Password Sharing and How to Reduce It

Password sharing is a common security problem. Some application domains are more exposed than others and, by dealing with very sensitive information, the healthcare domain is definitely not exempt from this problem. This chapter presents a case study of a cross section of how healthcare professionals actually deal with password authentication in typical real world scenarios. It then compares the professionals’ actual practice with what they feel about password sharing and what are the most frequent problems associated with it. Further, this chapter discusses and suggests how to solve or minimize some of these problems using both technological and social cultural mechanisms.

[1]  G. Kurtz EMR confidentiality and information security. , 2003, Journal of healthcare information management : JHIM.

[2]  Yasuyuki Hirose Access Control and System Audit Based on "Patient-Doctor Relation and Clinical Situation" Model , 1998, MedInfo.

[3]  Joseph A Cazier,et al.  How secure is your information system? An investigation into actual healthcare worker password practices. , 2006, Perspectives in health information management.

[4]  Yoshiyuki Sasaki,et al.  Human Resource Assignment and Role Representation Mechanism with the "Cascading Staff-Group Authoring" and "Relation/Situation" Model , 2001, MedInfo.

[5]  Peter R. Croll,et al.  Investigating risk exposure in e-health systems , 2007, Int. J. Medical Informatics.

[6]  Kenneth Revett,et al.  Keystroke dynamic and graphical authentication systems , 2009 .

[7]  J. Wyatt,et al.  Clinical data systems, part 1: data and medical records , 1994, The Lancet.

[8]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[9]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[10]  Ab R. Bakker,et al.  Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences , 2004, Int. J. Medical Informatics.

[11]  Ricardo João Cruz Correia,et al.  Integration of hospital data using agent technologies - A case study , 2005, AI Commun..

[12]  Gunela Astbrink,et al.  Password sharing: implications for security design based on social practice , 2007, CHI.

[13]  Jeremy C Wyatt,et al.  Helping clinicians to find data and avoid delays , 1998, The Lancet.

[14]  I Iakovidis,et al.  From electronic medical record to personal health records: present situation and trends in European Union in the area of electronic healthcare records. , 1998, Studies in health technology and informatics.

[15]  Jeremy C Wyatt,et al.  Design should help use of patients' data , 1998, The Lancet.

[16]  Bernd Blobel,et al.  Authorisation and access control for electronic health record systems , 2004, Int. J. Medical Informatics.

[17]  T. Bodenheimer,et al.  Electronic technology: a spark to revitalize primary care? , 2003, JAMA.

[18]  Robert H. Miller,et al.  Physician use of IT: results from the Deloitte Research Survey. , 2004, Journal of healthcare information management : JHIM.

[19]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[20]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.