Privacy management in dynamic groups: understanding information privacy in medical practices

Recent wide adoption of Electronic Medical Record (EMR) systems provides health practitioners with easy access to patient private information. However, there is a dilemma between the easy access to patient information and the potential privacy infringement brought by such easy access. This paper elaborates three types of group dynamics that identify challenges of privacy management in medical practices: team members, temporal involvement, and different levels of information sensitivity. Drawing on the theory of contextual integrity, this work identifies the appropriate actors, information access, and information transmission principles for understanding the norms of information flows. The findings of the study shed lights on the design insights that privacy enhancing features should be appropriately aligned with the dynamic group behaviors of medical practices.

[1]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[2]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[3]  Carl A. Gunter,et al.  Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems , 2011, IEEE Security & Privacy.

[4]  Rakesh Agrawal,et al.  Securing electronic health records without impeding the flow of information , 2007, Int. J. Medical Informatics.

[5]  Christian Heath,et al.  Mobility in collaboration , 1998, CSCW '98.

[6]  Claus Bossen,et al.  Mobility Work: The Spatial Dimension of Collaboration at a Hospital , 2005, Computer Supported Cooperative Work (CSCW).

[7]  Ahmad-Reza Sadeghi,et al.  SmartTokens: Delegable Access Control with NFC-Enabled Smartphones , 2012, TRUST.

[8]  Jonathan Grudin,et al.  Why CSCW applications fail: problems in the design and evaluationof organizational interfaces , 1988, CSCW '88.

[9]  Gunnar Ellingsen,et al.  A Review of 25 Years of CSCW Research in Healthcare: Contributions, Challenges and Future Agendas , 2012, Computer Supported Cooperative Work (CSCW).

[10]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .

[11]  R. Steinbrook Health care and the American Recovery and Reinvestment Act. , 2009, The New England journal of medicine.

[12]  A. Strauss Social Organization of Medical Work , 1985 .

[13]  Louise Barkhuus The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI , 2012, CHI.

[14]  Lucila Ohno-Machado,et al.  Protecting patient privacy by quantifiable control of disclosures in disseminated databases , 2004, Int. J. Medical Informatics.

[15]  Fay Cobb Payton,et al.  Information Privacy in the Service Sector: An Exploratory Study of Health Care and Banking Professionals , 2006, J. Organ. Comput. Electron. Commer..

[16]  Mary J. Culnan,et al.  How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches , 2009, MIS Q..

[17]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[18]  Vimla L. Patel,et al.  Cognitive models in training health professionals to protect patients' confidential information , 2000, Int. J. Medical Informatics.

[19]  Heng Xu,et al.  Understanding the Drivers and Outcomes of Healthcare Organizational Privacy Responses , 2011, ICIS.

[20]  Madhu C. Reddy,et al.  A finger on the pulse: temporal rhythms and information seeking in medical work , 2002, CSCW '02.

[21]  Yunan Chen,et al.  Documenting transitional information in EMR , 2010, CHI.

[22]  Dominik Aronsky,et al.  Supporting Patient Care in the Emergency Department with a Computerized Whiteboard System , 2022 .

[23]  Sun Young Park,et al.  Loosely formed patient care teams: communication challenges and technology design , 2012, CSCW.

[24]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[25]  Robert E. Crossler,et al.  Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems , 2011, MIS Q..

[26]  Eike-Henner W. Kluge,et al.  Secure e-Health: Managing risks to patient health data , 2007, Int. J. Medical Informatics.

[27]  Marc Berg,et al.  Accumulating and Coordinating: Occasions for Information Technologies in Medical Work , 1999, Computer Supported Cooperative Work (CSCW).

[28]  Roger Clarke,et al.  Viewpoint Paper: e-Consent: The Design And Implementation of Consumer Consent Mechanisms in an Electronic Environment , 2004, J. Am. Medical Informatics Assoc..

[29]  Young B. Choi,et al.  Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules , 2006, Journal of Medical Systems.

[30]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[31]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[32]  Wayne G. Lutters,et al.  Network authentication using single sign-on: the challenge of aligning mental models , 2008, CHiMiT '08.

[33]  Lujo Bauer,et al.  Real life challenges in access-control management , 2009, CHI.

[34]  Heng Xu,et al.  Healthcare Information Privacy Research: Iusses, Gaps and What Next? , 2011, AMCIS.

[35]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[36]  Wen Zhang,et al.  Role Prediction Using Electronic Medical Record System Audits , 2011, HealthSec.

[37]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.