A Critical Analysis of Requirements and Recommendations for Multi-modal Access Control in Hospitals

Lack of user awareness and user acceptance of the importance of practising a good access-control approach, particularly in the healthcare sector of South Africa, is a challenging issue in the area of the security of information. The challenge results in breaches to information stored in medical information systems, fraud, and medical identity theft. The paper proposes the hospital user awareness and user acceptance framework for multimodal access control in the medical information systems. The survey results from participants in Charlotte Maxeke Academic hospital, based in Johannesburg showed a response rate of 86%. Focusing on the objectives of the study the results showed that 76.7% of users’ lack knowledge in the security of information and that there is a lack of security awareness education and training in the hospital. The results of the study are presented and analysed through IBM SPSS statistical software that is used for data analysis.

[1]  Jörg Becker,et al.  Developing Maturity Models for IT Management , 2009, Bus. Inf. Syst. Eng..

[2]  N. Terry,et al.  Ensuring the Privacy and Confidentiality of Electronic Health Records , 2007 .

[3]  R. Ward,et al.  The attitudes of health care staff to information technology: a comprehensive review of the research literature. , 2008, Health information and libraries journal.

[4]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[5]  Henri Barki,et al.  User Participation in Information Systems Security Risk Management , 2010, MIS Q..

[6]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[7]  R. Smyth Exploring the usefulness of a conceptual framework as a research tool: a researcher's reflections. , 2004 .

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Daniel J. Solove,et al.  Information Privacy Law , 2003 .

[10]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[11]  Albert Caballero Security Education, Training, and Awareness , 2017 .

[12]  A. Bryman Social Research Methods , 2001 .

[13]  Olutayo Boyinbode,et al.  CloudeMR: A Cloud Based Electronic Medical Record System , 2015 .

[14]  Sylvia L. Osborn Mandatory access control and role-based access control revisited , 1997, RBAC '97.

[15]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[16]  Martin Glinz,et al.  On Non-Functional Requirements , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[17]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[18]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..