Issue No.06 - November/December (2011 vol.9)
Rosa R. Heckle , MITRE
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.74
While healthcare organizations strive to increase control of network access, clinicians need unencumbered access to data. Daily, clinicians make unconscious decisions to be in compliance with the security measures, or to live with a certain level of insecurity to get their job done. The unanticipated consequences of these decisions can unintentionally lead to suboptimal outcomes. To attain a favorable outcome in security implementations, some research has recommended taking a holistic approach with a strong sociotechnical perspective to security system design. To help understand what this means, a 15-month ethnographic study followed the implementation of a single sign-on system in a regional hospital. The findings revealed that security system designers must address user behavior to reach an optimal level of assurance. In addition, they suggest that managing a certain level of insecurity within the environment's constraints might be more effective than deploying expensive or invasive security mechanisms.
healthcare, security, work practices, ethnography
Rosa R. Heckle, "Security Dilemma: Healthcare Clinicians at Work", IEEE Security & Privacy, vol.9, no. 6, pp. 14-19, November/December 2011, doi:10.1109/MSP.2011.74