Technical HIS requirements including 73 items categorized in four domains including ‘communication service’ (10 items), ‘system architecture’ (27 items), ‘security service’ (31 items), and ‘system response time’ (5 items) were approved by experts. Compliance rate of the requirements in the hospitals under study was considered as ‘good’ (68.9%).
In a variety of studies assessing technical requirements in health information systems, a researcher-made checklist including a very limited number of items (4-7 items) was used covering a restricted portion of technical requirements [14, 17]. Even the requirements defined by the Ministry of Health and Medical Education in two domains of Security services and Communication services including 23 items [21] is not comparable with the number of items and domains defined in the current study. The tools designed in this study provide more specific and comprehensive domain and items on a national scale to assess HISs. Nevertheless, technology advancements necessitate further studies with varied requirements and domains in the future.
Communication service is one of the domains of technical requirements confirmed by the experts. Requirements related to ‘communication service’ showed a compliance rate of 63.8% in the evaluated HISs, which is considered to be at a good level. However, compared to the other domains under study, this compliance rate was lower. Additionally, the standard protocol approved by the national healthcare authorities for patient information exchange was only met in half of the information systems of the research community. The National Coordination Office of Health Information Technology of America, appreciates the need for standards, making incentives to use standards and a credible environment for interoperability, sharing and use of electronic health information due to the fact that such standards can prove useful in design stage of the development of a new system [26, 27]. Another study on the HIS implementation difficulties indicated that poor integration of various systems is a potential source of problems [28]. In his study, Aggod-Feko stated that HISs in Hungary are capable of communicating within hospitals. Nevertheless, the ability to inter-communication outside the hospital is limited [29]. Surveying the acceptability of health information technology in 7 industrial countries suggested that, despite the high number of EHR, they still lag behind the health information exchange [23]. Several other studies have pointed out that the level of interoperability among HISs is disappointingly low, and they have scored low in the assessments or interoperability has not been observed in all evaluated systems [30-33]. The lack of interoperability restricts care provider organizations to use product portfolio of a software supplier in a way that their data is stored in the supplier's specific format and cannot be easily transferred to another system [34]. Ultimately, lack of interoperability among HISs results in an increased load of paper [35]. In a study, users believed that working with integrated systems would reduce working hours and increase work speed [6]. Not only is the capability of system information exchange effective in indirect nursing care [36], but it also leads to reduced patients re-admission [37]. Failure to exchange information among various HISs imposes financial burdens on hospitals and causes failure to refunding the costs to Healthcare institutions [38]. Furthermore, information exchange among these systems helps to reduce the cost of transmitting laboratory reports, imaging and clinical communication among healthcare providers [39]. As Walker et al. stated, investing in Electronic Medical Records (EMR) interoperability and health information exchange could save $77 annually [40]. A unified and focused EHR approach for each patient means to have regional Electronic Patient Records(EPRs) that provides a degree of internal exchange capability [41], although the main features of the fourth and current HIS generation - integration of HISs – is known as integrity with other systems [6]. The specific framework for ‘communication service’ requirements of HISs including the standards of information exchange at system design phase need to be given serious attention. What follows can highlight this importance, a) considering the importance of information exchange capability in information systems, b) the need to develop interoperable systems, c) prevention of organizational dependence on the products of a particular company, d) the impact of lack of data integrity on treatment and cost addition, e) the heterogeneous software forests that does not meet the goal of creating and implementing an EHR.
System architecture is another important domain of technical requirements. Based on the findings, compliance with the requirements of ‘system architecture’ in the assessed HISs was proper (65.5%). However, it has achieved a third rank in comparison to the other domains of technical requirements. In software development, ‘system architecture’ determines system development model, environment development, and system development tools [42]. Multiple distributed systems, developed in various programming languages, demand more mechanisms for practical communication in engineering perspective [43]. In this regard, service-oriented architecture is a tool for defining IT infrastructures that allow various software programs to exchange data and cooperate in the process of business, regardless of the types of operating systems or programming languages through which software programs are designed. Moreover, the messaging standard enables diverse healthcare software programs to exchange office and clinical data and run it on the web [44]. Systems that are based on varied platforms and programming languages appear to create numerous heterogeneous systems in an organization, which makes it difficult to develop HIS projects. Hence, the possibility of using open source tools, web-based implementation, and supported standards is part of the framework of ‘system architecture’ requirements which are helpful in future software development.
Security service is also addressed as another domain of technical requirements, which has been well met in evaluating information systems of the research community and can be regarded as good (72.4%). Security issues are among the hindering factors of using and implementing information systems in the healthcare sector [45]. Furthermore, several studies have highlighted security concerns of EHRs [46-48]. In other studies, the level of technical security in some health centers was reported as strong and in some hospitals as moderate [49]. In yet other studies, more than half of respondents expressed their health security data at a good/moderate level [32, 50]. Previous research shows neither a specific policy for patient access to information nor punishment for unauthorized access to information. While each system user has a specific password, there is usually no expiration date for these passwords, and thus, system users can access them with no time limitation [49]. The system must have security mechanisms for controlling user access in terms of tasks or classified access [51]. An effective access control system ensures that system users cannot access system resources unless they are permitted to do so [4]. On the other hand, HISs should provide easy access to healthcare information at the caring institution [52]. A vast number of user-friendly techniques including setting passwords, biometric techniques, smart cards, and certifications are widely used to guarantee data confidentiality and user validation [53]. Typically, these systems attempt to prevent illegal operations before they occur [54]. In a study investigating the priority of nursing data security requirements in EHRs, making a backup was introduced as the highest priority of majority of IT experts [55]. Providing encrypted, incremental backups of information is one of the security measures for EHR protection [56]. Considering the fact that patient data security management using the HIS influences care quality, the rights of patients and healthcare professionals and their working practices[57], patients may conceal their information due to lack of trust in the security of HISs, which is health-damaging [58]. Thus, recognizing security features and privacy in HISs is of great importance and, in the event of facing such risks, some data protection measures need to be taken [59]. Hospitals should follow a standardized set of instructions to enhance information security [60, 61]. The level of security seems to vary from one study to another. Regarding the important role of data in providing patient care, data backups and data access control are known as the major security concerns of the systems. Therefore, a security framework which guarantees system security and makes information access easy by authorized individuals is required where HISs are being implemented.
Another domain of technical HIS requirements approved by the experts is system response time. Based on our findings, ‘system response time’ was at a good level (76.3%) in the HIS evaluation. ‘System response time’ is one of the major technical challenges of the HIS [28, 62]. Numerous studies have highlighted system response dissatisfaction, and referred to it as an obstacle for EHR application and the main reason for its abandonment by users [62-64]. In organizations which are heavily dependent on computerized systems in patient care, the downtime should be 0% or a little above 0. Yet, in these organizations, business continuity procedures should be in place to ensure safety and patient care continuity [65]. Therefore, one of the general technical aspects of the HIS is timely system access at a high speed, which is identified as an important factor in the efficiency of HISs [51, 52]. Low ‘system response time’ reduces the chances of system acceptance by users and successful implementation of the system [66]. Therefore, in order to increase system efficiency and consequently user satisfaction, it is recommended to highlight the importance of ‘system response time’ requirements while choosing a system.