The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2011 vol.9)
pp: 14-19
ABSTRACT
While healthcare organizations strive to increase control of network access, clinicians need unencumbered access to data. Daily, clinicians make unconscious decisions to be in compliance with the security measures, or to live with a certain level of insecurity to get their job done. The unanticipated consequences of these decisions can unintentionally lead to suboptimal outcomes. To attain a favorable outcome in security implementations, some research has recommended taking a holistic approach with a strong sociotechnical perspective to security system design. To help understand what this means, a 15-month ethnographic study followed the implementation of a single sign-on system in a regional hospital. The findings revealed that security system designers must address user behavior to reach an optimal level of assurance. In addition, they suggest that managing a certain level of insecurity within the environment's constraints might be more effective than deploying expensive or invasive security mechanisms.
INDEX TERMS
healthcare, security, work practices, ethnography
CITATION
Rosa R. Heckle, "Security Dilemma: Healthcare Clinicians at Work", IEEE Security & Privacy, vol.9, no. 6, pp. 14-19, November/December 2011, doi:10.1109/MSP.2011.74
REFERENCES
1. K.K. Kim and J.E. Michelman, "An Examination of Factors for the Strategic Use of Information Systems in the Healthcare Industry," MIS Q., vol. 14, no. 2, 1990, pp. 201–215.
2. J.S. Ash and D.W. Bates, "Factors and Forces Affecting EHR System Adoption: Report of a 2004 ACMI Discussion," J. Am Medical Informatics Assoc., vol. 12, no. 1, 2005, pp. 8–12.
3. R. Rada, Privacy and Health, 3rd ed., HIPPA-IT, 2005.
4. L. Yngström, "A Holistic Approach to IT Security," Information Security—The Next Decade, J.H.P. Ellof, and S.H. von, Solms eds., Chapman & Hall, 1996.
5. M.Q. Patton, , Qualitative Evaluation and Research Methods, Sage, 1990.
6. J.K. Slutsman et al., "Health Information, the HIPAA Privacy Rule, and Health Care: What Do Physicians Think?," Health Affairs, vol. 24, no. 3, 2005, p. 832.
7. D. Norman, The Design of Everyday Things, Doubleday/Currency, 1988.
8. A. JΦsang et al., "Trust Requirements in Identity Management," Proc. Australasian Workshop Grid Computing and e-Research (ACSW Frontiers 05), Australasian Computer Soc., 2005, pp. 99–108.
9. M. Berg, "Implementing Information Systems in Health Care Organizations: Myths and Challenges," Int'l J. Medical Informatics, vol. 64, no. 2, 2001, pp. 143–156.
10. S. Spiekermann, J. Grossklags, and B. Berendt, "E-Privacy in 2nd Generation E-Commerce: Privacy Preferences versus Actual Behavior," Proc. 3rd ACM Conf. Electronic Commerce (EC 01), ACM Press, 2001, pp. 38–47.
49 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool