Usability of authentication and access control: A case study in healthcare

Although there is an initial plan describing the rules to access an Electronic Medical Record (EMR) that is devised by implementers and software engineers, its access in practice is often different from what was envisaged. Healthcare professionals do not normally participate in the design of working tools, so they have to adapt their workflows around the systems in order to use them for their daily practice (being this one of the main reasons for health information systems failure); or they may circumvent the rules established for accessing the system because those rules are too cumbersome, time-consuming, or both. The objective of this paper is to study the usability of authentication and access control features in the healthcare environment with the use of qualitative methods. Usability studies using qualitative data collection and analysis can deeper explore people's behaviour when interacting with security technology and help understand better the context, workflows, needs and beliefs of users. This can facilitate in defining better security technology that is closer to the healthcare practice.

[1]  A. Marvasti,et al.  Qualitative research in sociology : an introduction , 2004 .

[2]  A. W. Roscoe,et al.  Security and Usability: Analysis and Evaluation , 2010, 2010 International Conference on Availability, Reliability and Security.

[3]  D. Chadwick,et al.  Improving the implementation of access control to electronic medical records , 2008 .

[4]  J. Wyatt,et al.  GP preferences for information systems: conjoint analysis of speed, reliability, access and users. , 2010, Journal of evaluation in clinical practice.

[5]  I. Sim,et al.  Physicians' use of electronic medical records: barriers and solutions. , 2004, Health affairs.

[6]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[7]  Claude Sicotte,et al.  Assessment of a computerized medical record system: disclosing scripts of use , 1999 .

[8]  Andrew Webster,et al.  New Medical Technologies and Society: Reordering Life , 2004 .

[9]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[10]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[11]  Dieter Gollmann The MSc in Information Security at Royal Holloway , 1993, SEC.

[12]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[13]  Trevor Pinch,et al.  How users matter : The co-construction of users and technologies , 2003 .

[14]  M. Akrich Comment sortir de la dichotomie technique/société , 1994 .

[15]  R. Kling Computerization and Social Transformations , 1991 .

[16]  J. Ivey Focus groups. , 2011, Pediatric nursing.

[17]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[18]  B. Achiriloaie,et al.  VI REFERENCES , 1961 .

[19]  Y. Eaves,et al.  A synthesis technique for grounded theory data analysis. , 2001, Journal of advanced nursing.

[20]  Arie Hasman,et al.  Review Paper: Determinants of Success of Inpatient Clinical Information Systems: A Literature Review , 2003, J. Am. Medical Informatics Assoc..