DK-1061 Copenhagen
Denmark
pub@norden.org
Nordic co-operation is one of the world’s most extensive forms of regional collaboration, involving Denmark, Finland, Iceland, Norway, Sweden, and the Faroe Islands, Greenland and Åland.
Nordic co-operation has firm traditions in politics, economics and culture and plays an important role in European and international forums. The Nordic community strives for a strong Nordic Region in a strong Europe.
Nordic co-operation promotes regional interests and values in a global world. The values shared by the Nordic countries help make the region one of the most innovative and competitive in the world.
Nordic Council of Ministers
Nordens Hus
Ved Stranden 18
DK-1061 Copenhagen
pub@norden.org
Download more Nordic publications from www.norden.org/publications